[PLUG] A dilema
Robbert van Andel
robbert at vafam.com
Tue Dec 9 13:45:03 UTC 2003
I would think that if your concerns are documented and the companies
lack of desire to implement the security changes, you should no be held
responsible. Just my 2 cents, I'm not a lawyer.
Robbert
On Tue, 2003-12-09 at 13:33, Ed Sawicki wrote:
> I need some opinions to solve a moral and business
> dilemma.
>
> I have a consulting customer that runs a Windows shop.
> At least two of their Windows computers have been
> attacked and we've reinstalled Windows each time. They
> then install their Norton software on the computer and
> declare it secure. Surely, nothing bad should happen if
> Norton is installed, they think.
>
> We've replaced their Windows 2000 server with Linux acting
> as a firewall and router so we now have control over that
> part of the network but we have no control over desktop
> computers running Windows. They run Outlook and I suspect
> this is how they're being attacked.
>
> The main problem is my customer's attitude. They do not
> care about security if it's the least bit inconvenient.
> Worse, they don't care about the privacy of their customer
> data. Their customers are individuals who would be devastated
> by identity theft. Their personal data is stored on this
> company's server and there's no effort to protect it.
>
> As long as attackers don't delete their data files, this
> company doesn't seem to care if their data files leak out to
> the Internet. They would be unwilling to spend the money to
> have me secure their computers.
>
> I'm concerned about numerous issues. Primarily, I see this
> as criminal negligence and I don't know what to do about it.
> Secondarily, I'm wondering about the risk of being named as
> a defendant should one of their customers be victimized in
> some way.
>
> Ed
>
>
> _______________________________________________
> PLUG mailing list
> PLUG at lists.pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
>
>
More information about the PLUG
mailing list