[Dshield] Guidance Software hacked?

Frank Knobbe frank at knobbe.us
Fri Dec 23 13:45:50 GMT 2005

On Fri, 2005-12-23 at 05:44 -0500, Chris Brenton wrote:
> I would also be asking why it took so long to detect the attack. Is this
> a process or a software problem? Their software *should* have given them
> a heads up that day. Are they not using their software per their own
> recommendations? 

You do know that EnCase is a forensics image acquisition and analysis
software, right? Do you expect them to image their servers on a daily
basis and look for intrusions? This is not an Intrusion Detection System
or log monitor or something like that where an attack would be
automatically detected. Their software is used after the fact. To detect
the fact (of a break-in) they should use proper/different software, like
an IDS.

I don't fault their software for the break-in. I don't even blame them
for getting hacked -- could happen to any of us. But I do blame them
(no, let me rephrase that.... I'm extremely pissed at them) for:
 a) keeping unnecessary, sensitive credit card information (the last 4
digits would have been enough, not the full card number and even *gasp*
the CVV),
and b) not notifying *all* customers in a timely manner.

I hope they get fined hard for this. We need strong punishment so crap
like this won't happen (or won't happen often).

Personally, I'll never buy from them again since it is unsafe to conduct
financial transactions with them.


It is said that the Internet is a public utility. As such, it is best
compared to a sewer. A big, fat pipe with a bunch of crap sloshing
against your ports.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/list/attachments/20051223/6ec7a7bc/attachment.bin

More information about the list mailing list