I’ve been too depressed lately to get drunk, but I’m getting there now and saw this ..
I also find it interesting that at thie time of this writing nekenieh is not subscribed to this thread! The ONLY thread he/she has ever posted to up to this point. Makes you wonder?
Anyway,
*** Anyone reading this, if you know me and feel you want to skip over this feel free, but PLEASE, read the EPILOG ****
In order to do what you want you should have been here two years ago and read and questioned EVERYTHING !
Well, can you tell me, .....Quote:
The room to the lab has a swipecard reader to get access ...
Now remember, your are under oath at a jury trial because the appeals and civil suits went that far ..... So tell me that NO ONE has ever entered that room behind someone who swiped for entry, or stood by someone entering just to place tape over the lock, or that the door was never propped open? So how do you know exactly who did and did not enter?
Have all the boxes in the lab been examined? What is the possibility that some dumb-ass student ( or faculty member ) at some other time ( maybe last semester ) put some file-sharing program on it ( or others ) which was compromised by them or someone else from the outside? What about someone downloading a virus or worm at some other time which was now lead to the box being compromised from outside?
LMFAO !!! I think Egaladeist said it grand!Quote:
Can you tell me what software the admins would need to have. Ours is a pretty good sized university, so I would think they have something - I just need to tell them what to do, apparently.
ROFLMFAO !!!!Quote:
You need to tell your network administrator's what tools to use ? Are they doorknobs ?
Anybody, see if I missed something, I’m sure I did:
1) check the ... wait a minute, you said the threat was “ posted online” .. what EXACTLY does that mean? Posted on a forum, in an e-mail, web-page hijacked?
2) You said you found the computer where threat was made from. How? How good is your evidence?
3) check who logged into the computer ( oh, forgot, no login required ... that’s ok with the admins ? )
OK, now to your question:
4) Check with the IT Admins.
a)Do they have and retain firewall logs?
b) How about IDS Logs ?
c) are the IDS placed properly and appropriately?
d) Do they know how to read the logs?
e) Do they know how to retain evidence?
f) In the event that the IP address that you identified had been taken over, when was the last time they checked the integrity of the network?
The list goes on, but my point here is that if the network was properly secured this may or may not have been prevented, but could definitely be tracked down. But if you have to tell your admins how to do it then it was not properly secured ( unless the powers that be fired the only ones who knew what they were doing ... do you work for a private or government entity ? )
Epilog:
You did not say nor did you include where you are. I will assume then you will fall under similar laws to where I am. That being said:
1) If you feel these threats have no merit, won’t ever be carried out, ( and you did not say what the threats were, ) that they are mere harassment, you may or may not be REQUIRED to notify authorities.
2) If you feel that these threats are such that you believe that you are in physical danger and that you reasonably believe that they would be carried out you are OBLIGATED to notify authorities, weather or not you work for a public or private entity.
Although I initially found it amusing and typical it probably is a serious situation on many fronts. But I have been around too long and seen incompetence too often in all the above alluded to arenas to assume the right thing was done to properly prosecute the offender(s).
Remember, any hacker worth a damn will be able to cover most if not all their tracks, depending on how good the Admins are. If you have to tell them what to do, after asking here, the game is lost.
I at least hope this shed some light on the situation.
