--Thursday, November 27, 2003 12:56:18 -0500 Eric LeBlanc <[EMAIL PROTECTED]>: > A least, they can stay us informed about their actions... for example: > > 21 sep: hacked, we moved all domain to blah, bluh, blih. > 22 sep: investiguation started, by X, X. We think it will take X > hours/day/month/years > 24 sep: We still investiguate, please be patient, we think we will > terminate that in two hour/day/month/years. > ... > > and so on, it's not so hard, and it's take 2 minutes or less.
I'd definitely prefer to have "them" working on getting things up and running again and do the forensics. They should waste a minute too much on reports that might proove wrong finally anyway. This would confuse everyone more than it would help. And, honestly, doesn't your experience show that wild guesses about how long complex things might take nearly alway provve wrong? Why would I want to know who's typing what right now? I'd be interested in a all-in-one final report, that's for sure, but I'll be happy with this. And in case any urgent security problem pops up during investigation I'm pretty sure we'll be informed right away. The secteam has done an amazing job in the past and I trust them to continue as responsible as before. Cheers, Marcel
pgpzVq3vHaaS1.pgp
Description: PGP signature