|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Full-disclosure] How we caught an Identity Thief
From: Babak Pasdar (bpasdar
igxglobal.com)
Date: Mon Feb 20 2006 - 08:41:36 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Barrie,
Thank you for your advise. Will note for next time.
Babak
On Mon, 2006-02-20 at 14:32 +0000, Barrie Dempster wrote:
> On Mon, 2006-02-20 at 09:15 -0500, Babak Pasdar wrote:
> > 1. I had to get back to our office from the client site over an hour
> > away :) Laws of physics to New York City traffic apply no matter what.
>
> Then notifying us of the timescale was irrelevant, as it was worded it
> seemed like it was listed as an achievement.
>
> > 2. The client or a security company's network are not the best source
> > for scanning and investigation activities. Lest you have someone who
> > looks for these early signs of the investigation. Scans have to be
> > alternately sourced.
>
> Indeed, but we had no indication of where you were. No need for a site
> visit if the entire incident relates to online content. The entire
> scenario could have been conducted over the phone with you in your
> office.
>
> > 3. Running a few commands by no means is an indication of a fully
> > packaged and verified set of information. A forensics case has to be
> > started fully documenting all actions and times for possible future
> > reference in legal proceedings. Rushing through something like this and
> > not following procedure is the first step in being caught with your
> > pants down later.
>
> There was no need for any of the scanning you had done. I doubt the
> results of the scans provided any evidence more compelling than the web
> page. If there was grounds to contact law enforcement on that alone then
> the scanning (done cautiously or not) was irrelevant and possibly even
> negligent as it could have led to the suspects realising someone was
> paying attention to them, putting them one step ahead of their pursuers.
>
> If there is a case for legal action, then get the responsible legal
> experts on board and stop playing around.
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iQIVAwUAQ/nVHrvyNfLJIrQWAQKU3Q//X0KzFFHsI9ASJBJi/SdL5Tf25F7bcJ6o
QgQBgWyKlqAUmfgLTzY/Fb84clQednzrUZWRx8ErpTo32cbtyZ4AGRjgytQPKfOw
LPpRxajDkaS5mnUFj6Yh32AbHPggpUhv3804ZGj2yopYliQWDUKxKF+CpkUoUICf
MT2w3CfZpCn5nSEUGthDmB9FIxbQrAfO7jH28HGBakZhY9bkKmhrydOoIVsj63Rs
C89uYlBqyLJiH7pM9W/Msp8uMAUbDutyA6bcFDVo9er4nDXJELRNLtxQe47u1lao
Pv2fIfcl2eqazReJMp5fEhc2ycHMHiFPCdCeCW5YfN6wc4q3zkQDJiAGS7tO+Fty
c8y9KLFMBor7wU8xkIt2LwK4l5aLsa7LORpaT4d3wBgw9tIqHk9o5psVBUTTvfR8
n7KrVh9tezrye9net5zHWNEIPpjBwDocAOynqJA8vLBi6wFpPKIRX484equjXs9q
iTISsk7iTgQ2+RYOFb6m0xsR1pxMtOm2uzPPo0mFFUDV+nggM8N2jzIuirnH9OMW
5GTP2w3DcIvihaPIgjLTQ5NZns6REN4FFm6TPfVWsi9tAKCrvDdPrZv0iCHvFcVa
3GQRLMSwS+LUiTedRl/Efd92V3OkFSGIEZAKbGaZQ5o492EiiWqiMx+Jiw75KA0D
J5Bds2OddFc=
=IcU2
-----END PGP SIGNATURE-----
_________________________________
igxglobal utilizes state of the art technology from PGP to ensure the safeguard of all electronic correspondences. This message could have been secured by PGP Universal. To secure future messages from this sender, please click this link and contact your representative at igxglobal for further information:
https://keys.igxglobal.com/b/b.e?r=full-disclosure%40lists.grok.org.uk&n=4Njq7juzEf1Yn9MHjRn9Ow%3D%3D
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]