PaulDotCom mailing list archives
Contacting Giant Corporations?
From: bcg at struxural.com (Ben Greenfield)
Date: Mon, 19 Oct 2009 16:28:23 -0400
I can't divulge a ton of information, but this is the scenario I'm looking at: 1)Client has server that gets malware infection 2)Logs show server reaching out to an IP address for FTP 3)IP used to have a DNS record for a mega corporation 4)Client may be running product that legitimately accesses said IP, or said IP may be compromised under said mega corporations nose or the IP may no longer belong to said corporation. I've tried calling 3 different regional offices of the said corporation looking for someone in either internal audit, internal security, network operations, or public relations. Corporate operators don't seem to want to help out of fear of violating policy of not transferring callers, so I've only been able to get to tech support (who blow this off because its not about said corporations product) and a single person in public relations who isn't returning calls (yet). How would you proceed? At this point I'm just trying to figure out if the corporation does or does not own the IP anymore. I've obviously already tried whois, reverse lookups, google, and the like. I think this also brings up another issue. In this case, I'm not even sure the FTP server is malicious or not, I'm just trying to establish ownership. What if I knew 100% that this thing was hosting malware - it could ruin this corporations public image if that got out - yet this corporation has no clear path for me to report this to them. Obviously, in the hypothetical scenario full disclosure would be an option, but both because I don't know for certain if the IP hosts malware right now, and because I'm under NDA, that is not a responsible or even possible option. So I guess I have two questions on this: The philosophical - what's the best way for an organization to deal with this scenario (ie making themselves available so they don't get embarrassed with a full disclosure)? The applied - If I can't get someone from public relations / network operations / internal audit on the line because of the corporations policies, how would you go forward in establishing ownership?
Current thread:
- Contacting Giant Corporations? Ben Greenfield (Oct 19)
- Contacting Giant Corporations? Jason Wood (Oct 19)
- Contacting Giant Corporations? Dan Baxter (Oct 19)
- Contacting Giant Corporations? Dave (Oct 20)
- Contacting Giant Corporations? chris mewett (Oct 20)
- Contacting Giant Corporations? Jack Daniel (Oct 20)
- Contacting Giant Corporations? Ben Greenfield (Oct 20)
- Contacting Giant Corporations? Jack Daniel (Oct 20)
- Contacting Giant Corporations? Jack Daniel (Oct 20)