ABSOLUTELY!
Although she does proclaim to be a "white hat" hacker...
-----Original Message-----
From: Alyea [mailto:[EMAIL PROTECTED]]
Sent: Thursday, April 01, 1999 11:10 AM
To: Jesus Gonzalez
Cc: [EMAIL PROTECTED]
Subject: Re: Hacking Contest ?
Is this a joke?
Jesus Gonzalez wrote:
>
> I believe Carolyn Meinel is for hire as a security auditor.
>
> :)
>
> -----Original Message-----
> From: Frank Knobbe [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, April 01, 1999 7:07 AM
> To: 'John O. K.'; [EMAIL PROTECTED]
> Subject: RE: Hacking Contest ?
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> > -----Original Message-----
> > From: John O. K. [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, April 01, 1999 7:59 AM
> > To: [EMAIL PROTECTED]
> > Subject: Re: Hacking Contest ?
> >
> > [...]
> > First and foremost. Make a complete backup of the system
> > prior to release
> > of the IP. Store this offsite. After letting the week or
> > two go by take
> > all input provided (if any) by the attackers and all logs you
> > have (because
> > you will be logging to the fullest, right?) and compile a
> > report. Then take
> > the system off line and completely restore from that backup.
> > While keeping
> > it offline start to implement the fixes/patches/upgrades that
> > you now KNOW
> > need to be added. True you may not get everything, but all
> > trojans/backdoors that may have been introduced will now be gone and
> > hopefully many of the potential vulnerabilities will be closed down.
>
> How can you be sure that if the system was compromised, it wasn't used
> as a jump point to others? Just because you ask to hack only 'that
> one' machine doesn't mean that the hackers will. The risk is too high
> that they hack the system, jump to the next one, maybe even slip
> through the firewall following now accessible rules/paths.
>
> If you do such a contest, get another ISP line in (with a different
> ISP, make sure you don't use the same contact info for the domain
> record as your existing domain). Set up only that one system on that
> line. Do not connect it to anything else. Benefit of having the
> separate ISP line is that you can cancel it after the contest is done,
> so all 'late comers' won't be hitting your real site. And of course
> since no connectivity to your network exist, no risks of jumping is
> present. Just be aware of viruses and trojans.
>
> I would not immediately restore the system. You probably want to run a
> compare to see what changed (why is fpnwclnt.dll so much longer now?
> ;)
>
> The additional risk is (as stated earlier I believe) that it might be
> construed that you provide hackers a platform for attacks to other
> systems. If I remember correctly, people have lost court battles
> because they failed to provide adequate security measures to secure
> their systems, which were used for attacks on others. So, while you do
> try to provide a high level of security, an invitation of hack your
> system may not look very good in court...
>
> Regards,
> Frank
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Personal Privacy 6.0.2
> Comment: PGP encrypted email preferred
>
> iQA/AwUBNwOLlylma9DCzQQeEQKkwgCgwknKvT8CCja2bom3ycvfUvS6GgoAoJa6
> XX3fq/Y1dhkPxbOGuw34oJQm
> =Ch2R
> -----END PGP SIGNATURE-----
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
