The Issue of Notification

• These guys ran a domain/host

  • They’d run probes, exploits from there
  • Guess who answers postmaster email?

• They’d receive complaints about their activity

  • Rarely
  • They’d respond with a polite note “so sorry, we’ve been hacked…”

Previous slide

Next slide

Back to first slide

View graphic version

Rarely == most sites don’t notice that they’ve been broken into. Dan Farmer did a study about this some time ago – his analysis is right on the mark, I think.

How many of the people you’ve contacted about intrusions at your site were actually the intruders, “making nice”?