Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Ethics Question

From: "Michael Thornhill" <m.thornhill () auckland ac nz>
Date: Fri, 22 Aug 2003 09:25:22 +1200
Hi Mike
Someone was in a similar situation and acted traceably; I don't mean to
sound alarming but he was convicted (of a crime whose name escapes me) and
sentenced to 16 months in a US federal prison. Details from the register:
http://www.theregister.co.uk/content/55/32381.html

Be vigilant!
Mike

Hello all

Question I have is do I tell a company that I did work for that a system
they have is not secure. Background I worked for Company X(left them because
I could not get paid regularly) they have a contract to support and keep
secure Company Y. I noticed on an audit that the machine that is used for
finances is VERY insecure. It is a terminal server machine that is set up so
that 2 people can get to it from the outside. When you remote to this
machine it bypass's login and gives you a blank desktop with the finance
package login. To bypass all you have to do is send a ctrl-shit-esc get the
task manager and file run -explorer and you have a machine that can browse
the whole network.

I had brought this to my then boss's attention he said don't mention it we
will fix it later. The hole is still there.

What would you do ?

Thanks,

Mike



---------------------------------------------------------------------------
----------------------------------------------------------------------------


---------------------------------------------------------------------------
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: