from Tao of security blog, I came across this
One of the details that emerged from Curt's monitoring of the Invita Security network involved a password used by Alexey Ivanov. When accessing one of his drop sites, Alexey's FTP password was www.pidor.com (Internet Archive available). Think of what an unwary analyst might do with that information. Only someone who is monitoring Alexey's actions might know about www.pidor.com. Say that unwary analyst decides to visit www.pidor.com to learn more about the site. If Alexey or a friend is monitoring Web accesses to www.pidor.com, they could learn that they are being monitored. This case demonstrates how important it is for analysts to not "touch" remote or foreign sites involved in intrusions. You may tip your hand to the attacker and ruin an investigation or recovery effort.
Defined tags for this entry: geek stuff
Comments
No comments