Quote:
Originally Posted by PBucksJohn
You are correct, we became aware of an issue a few months ago, but thought we were sure the scope was much smaller. I would imagine it was going on prior to us first getting an indication of it.
|
I am also going to start off my post with the disclaimer " i am not accusing, not attacking, not bashing, etc..." i am just asking a simple question.
You guys said you had "a" problem a couple months ago but you thought the scope was much smaller. Was the problem you noticed a couple months ago the same problem that was announced recently (compromised admin user/pass list)?
If yes?
I believe people who started checking the admin access logs recently said the script using the nats admin account was logging in several times a day for the last couple months. So, if this is the case so far, then why didn't you guys log into all of your clients servers that you had access to (all of which that could have been affected by a compromised admin password list) and look at the server logs to see if someone using Fred's account was logging in several times a day.
Its just an honest question so no need to be defensive, if am wrong with anyting I posted above let me know.