Full Disclosure mailing list archives

RE: [inbox] Re: Reacting to a server compromise

From: "Curt Purdy" <purdy () tecman com>
Date: Mon, 4 Aug 2003 13:34:47 -0500

HIPAA has made it a new world.  The attorneys are already salivating and
trying to dig up any potential "victims" they can find, look to Arizona as
an example.  Since this box was used to attacke doctor's records, there is a
good chance it's tracks will be found.  This guys got two options, either
don't touch the box, play dumb, and hope the cracker doesn't know how to
cover his tracks (unlikely), or dd the drive, take the box offline (in that
order in case it has a smart-bomb planted), and notify notify notify.

We are instituting IDS and logging systems for healthcare customers every
day and are finding attacks that they would not have even guessed at a year
ago.  By law they must keep their logs three years, plenty of time for even
scumbag lawyers to find it.  If you have done due diligence, you will be a
sitting duck.

Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions
cpurdy () dpsol com
936.637.7977 ext. 121

----------------------------------------

If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- White House cybersecurity adviser Richard Clarke



-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com]On Behalf Of Aron
Nimzovitch
Sent: Sunday, August 03, 2003 12:28 PM
To: full-disclosure () lists netsys com
Subject: [inbox] Re: [Full-disclosure] Reacting to a server compromise




No good deed goes unpunished.

Been there, tried that, nearly got hit with a lawsuit (IMMEDIATE
threat from the suit involved).  If the suits running the place had
half a brain between them, your "info" would be unnecessary.

If you cannot prove 'beyond a reasonable doubt' that you did not
conduct the attacks yourself and then post this BS as a coverup, you
will be overrun, no matter how "white" you might be.  Better have deep
pockets to proceed, or get the noobs here telling you to "tell all" to
pony up to your defense fund.  Ask Randall Schwartz about it sometime.

Welcome to the real America!
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Reacting to a server compromise Mark (Aug 01)
- Re: Reacting to a server compromise Peter Busser (Aug 02)
- RE: Reacting to a server compromise Wayne Chang (Aug 02)
- Re: Reacting to a server compromise SecuresDotComs (Aug 02)
  - RE: Reacting to a server compromise Edward W. Ray (Aug 02)
    - Re: Reacting to a server compromise Aron Nimzovitch (Aug 03)
    - RE: [inbox] Re: Reacting to a server compromise Curt Purdy (Aug 04)
    - RE: [inbox] Re: Reacting to a server compromise Ron DuFresne (Aug 04)
- RE: [inbox] Reacting to a server compromise Curt Purdy (Aug 03)
- <Possible follow-ups>
- Re: Reacting to a server compromise Jennifer Bradley (Aug 02)
  - RE: [inbox] Re: Reacting to a server compromise Curt Purdy (Aug 03)
    - RE: [inbox] Re: Reacting to a server compromise Michal Zalewski (Aug 03)
    - RE: [inbox] Re: Reacting to a server compromise Curt Purdy (Aug 04)
    - RE: [inbox] Re: Reacting to a server compromise Michal Zalewski (Aug 05)
    - RE: [inbox] Re: Reacting to a server compromise Curt Purdy (Aug 05)
    - RE: [inbox] Re: Reacting to a server compromise Bojan Zdrnja (Aug 06)
    - RE: [inbox] Re: Reacting to a server compromise Michal Zalewski (Aug 06)

(Thread continues...)