[Dshield] Consensus Question

mokum dshield at meij.net
Wed Dec 3 16:10:54 GMT 2003

Good evening all [its 16:50 in CET]

I don't know about the general concensus, but here's my take:

I do the 'difficult discussion' -before- I take the box. I let them know 
in plain text what the *possible* effects might be of the 
infection/compromise of there workstation/server.

This is a mood thing really. It is never good to -leave- your customers 
in a FUD state.

- talk them through the *possible* risks [like publicly available CC & PWD]
- inform them about *possible* measures to prefent this from happing again
- take control over the machine [depending on the situation on the spot 
or out doors]
- made a detailed analysis
- make a plan to prevent this from happening again
- inform customer about plan
- implement plan & mesures [of which customer agrees]
- pass over the control

Hope s/he'll be happy, luckier and smarter from now on :)


Paul Marsh wrote:

>Morning All:
>  This has been on my mind for awhile now and even more last night while
>I was working on a customers box that was infected with Bugbear along
>with a few other nasty little bugs.  With all the Viri and Trojans
>running around these days for the most part an average user is unknowing
>and unprotected which inevitability ends them up being infected and
>compromised.  What do you tell them when you return the box?  I don't
>know if it's over kill telling them that they should really think about
>changing credit card numbers, password and take a good hard look at what
>personal information is/was on the box.  What is the general consensus
>of the list? 
>list mailing list
>list at dshield.org
>To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list

More information about the list mailing list