| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon May 22 01:26:52 2006 From: pauls at utdallas.edu (Paul Schmehl) Subject: Responsibility --On May 22, 2006 8:05:47 AM +1000 Greg <full-disclosure3@...andyman.com.au> wrote: > Large motel/hotel chain I recently acquired wants to sue previous company > who did their I.T. work for them as a customer's wifi connected machine > infected their network and caused loss of booking data thus money. > > My question then is - if you have done the utmost to lock down your > customer but someone connects an infected machine and somehow it gets in, > is the customer right in suing you? There's way too many unanswered questions here to provide an intelligent answer. 1) What was the nature of the virus? New and undetected? Or old and well known? 2) What was the status of patching? Current? Or way behind? 3) What was the response to the infection? Rapid and effective? Or slow and ineffective? 4) Where the critical assets protected from the rest of the network? Or exposed? 5) What was the nature of the security effort? Organized and focused? Disorganized and unfocused? Those are just some starting questions. You would need to know much more to accurately assess the culpability of the previous company. Paul Schmehl (pauls@...allas.edu) Adjunct Information Security Officer The University of Texas at Dallas http://www.utdallas.edu/ir/security/ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pkcs7-signature Size: 3824 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060521/708ea263/attachment.bin
Powered by blists - more mailing lists