First of all I have to apologize to the community here.. that email was accidentally sent to Security Focus instead of our internal Security Group mailing address. To answer the question (since I did after all start it. :-) ) With the privacy restrictions that are currently in place we are limited in the information we can provide to the person who reported the incident. Usually this consists of the fact that we've investigated the complaint, taken some actions, and if appropriate that we now feel the situation has been dealt with and is considered closed. If someone wishes to persue this matter further I place them in contact with our Legal department so they can determine the best way to satisfy any legal requirements for obtaining more information. I agree that the customer should be prepared to document and provide as much information as possible in the event legal action does take place. Aaron Silver Epoch Security Engineering jamie rishaw wrote: > This is all too common of a mistake that companies make. > > "Oh, someone hacked the machine of one of our customers.. they reinstalled > the OS".. > > Well, perhaps, but the issue of the abuse/attack/compromise still lies, > and, at least in my eyes, the customer is responsible for providing some > basic forensic data upstream in case the victim wishes to pursue legal > action. > > I'd be interested to hear companies' policies on this sort of issue, and > how they deal with it .. (Not Epoch's, obviously). > > jamie ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Jul 06 2001 - 13:25:49 PDT