Quote:
Originally Posted by JDog
Now as for this comment. I feel that if John knew it, HE doesn't need to make a public statement, but he does in fact need to let their clients, EVERY SINGLE CLIENT, know that one one of their servers has been compromised. But only if their server contains data about a clients machine (server ip, ssh port, ssh user, ssh pass, etc, etc). But at the same time, it'd be public because a client would post on GFY or one of the other boards. This also brings up the fact that any machine visible on the web should have a software firewall on their machine, iptables is fine. Block every port except those needed by web server (port 80, 443 and any others). Then only allow say for SSH the IP addy's needed for the certain people.
It might be a pain in the ass, but that's the best way to keep somebody out, even if they have your information, atleast they can't FTP or SSH into your box.
|
Yea, that would be the RIGHT thing to do.
But then, when a program gets hacked through other means then nats, and their whole customer base with info gets stolen, and affilate data gets stolen, would they also need to issues such a statement? Informing all of the affiliates that the data might be breached and that they should change their passwords? Hmm.. Double standards?
@RazorSharpe
Buuuhuuu, did i burst your buble of the perfect world?