You don’t want to miss this…

Jesper Johansson's latest column on TechNet. The title says it all:

Help: I Got Hacked. Now What Do I Do?

Let’s just say you did not install the patches like we discussed last month. Now you got hacked. What to do?

After you read that, go back and look at Oh Patch How I Hate Thee; Let Me Count the Ways.

Comments (2)
  1. denny says:

    Great bit on fixing a hacked / owned system…

    now to get the rest of the techs to understand this…

    not long ago a person who claims to be an MCSE had a server owned…. he did not know how it got that way, when, or how to clean it up….

    and he did not format the drive, did not seem to know about how to lockdown IIS and seems to think I’m SLOW…. I’m *NOT* carrying any certs but my servers are not hacked and are locked down…..

    one of the problems with kids getting to pass exams is that they think old timers like me are slow and dumb…. yea right!

  2. Roger Heim says:

    Back around the time Blaster was hitting hard I had a client call me to complain their network was slow. I discovered their "junior sys admin", while trying to get pcAnywhere to work, had placed one of the computers in their router’s DMZ. Needless to say this computer, and the rest of the network, was badly compromised.

    I wrote up my findings and quoted them a fair price (probably <i>too</i> fair) to rebuild their network. Even after their outgoing email started bouncing because their IP ended up on a spamlist, they were unwilling to spend the money. I haven’t spoken to them since and as far as I know they are still compromised (of course I did remove the computer from the DMZ and instructed their guy what he did and why it was a bad thing.)

    It’s obviously important for us, as techs, to know this stuff. But my question is, how do you get customer’s to appreciate the importance of this as well, especially where there is little or no outward sign of the problem?

Comments are closed.

Skip to main content