Security Basics mailing list archives
Re: Ethics Question
From: "Michael Thornhill" <m.thornhill () auckland ac nz>
Date: Fri, 22 Aug 2003 09:25:22 +1200
Hi Mike Someone was in a similar situation and acted traceably; I don't mean to sound alarming but he was convicted (of a crime whose name escapes me) and sentenced to 16 months in a US federal prison. Details from the register: http://www.theregister.co.uk/content/55/32381.html Be vigilant! Mike Hello all Question I have is do I tell a company that I did work for that a system they have is not secure. Background I worked for Company X(left them because I could not get paid regularly) they have a contract to support and keep secure Company Y. I noticed on an audit that the machine that is used for finances is VERY insecure. It is a terminal server machine that is set up so that 2 people can get to it from the outside. When you remote to this machine it bypass's login and gives you a blank desktop with the finance package login. To bypass all you have to do is send a ctrl-shit-esc get the task manager and file run -explorer and you have a machine that can browse the whole network. I had brought this to my then boss's attention he said don't mention it we will fix it later. The hole is still there. What would you do ? Thanks, Mike --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- RE: Purging Blaster.worm, (continued)
- RE: Purging Blaster.worm TheFueley (Aug 15)
- Re: Purging Blaster.worm Meritt James (Aug 15)
- RE: Purging Blaster.worm Stuart (Aug 16)
- Re: Purging Blaster.worm Meritt James (Aug 14)
- Re: Purging Blaster.worm Meritt James (Aug 19)
- RE: Purging Blaster.worm David Gillett (Aug 19)
- Ethics Question Mike Taylor (Aug 21)
- Re: Ethics Question Adam Newhard (Aug 21)
- Re: Ethics Question Suzanne Rodday (Aug 21)
- Re: Ethics Question Sebastian Schneider (Aug 22)
- Re: Ethics Question Michael Thornhill (Aug 21)
- Re: Ethics Question Schneider Sebastian (Aug 21)
- Re: Ethics Question Paul Ledin (Aug 22)
- Re: Purging Blaster.worm Ansgar Wiechers (Aug 16)
- RE: Purging Blaster.worm Rory (Aug 13)