Re: [Full-disclosure] Responsibility



--On May 22, 2006 8:05:47 AM +1000 Greg <full-disclosure3@xxxxxxxxxxxxxxxxx> wrote:

Large motel/hotel chain I recently acquired wants to sue previous company
who did their I.T. work for them as a customer's wifi connected machine
infected their network and caused loss of booking data thus money.

My question then is - if you have done the utmost to lock down your
customer but someone connects an infected machine and somehow it gets in,
is the customer right in suing you?

There's way too many unanswered questions here to provide an intelligent answer.

1) What was the nature of the virus? New and undetected? Or old and well known?
2) What was the status of patching? Current? Or way behind?
3) What was the response to the infection? Rapid and effective? Or slow and ineffective?
4) Where the critical assets protected from the rest of the network? Or exposed?
5) What was the nature of the security effort? Organized and focused? Disorganized and unfocused?

Those are just some starting questions. You would need to know much more to accurately assess the culpability of the previous company.

Paul Schmehl (pauls@xxxxxxxxxxxx)
Adjunct Information Security Officer
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/

Attachment: p7sCtVr4j1bam.p7s
Description: S/MIME cryptographic signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Relevant Pages

  • Re: Antivirus 2008
    ... I'll be honest with you, in your situation, considering the fact that this is a network *AND* used by a finance controller, I would still have recommended a clean rebuild. ... It therefore has software/data and some proprietary programs that are not on the server. ... Once a computer is owned by someone else the only way to be 100% certain the infection is gone is to flatten and rebuild the system from known good media. ... For me, if the computer is part of a network that a business relies on, the best way to fix a malware infection is to flatten the computer and restore a clean image. ...
    (microsoft.public.windows.server.general)
  • RE: A question for the list...
    ... response, ... I had to take my computers and one server off the WAN ... crisis situation on a neighboring network and shutdown malware. ... virulent proliferation to extract the costs of infection cleanup? ...
    (Incidents)
  • Re: A question for the list...
    ... The problems started when attackers would launch an common attack (whom ... > incident response, ... > crisis situation on a neighboring network and shutdown malware. ... > virulent proliferation to extract the costs of infection cleanup? ...
    (Incidents)
  • Re: Antivirus 2008
    ... payroll) and some proprietary programs that are not on the server. ... 100% certain the infection is gone is to flatten and rebuild the system ... newsgroup I assume the computer in question is part of a network. ... Systems Administration ...
    (microsoft.public.windows.server.general)
  • CERT Advisory CA-2003-04 MS-SQL Server Worm
    ... code that most likely exploits two vulnerabilities in the Resolution ... traffic generated between hosts infected with the worm targeting SQL ... Activity of this worm is readily identifiable on a network by the ... protection whatsoever against the initial infection of systems. ...
    (Cert)