The person who defaced your web page may not have done anything more than
that. But HOW DO YOU KNOW HE WAS THE ONLY PERSON THAT BROKE IN? What if
beforehand someone broke in and left a back door? Or a time bomb?
-----Original Message-----
From: Joseph Spainhour [mailto:[EMAIL PROTECTED]]
Sent: Friday, May 25, 2001 1:43 PM
To: Jose Nazario
Cc: Eric Robinson; [EMAIL PROTECTED]
Subject: RE: f**k USA government f**k poizonbox
I have to agree here. If the system is hacked, find out all you can
about what they did, then reinstall. Either from scrach, or from a
known good backup. It is the only way to be sure. Not taking these
steps is only asking for trouble.
Joseph
On Fri, 25 May 2001, Jose Nazario wrote:
->On Fri, 25 May 2001, Eric Robinson wrote:
->
->> Members of this list who suggest that you should reformat and
->> reinstall after a hacking inicdent are only partially correct.
->> Starting with a clean slate is the only way to be sure you have
->> eliminated your problem if you don't already know the exact nature of
->> the attack. In this case, we do. :-)
->
->no, you don't.
->
->if i really wanted to screw with you, i'd make all outward signs look like
->something else relatively benign (deface the webpage in the same fashion),
->but install some backdoors. as long as i was running around racking up
->boxes with a known exploit, i may as well have some fun with it as well.
->
->unless you have a host based integrity monitoring system, ie Tripwire,
->don't make any assumptions based on what you have observed using a
->compromised system.
->
->____________________________
->jose nazario [EMAIL PROTECTED]
-> PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80
-> PGP key ID 0xFD37F4E5 (pgp.mit.edu)
->
->-
->[To unsubscribe, send mail to [EMAIL PROTECTED] with
->"unsubscribe firewalls" in the body of the message.]
->
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
*****************************************************************************
The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else
is unauthorized.
If you are not the intended recipient, any disclosure, copying, distribution
or any action taken or omitted to be taken in reliance on it, is prohibited
and may be unlawful. When addressed to our clients any opinions or advice
contained in this email are subject to the terms and conditions expressed in
the governing KPMG client engagement letter.
*****************************************************************************
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
