[Dshield] Consensus Question

Johannes B. Ullrich jullrich at sans.org
Wed Dec 3 14:49:58 GMT 2003

> What do you tell them when you return the box?

I am not sure if you have a legal liability, but at least I 
would consider it professional to tell them about the extend
of the possible damage. Allow them to make up their mind in
if its 'worth the trouble'. But at least you will be able to
say "I told you so".

Couple things I would suggest:

- Do change all passwords on this systems, and on other
  systems on your network that use the same password.
- Change passwords you had stored on this system, or passwords
  you used to log in to other systems while using the compromised
  machines (to avoid keystroke grabbers).
- Get a credit report
- if you stored credit card numbers on this system, get new 
  credit cards.

I think this covers the "basics". Things get more interesting if
customer information was stored on the system. In this case, the
business may have an actual legal liability. Thing get more
complex (and expensive) in this case.

If information like credit card numbers and social security numbers
where stored, the business should notify customers. It may even
be legally required to do so (e.g. CA). 

CTO SANS Internet Storm Center               http://isc.sans.org
phone: (617) 786 1563            
  fax: (617) 786 1550                          jullrich at sans.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/list/attachments/20031203/414a3077/attachment.bin

More information about the list mailing list