You forgot HR some of them can create positions with salaries or modify a persons salary. Either way money could be leaking out that should not be.
Jon On Wed, Aug 26, 2009 at 11:12 AM, Jonathan Link <[email protected]>wrote: > A is too specific, could've been brute force or an easily guessed password > in addition to malware/keylogger. > Can you determine what was accessed with any degree of certainty? What > regulatory agencies is your organization governed by? I'd start with that. > > Interestingly, did you read this Washington Post article? > > > http://www.washingtonpost.com/wp-dyn/content/article/2009/08/24/AR2009082402272.html?nav=hcmodule&sid=ST2009082500907 > (beware the wrap) > I would also review banking information if this person is at all involved > with bookkeeping, AP or AR functions. > On Wed, Aug 26, 2009 at 10:59 AM, David W. McSpadden <[email protected]>wrote: > >> If someone has access to your ssl website with valid username and >> password you assume that either 1 of 2 things have happened: >> A someone has a keylogger and their computer is compromised. >> B someone just out and out gave the information away. >> >> Is that a correct assessment? >> >> If you have the IP from the 'hacker' that accessed your website who do you >> report it too??? >> Most likely it is a bot and nothing can be done but who do you report it >> too none the less??? >> >> >> >> >> >> >> > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
