> What does an ISP *want* to have reported?
And - what is it you expect to hear back from an ISP?
When I complain to another provider I want to know the problem has been taken
care of. But as the recipient of many complaints, I'm often in the position of
being unable/unwilling to reveal the type of customer information that most
people want to hear. Of course that's exactly the kind of info I want to hear
back when I complain to another provider!
And worse, I know if I send out a response that looks like anything other than
a robot response, I'll get pulled into a dozen email debates that take twice as
long to resolve as the actual security incident.
> It should also be clear that an autoresponse is better than no response at
> all.
For instance: David - I read your complaint CC'd to Sprint about the scan from
one of our customers. They just called me back, they took the machine offline
shortly after they discovered it was hacked. Now if you actually knew which
customer I was talking about, I would have just revealed some private
information that they shared with me as a Sprint employee. It would be nice if
our customers responded to complaints, but that's not going to happen, and for
all I know they're in the same boat I'm in, dealing with a customer of their
own.
--
| Opinions are _mine_, facts Rob Quinn |
| are facts. (703)689-6582 |
| rquinn_at_sec.sprint.net |
| Sprint Corporate Security |
Received on Mar 01 2000
Intro
