How Addamark Technologies Detected an Intrusion

I found an article on how Addamark Technologies detected an intrusion. Some of the details sound odd but the article is worth reading anyway. From the article:


"On Jan. 20, the security engineers at Addamark Technologies Inc. noticed the problem immediately: Someone had accessed a confidential, password-protected document on the company's Web server that contained technical product details.


After studying the traffic logs more carefully, San Francisco-based Addamark officials discovered it was no random hack. The intrusion had come from a competitor, ArcSight Inc.


Two seconds after successfully accessing the file, the user attempted to bookmark the page, which is not a link from any of Addamark's public Web pages."


How does Addamark know that a Web visitor tried to bookmark a page? Did the visitor click on a "bookmark this" link on the web site? Odd.

Comments

Popular posts from this blog

Zeek in Action Videos

New Book! The Best of TaoSecurity Blog, Volume 4

MITRE ATT&CK Tactics Are Not Tactics