Monday, February 24, 2003

How Addamark Technologies Detected an Intrusion

I found an article on how Addamark Technologies detected an intrusion. Some of the details sound odd but the article is worth reading anyway. From the article:

"On Jan. 20, the security engineers at Addamark Technologies Inc. noticed the problem immediately: Someone had accessed a confidential, password-protected document on the company's Web server that contained technical product details.

After studying the traffic logs more carefully, San Francisco-based Addamark officials discovered it was no random hack. The intrusion had come from a competitor, ArcSight Inc.

Two seconds after successfully accessing the file, the user attempted to bookmark the page, which is not a link from any of Addamark's public Web pages."

How does Addamark know that a Web visitor tried to bookmark a page? Did the visitor click on a "bookmark this" link on the web site? Odd.

No comments: