document your conversation with "top buy" create a report stating the issue and remediation recommendations and just wait till it gets pwned. Once customer data is out there in the wild im sure they will have a different outlook on the issue. Just make sure you CYA so "top guy" doe snot come back and say hey that dude was responsible to fixing that problem.
On Oct 12, 2009, at 10:24 AM, Soft Reset wrote: > Without spilling details, I told the IT team to remove an exposed > web portal from the internet as it was not SSL protected and the > password was easy enough to be found in my kid's "My First > Dictionary". This is the response I got back from our "top guy": > > "Many people need access to the web portal. Remember that one of > the objectives is to develop a strategy > for the customer. Easier access, not harder, should be the goal." > > I laughed. How about you? > > > --SR6 > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
