I've just had a gander at a small 3-page fold-out brochure from the
U.S. National Infrastructure Proctection Center (No publication number),
and under "What To Do When You Have Been Victimized", the final bullet
item is "DO NOT contact the suspected perpetrator."
I'm wondering if this is the start of an end-run around the usual
community practice of contacting technical contacts during incidents? I
know there's probably a lot of "Cybercrime" funding at stake here, and I'm
sure that contacting a single attacker is sometimes a bad idea, but given
that this is a terse little handout, I worry about the implications of
emphatic statements without serious qualification.
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
[EMAIL PROTECTED] which may have no basis whatsoever in fact."
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
