I'd take this guy for coffee to Starbucks. set up wireshark and show him what can happen.
On Mon, Oct 12, 2009 at 2:42 PM, Vincent Lape <[email protected]> wrote: > document your conversation with "top buy" create a report stating the > issue and remediation recommendations and just wait till it gets > pwned. Once customer data is out there in the wild im sure they will > have a different outlook on the issue. Just make sure you CYA so "top > guy" doe snot come back and say hey that dude was responsible to > fixing that problem. > > > On Oct 12, 2009, at 10:24 AM, Soft Reset wrote: > > > Without spilling details, I told the IT team to remove an exposed > > web portal from the internet as it was not SSL protected and the > > password was easy enough to be found in my kid's "My First > > Dictionary". This is the response I got back from our "top guy": > > > > "Many people need access to the web portal. Remember that one of > > the objectives is to develop a strategy > > for the customer. Easier access, not harder, should be the goal." > > > > I laughed. How about you? > > > > > > --SR6 > > _______________________________________________ > > Pauldotcom mailing list > > [email protected] > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > > Main Web Site: http://pauldotcom.com > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
