Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

penetration

  • 01-10-2011 11:50am
    #1
    Closed Accounts Posts: 8


    Hi I work for company which has security holes in their network and I have found one which I have reported to my manager but no one has come back to me and solve these.
    So After a year of waiting I have decided to show them this hole again and after I year I was testing this hole again and is still there but I'm not sure if is it legal to test that network without permission and what could be consequence of doing so


Comments

  • Closed Accounts Posts: 2,267 ✭✭✭h57xiucj2z946q


    Gray area to be honest.


  • Closed Accounts Posts: 18,966 ✭✭✭✭syklops


    manox wrote: »
    Hi I work for company which has security holes in their network and I have found one which I have reported to my manager but no one has come back to me and solve these.
    So After a year of waiting I have decided to show them this hole again and after I year I was testing this hole again and is still there but I'm not sure if is it legal to test that network without permission and what could be consequence of doing so

    You need to be really careful. Compromising or attempting to compromise a system with out the owners written permission is considered hacking, and legally speaking you could do time.

    The reality is rather different. While Ireland has quite stringent laws on computer misuse, I don't think there have ever been any convictions. However, for you personally, you could lose your job or at best have disciplinary proceedings brought against you. This will be due in part to knee jerk reactions by Sys Admins and general ignorance by management.

    Do you work on the Security team, or are you just a 'regular' employee(No offence meant)?

    If you are just a regular employee inform your manager of the hole and leave it at that. Dont risk suicide by email by CC'ing a load of different managers about it, you will only hurt yourself.

    If you do work on the Security team, again inform your manager, maybe mention it to an admin, many do genuinely care about the integrity of the network, but be sensitive about it. Dont go running into the NOC saying "Theres a problem with the network ZOMG!!11!". Buy an admin a coffee and go over your concerns calmly and succinctly.

    If after all that is done, and nothing has changed, leave it alone. But if you have stock in the company consider selling it before they get hacked, and it is made public.


  • Registered Users, Registered Users 2 Posts: 10,339 ✭✭✭✭LoLth


    what syklops said. Some IT guys may see any "official" report as a criticism of their abilities. best bet is to mention it in a friendly/curiosity way.


  • Registered Users, Registered Users 2 Posts: 957 ✭✭✭MonsterCookie


    I agree you should tread carefully.

    Many vulnerabilities are difficult to fix. In reality, I've encountered several issues over the years that have taken years to fix. It depends on cost, organisational culture, politics etc.

    On a level, if you have reported it and nothing comes of it, the monkey is not on your back...however, for the good of your organisation, you should probably escalate again if you feel itnis being ignored.

    For your own sake, only test if you have express authority to do so...


Advertisement