The reason why we approach some of the great consequences of life with
"calm nonchalance" is insurance. Does your client have insurance covering
his web server if it turns out backdoors have been installed?
cj.
#######################################################################
"Free information leads to an increased sense of the individual. . .
[F]rom the fall of Rome onward, the group with the freest information
tends to win. They win because they are better able to invent, produce
and economically survive any conflict." --Elin Whitney-Smith
#######################################################################
On Fri, 25 May 2001, Eric Robinson wrote:
> In an ideal world, I suppose we would have time to conduct an "exhaustive
> forensic analysis" of each of the 9000+ effected systems.
>
> I wonder:
>
> - Do you look under you car, under its hood, under its seats and in its
> trunk before getting into it each time?
> - Do you personally wash your doctor or dentist's hands before he or she
> works on you?
> - Do you receive vaccines, despite the clear warning that a percentage of
> recipients experience adverse side effects including death?
> - Do you give them to your kids?
> - Do you take your kids with you wherever you go--to work, to the gym, out
> on a date? Do you teach them yourself?
> - Do you live in a city known for crime, earthquakes, high stress, disease
> or dangerous weather?
>
> Compared to having your web site hacked, how many of life's issues have far
> greater consequences if handled incorrectly? Yet most of us face them with
> calm nonchalance. Why?
>
> Instinct.
>
> The owner of a business here in Carson City had his web server defaced with
> the "fuck USA" message on the same day that 8000 other sites were also
> defaced. Instinct (and a non-exhaustive forensic analysis) said that this
> client's server was not individually targeted, but rather was part of the
> general automated attack.
>
> We plugged the hole and moved on. Twenty days later, still no apparent
> problem or strange activity on the server. No exhaustive analysis performed.
> No hard drive reformatted. No time wasted.
>
> Thankfully, common sense ruled the day and I didn't try to sell the client
> on whatever would have qualified as a "good move."
>
> --Eric
>
>
>
>
> -----Original Message-----
> From: Devin L. Ganger [mailto:[EMAIL PROTECTED]]
> Sent: Friday, May 25, 2001 1:41 PM
> To: Eric Robinson
> Cc: [EMAIL PROTECTED]
> Subject: Re: f**k USA government f**k poizonbox
>
>
> On Fri, May 25, 2001 at 09:24:00AM -0700, Eric Robinson wrote:
>
> > Members of this list who suggest that you should reformat and reinstall
> > after a hacking inicdent are only partially correct. Starting with a clean
> > slate is the only way to be sure you have eliminated your problem if you
> > don't already know the exact nature of the attack. In this case, we do.
> :-)
>
> No, you don't, until you've run the exhaustive forensic analysis. Until
> then, you're guessing. Encouraging people to break one of the foremost
> rules of computer security is just plain bad advice.
>
> If you are diagnosing based on symptoms, then you are putting yourself
> at the mercy of the attackers. You are gambling on their complacency.
>
> Bad move.
>
> --
> Devin L. Ganger <[EMAIL PROTECTED]>
> find / -name *base* -exec chown us:us {} \;
> su -c someone 'export UP_US=thebomb'
> for f in great justice ; do sed -e 's/zig//g' < $f ; done
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
