On Wed, May 28, 2003 at 12:04:00PM +0200, Marcel Weber wrote: > I did not reread the whole thread, so sorry if I'm asking silly > questions, but perhaps it's not a security issue, but a policy issue: Oh, it is partially a policy issue. All of the points you have mentioned completely apply. Officially we are consultants. We have a policy of "we tell you what not to do, then you tell us to do it". It's often quite ironic. In all of these situations we had mentioned that there were drawbacks to lax security. After so many arguements of "no one would want to hack us", and "it makes my job harder" we just say "duly noted, our hands are clean". We are billing by the hour for the clean up. I've almost begun to get a perverse satisfaction out of it, although it's really cutting into my time on real projects.
The only reason I posted is that this guy seemed to take seven different and varied machines in a very short time frame--with very little skill evident in his methods. They are all fairly distant (both in IP range and administrative oversight). It's just odd to me that so many went so fast, so I thought I'd chime in to make sure that this wasn't widespread. Jayson
