Re: Ethics Question
From: Schneider Sebastian (ses_at_straightliners.de)
Date: 08/22/03
- Previous message: Michael Thornhill: "Re: Ethics Question"
- In reply to: Mike Taylor: "Ethics Question"
- Next in thread: Paul Ledin: "Re: Ethics Question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: security-basics@securityfocus.com Date: Fri, 22 Aug 2003 00:28:38 +0200
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Mike,
For you reported to your boss about the problem, he got aware of that issue
and told you to don't tell the client. Since the boss said, they're going to
fix it later he is responsible as well as liable for that.
If you want to take advantage of that information, report the issue to Company
Y. If you still like your old boss, inform him as well. Otherwise don't
bother with it anymore, since it's not your problem anymore.
Sebastian
On Thursday 21 August 2003 04:54, Mike Taylor wrote:
> Hello all
>
> Question I have is do I tell a company that I did work for that a system
> they have is not secure. Background I worked for Company X(left them
> because I could not get paid regularly) they have a contract to support and
> keep secure Company Y. I noticed on an audit that the machine that is used
> for finances is VERY insecure. It is a terminal server machine that is set
> up so that 2 people can get to it from the outside. When you remote to this
> machine it bypass's login and gives you a blank desktop with the finance
> package login. To bypass all you have to do is send a ctrl-shit-esc get the
> task manager and file run -explorer and you have a machine that can browse
> the whole network.
>
> I had brought this to my then boss's attention he said don't mention it we
> will fix it later. The hole is still there.
>
> What would you do ?
>
> Thanks,
>
> Mike
>
>
>
> ---------------------------------------------------------------------------
> ---------------------------------------------------------------------------
>-
- --
straightLiners IT Consulting & Services
Sebastian Schneider
Metzer Str. 12
13595 Berlin
Germany
Phone: +49-30-3510-6168
Fax: +49-30-3510-6169
Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte
Informationen. Wenn Sie nicht der richtige Adressat sind oder
diese E-Mail irrtümlich erhalten haben, informieren Sie bitte
sofort den Absender und vernichten Sie diese Mail. Das unerlaubte
Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht
gestattet.
This E-Mail may contain confidential and/or privileged information.
If you are not the intended recipient (or have received this E-Mail
in error please notify the sender immediately and destroy this E-Mail.
Any unauthorized copying, disclosure or distribution of the material
in this E-Mail is strictly forbidden.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQE/RUeaQ7mOWZBxbPcRAj+lAKDDQDB6aVRSGyET0lBt16BxDLDFRwCfa4yT
JNc2cBFLJ7DwIixdTZaA+fk=
=96TR
-----END PGP SIGNATURE-----
---------------------------------------------------------------------------
----------------------------------------------------------------------------
- Previous message: Michael Thornhill: "Re: Ethics Question"
- In reply to: Mike Taylor: "Ethics Question"
- Next in thread: Paul Ledin: "Re: Ethics Question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
