April 26th, 2005, 03:35 PM
I was referring to everyone at the client site especially the client boss. I have a tendency to think out loud while troubleshooting. I write down everything when investigating security breaches. When asked "Why are you looking at that log"?, or "what is that data telling you"? I simply respond - nothing conclusive yet.
Case in point. I once looked at a network with Trend Micros Office Scan installed on all the clients. At that time the office scan client used port 12345 to get it's updates from the local server. So I'm sniffing the traffic and say out loud "Wow - that looks like the NetBus Trojan". The client freaks, runs to his office and calls my boss stating that I found a big virus and he is going to cancel the contract with my company for failure to support.......
Big issues, almost got fired. If I had waited until I gathered all the info, I wouldn't have even mentioned the traffic since, in this case, it was normal network traffic.