Re: Ethics Question

[Paul Ledin <paul_ledin () yahoo com>]

i can't really see any arguement for u to get
involved.  if your old boss/company is too dumb, lazy,
etc. to perform their duties then from an economic
perspective leaving the hole there is arguably the
best thing to do.  

becoz eventually someone finds and exploits it,
company Y says why are we paying these bozos @ company
X who are obviously incapable performing the job for
which their paid and they ax company X and tell their
friends @ companies a, b, and c.  eventually company X
goes tits up and a compentent and more efficient
company takes their place so over the long term even
company Y(assuming they survive as well) is better off
for the intrusion and your lack of action.  on the
other hand if u inform company Y and they go to
company X and say what's the story, then company X
gets a free(or least least much less damaging) heads
up and says oh ya we were just about to fix that.  and
they fix it while leaving 10 other holes that they
haven't got around to/don't know about.  meanwhile
company Y will be much more hesistent to badmouth
company X to their friends becoz they we're assured by
X that it will never happen again and since they
didn't suffer damages they won't be nearly as incensed
and possibly fearful of a slander/defamation suit.

it's like if i see u about to walk into the path of
oncoming traffic, most people would agree that there
is a level ethical/moral responsibilty to warn u of
your impending demise.  but if after i warn u, u say
ya ya and step out into traffic anyway i'm under no
obligation moral or otherwise to dive into traffic to
save u.  and in fact @ that point in time your actions
are probably doing the gene pool a favor.



--- Mike Taylor <mtaylor () ablenology com> wrote:
> Hello all
>
> Question I have is do I tell a company that I did
> work for that a system
> they have is not secure. Background I worked for
> Company X(left them because
> I could not get paid regularly) they have a contract
> to support and keep
> secure Company Y. I noticed on an audit that the
> machine that is used for
> finances is VERY insecure. It is a terminal server
> machine that is set up so
> that 2 people can get to it from the outside. When
> you remote to this
> machine it bypass's login and gives you a blank
> desktop with the finance
> package login. To bypass all you have to do is send
> a ctrl-shit-esc get the
> task manager and file run -explorer and you have a
> machine that can browse
> the whole network. 
>
> I had brought this to my then boss's attention he
> said don't mention it we
> will fix it later. The hole is still there. 
>
> What would you do ? 
>
> Thanks,
>
> Mike
---------------------------------------------------------------------------
>
----------------------------------------------------------------------------
>


=====
I can't die until the government finds a safe place to bury my liver.
                -- Phil Harris

__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com

---------------------------------------------------------------------------
----------------------------------------------------------------------------