[Dshield] Consensus Question

Paul Marsh pmarsh at nmefdn.org
Wed Dec 3 16:08:44 GMT 2003

I'm wondering if there is a site that lays out the nasty potential
reality of being compromised for the average user.  I think we're all in
turn with the corporate reality, it's our job.  It might be nice to see
something in user language that I/we could point them to so they'll know
the full potential.  Maybe this is something we could post on SANS?

Thanx, Paul

-----Original Message-----
From: Johannes B. Ullrich [mailto:jullrich at sans.org] 
Sent: Wednesday, December 03, 2003 09:50 AM
To: General DShield Discussion List
Subject: Re: [Dshield] Consensus Question

> What do you tell them when you return the box?

I am not sure if you have a legal liability, but at least I 
would consider it professional to tell them about the extend
of the possible damage. Allow them to make up their mind in
if its 'worth the trouble'. But at least you will be able to say "I told
you so".

Couple things I would suggest:

- Do change all passwords on this systems, and on other
  systems on your network that use the same password.
- Change passwords you had stored on this system, or passwords
  you used to log in to other systems while using the compromised
  machines (to avoid keystroke grabbers).
- Get a credit report
- if you stored credit card numbers on this system, get new 
  credit cards.

I think this covers the "basics". Things get more interesting if
customer information was stored on the system. In this case, the
business may have an actual legal liability. Thing get more complex (and
expensive) in this case.

If information like credit card numbers and social security numbers
where stored, the business should notify customers. It may even be
legally required to do so (e.g. CA). 

CTO SANS Internet Storm Center               http://isc.sans.org
phone: (617) 786 1563            
  fax: (617) 786 1550                          jullrich at sans.org

More information about the list mailing list