[PLUG] A dilema

Robbert van Andel robbert at vafam.com
Tue Dec 9 13:45:03 UTC 2003


I would think that if your concerns are documented and the companies
lack of desire to implement the security changes, you should no be held
responsible.  Just my 2 cents, I'm not a lawyer.

Robbert

On Tue, 2003-12-09 at 13:33, Ed Sawicki wrote:
> I need some opinions to solve a moral and business
> dilemma.
> 
> I have a consulting customer that runs a Windows shop.
> At least two of their Windows computers have been
> attacked and we've reinstalled Windows each time. They
> then install their Norton software on the computer and
> declare it secure. Surely, nothing bad should happen if
> Norton is installed, they think.
> 
> We've replaced their Windows 2000 server with Linux acting
> as a firewall and router so we now have control over that
> part of the network but we have no control over desktop
> computers running Windows. They run Outlook and I suspect
> this is how they're being attacked.
> 
> The main problem is my customer's attitude. They do not
> care about security if it's the least bit inconvenient.
> Worse, they don't care about the privacy of their customer
> data. Their customers are individuals who would be devastated
> by identity theft. Their personal data is stored on this
> company's server and there's no effort to protect it.
> 
> As long as attackers don't delete their data files, this
> company doesn't seem to care if their data files leak out to
> the Internet. They would be unwilling to spend the money to
> have me secure their computers. 
> 
> I'm concerned about numerous issues. Primarily, I see this
> as criminal negligence and I don't know what to do about it.
> Secondarily, I'm wondering about the risk of being named as
> a defendant should one of their customers be victimized in
> some way.
> 
> Ed
> 
> 
> _______________________________________________
> PLUG mailing list
> PLUG at lists.pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
> 
> 





More information about the PLUG mailing list