RE: Incident legal plan??

From: Michele Jordan (security_lists_at_michelejordan.net)
Date: 09/06/05

  • Next message: Christine Kronberg: "Re: vulnerability in glocation.cgi?"
    To: "'Jason Burton'" <jab@leximedia.net>, <incidents@securityfocus.com>
    Date: Tue, 6 Sep 2005 17:21:02 -0400
    
    

     
    When I worked for Sprint in the Network Security department, we could do
    lots of research, reporting, etc for our customers on the idea that it was
    customer service, UNTIL law enforcement was brought in. Once law
    enforcement was involved, we required a subpeona for any information.

    Worth a call to the ISP to ask their policies before proceeding. "What
    would you do if you were in my position?" is a wonderful question for
    getting the information about the best way to proceed from someone who
    knows.

    -Michele

    -----Original Message-----
    From: Jason Burton [mailto:jab@leximedia.net]
    Sent: Friday, September 02, 2005 10:03 AM
    To: incidents@securityfocus.com
    Subject: Incident legal plan??

    Hey guys,

    Im kinda new to the incident response stuff,

    But I was reading up on subpoena's a little bit,

    Noticed that I had to file a complaint with the police in the IP's
    jurisdiction, then... From there, im lost.. Anyone have insight. (not to be
    construed with being a lawyer, I will take the information as insight only
    and not legal advice.)

    Anyone have info about how you've obtained customer information from the ISP
    for prosecution?

    Thanks

    Jason Burton
    Futrek LM
    jasonb@futrek.com
    jab@leximedia.net


  • Next message: Christine Kronberg: "Re: vulnerability in glocation.cgi?"