james.davis at st-peters.oxford.ac.uk
Mon Feb 24 17:16:10 GMT 2003
> Her conclusion though was that the really costly incidents were the
> ones where the techies got interested in "what happened here?" and
> spent lots of time analyzing the exploit, forensics, et al. Secondary
> conclusion: if you want to save $$ don't do this; when a system is
> cracked, wipe, reinstall, get back to business, let it go.
> Not saying I fully endorse this strategy, though it's obvious how this
> conclusion can easily be reached. Just reporting what I heard.
I've lost the original message but I was thinking about this recently. I'm
not convinced this is a valid conclusion. Is it the "techie"'s interest
that causes the expense or is it the "techie" being more interested in
investigating complex, technical and probably more expensive incidents?
James Davis \ james.davis at st-peters.ox.ac.uk
St. Peter's College \
PGP Key ID : 0x7E1F718A \ http://users.ox.ac.uk/~spet1067/
More information about the unisog