RE: Wireless access

• Previous message: Brendan Halliday: "Abnormal activity."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "'Mitchell Rowton'" <mrowton@bdo.com>, <jswhitford@acm.org>, <Robert.Mezzone@PJSolomon.Com>, <security-basics@securityfocus.com>
Date: Thu, 1 Apr 2004 08:04:15 -0500

I don't think it's a very productive thing for a bunch of techies to get
sucked into a legal argument, of all things! However, it's been my
experience that any statement that includes "you won't be liable" is
probably wrong.

First off, "reasonable effort" is a subjective term. What's reasonable
to you or me may not be to the court. My ex-wife, in personal injury
law, once told me that there's no such thing as "no-fault". Somebody is
ALWAYS at fault. As soon as you establish fault, you establish
liability.

With that attitude from the legal profession, I don't think anything we
EVER do will be completely protected.

My opinion is to provide the best technical solution that can be
implemented within the budget and hope for the best.

KC Smith
kc_smith@clark.net

-----Original Message-----
From: Mitchell Rowton [mailto:mrowton@bdo.com]
Sent: Tuesday, March 30, 2004 12:51 PM
To: jswhitford@acm.org; Robert.Mezzone@PJSolomon.Com;
security-basics@securityfocus.com
Subject: RE: Wireless access

This reminds me of an old conversation. Will you be liable if one
extranet partner uses your connection to bad things to another extranet
partner?

I don't think there was ever a firm answer from legal. But its my (NOT
LAWYER) opinion, that if you make a reasonable effort to keep things
like this from happening i.e changing and disabling broadcast of the
SSID, then you won't be liable. You have to strike a balance between
how much time=money you are willing spend to protect someone else from
someone else. I would be a good internet citizen, and make certain
configuration changes to restrict this type of incidental use, but I
would not recommend spending money (on a firewall for example) on this
type of circumstance.

--
Mitchell
>>> Robert Mezzone <Robert.Mezzone@PJSolomon.Com> 03/29/04 12:17PM >>>
As an example, what happens if a person (unknowingly) connects
wirelessly and downloads a music file?  They are outside our firewall
but they are still connected to our network. Wouldn't the company still
be liable?
Thanks.
Robert
NOTICE:
The contents of this email and any attachments to it may contain
privileged and confidential information from BDO Seidman, LLP.  This
information is only for the viewing or use of the intended recipient.
If you are not the intended recipient, you are hereby notified that any
disclosure, copying, distribution or use of, or the taking of any action
in reliance upon, the information contained in this e-mail, or any of
the attachments to this e-mail, is strictly prohibited and that this
e-mail and all of the attachments to this e-mail, if any, must be
immediately returned to BDO Seidman, LLP or destroyed and, in either
case, this e-mail and all attachments to this e-mail must be immediately
deleted from your computer without making any copies thereof.  If you
have received this e-mail in error, please notify BDO Seidman, LLP by
e-mail immediately.
------------------------------------------------------------------------
---
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545
off 
any course! All of our class sizes are guaranteed to be 10 students or
less 
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of
in-the-field 
pen testing experience in our state of the art hacking lab. Master the
skills 
of an Ethical Hacker to better assess the security of your organization.
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------
----
---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

• Previous message: Brendan Halliday: "Abnormal activity."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]