| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu May 25 14:24:16 2006 From: sforrest at hsdwdc.com (Scott Forrest) Subject: Responsibility My question would be why the previous IT staff didn't put the customer access on a different leg than the actual business network? A simple VLAN or something to keep the two separate so something like that wouldn't happen. Scott Forrest IT Manager Hobbs, Straus, Dean & Walker, LLP 2120 L St. NW - Suite 700 Washington, D.C. 20037 202.822.8282 ext.326 sforrest@...wdc.com -----Original Message----- From: full-disclosure-bounces@...ts.grok.org.uk [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of <...> Sent: Tuesday, May 23, 2006 4:08 AM To: Greg; full-disclosure@...ts.grok.org.uk Subject: Re: [Full-disclosure] Responsibility unfortunately if there is a paper signed by both parties "per acceptance" of the hotel (it is usually part of the buying/lease contract), and that includes also the IT stuff, there's nothing to do.... a good lawyer could help on this, rather than security experts.... and, by the way, if something like this happens there's no easy way to say you've done the utmost to lock down the customer... just my .02?c (that's 20% more that in $) ----- Original Message ----- From: "Greg" <full-disclosure3@...andyman.com.au> To: <full-disclosure@...ts.grok.org.uk> Sent: Monday, May 22, 2006 12:05 AM Subject: [Full-disclosure] Responsibility Large motel/hotel chain I recently acquired wants to sue previous company who did their I.T. work for them as a customer's wifi connected machine infected their network and caused loss of booking data thus money. My question then is - if you have done the utmost to lock down your customer but someone connects an infected machine and somehow it gets in, is the customer right in suing you? Eg, like a car mechanic, you do the best but you cannot be 100% sure that something else that was never a problem will now cause a problem (such as a new exploit in our case that wasn't known generally until 24 hours ago). Should you be sued at that point? Wondering whether to dump the guy at this point. Thanks. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -------------------------------------------------------------------------------- Hobbs, Straus, Dean and Walker, LLP. Confidentiality Statement This message is intended only for the use of the individuals to which this e-mail is addressed, and may contain information that is privileged, confidential and exempt from disclosure under applicable laws. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this e-mail in error, please notify the sender immediately and delete this e-mail from both your "mailbox" and your "trash." Thank you. --------------------------------------------------------------------------------
Powered by blists - more mailing lists