Full Disclosure mailing list archives
Re: Responsibility
From: Sean Comeau <scomeau () cansecwest com>
Date: Tue, 23 May 2006 22:30:03 -0700
On Mon, May 22, 2006 at 08:05:47AM +1000, Greg wrote:
Large motel/hotel chain I recently acquired wants to sue previous company who did their I.T. work for them as a customer's wifi connected machine infected their network and caused loss of booking data thus money. My question then is - if you have done the utmost to lock down your customer but someone connects an infected machine and somehow it gets in, is the customer right in suing you? Eg, like a car mechanic, you do the best but you cannot be 100% sure that something else that was never a problem will now cause a problem (such as a new exploit in our case that wasn't known generally until 24 hours ago). Should you be sued at that point?
What was their backup strategy? How many records were lost? It could have been disk failure that caused loss of data. Who cares what the cause was. If they signed an agreement with this IT company to perform regular backups to prevent loss of data and then, when data was accidently deleted, they find out there are no backups they should sue these guys to recover losses. Just like if you paid a mechanic to fix your breaks and you find out (the first time you get near the bottom of a steep hill) that he took your money, lied to you and just didn't bother to do the work. And that he neglected to do it knowing full well that cars often drive down hills and that if they are unable to stop damage to property and injury will almost certainly occur. Basically, shit happens. Computers are unreliable. It is common knowledge, even among non technical people such as accountants, that backups are needed. It is not common knowledge how often backups need to be done for a particular business. That's for good IT managers/management companies to ask about and their employers/clients to choose their own risk on. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Responsibility Greg (May 21)
- Re: Responsibility Line Noise (May 21)
- Re: Responsibility Paul Schmehl (May 21)
- Re: Responsibility Sol Invictus (May 22)
- Re: Responsibility <...> (May 23)
- Re: Responsibility Sean Comeau (May 23)
- <Possible follow-ups>
- RE: Responsibility Scott Forrest (May 25)
- Re: Responsibility Michael Holstein (May 25)
- RE: Responsibility Scott Forrest (May 25)
- Re: Responsibility Valdis . Kletnieks (May 25)
- Re: Responsibility gboyce (May 25)
- Re: Responsibility Valdis . Kletnieks (May 25)