[Dshield] Guidance Software hacked?

Chris Brenton cbrenton at chrisbrenton.org
Fri Dec 23 10:44:38 GMT 2005

On Thu, 2005-12-22 at 21:31 -0500, Jim McCullough wrote:
> As I understand the public announcement I saw; dont ask me to
> reproduce it, my brain gave up being that absorbant after 25; the
> software that is provided was not compromised.  Only the company's
> records of client information,  and I think .. not positive .. that it
> was only corp accounts that were impacted. 

Sort of. The software is heavily used by law enforcement, spooky
government agencies and consulting firms. The names of the folks within
those organizations ordering/registering the software was compromised as
well. So if any of them worked under cover, that's pretty much blown.

> Personally, if I had
> purchased their software, I would be calling and annoying them until
> they gave me a straight answer.

I would also be asking why it took so long to detect the attack. Is this
a process or a software problem? Their software *should* have given them
a heads up that day. Are they not using their software per their own
recommendations? Did someone figure out how to circumvent it? This point
is something that has not been made clear in any of their

Happy holidays all,

More information about the list mailing list