> Example, I've owned 192.168.10.35, when in actuality I > was supposed to be owning 192.168.11.35. > > How do you handle this situation? > > My vote is to contact the owners of the site, advise > them honestly of the mistake, offer assistance (free > of charge of course) in correcting the security > problem you used to own them, and walk away a bit the > wiser. > > Anyone else have any better advice? You did not excercise due care and dilligence. In hindsight you'll wish you had insured yourself, so when a company sues you for something like this you can afford to settle out of court quickly. That and get a good criminal lawyer, if the company goes to law enforcement you'll need it. I would be exceedingly contrite and apologetic, and would bend over backwards, so that later on "Bubba" (your cell mate) isn't bending you over. I'd be surprised if the affected company didn't threaten to sue you for a rather large amount, tempering that threat with the threat of law enforcement/criminal charges, and settle out of court for a large amount of money. Walking away from the mess and ignoring it though means that if/when they do find out they'll be really angry. Kurt Seifried, kurtat_private A15B BEE5 B391 B9AD B0EF AEB0 AD63 0B4E AD56 E574 http://seifried.org/security/ --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world<92>s premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symanetc is the Diamond sponsor. Early-bird registration ends September 6 Visit: www.blackhat.com ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Thu Aug 21 2003 - 12:37:04 PDT