Ethical problem: I install 2-4 wireless networks/week in homes and businesses

[HappyPuppy]

I do these installs for a nationwide corporation. These people (the customers) have no idea just how vulnerable they are to hacker attacks or data theft. In the homes the people may have all their personal information on their computers, including their tax returns, CC information and investments. In the offices, and some of them are attorneys, they have all sorts of info that people might want to get hold of.

My problem, and it is a moral one, is that I know just how vulnerable these people are, but they don't. If I inform them, they may cancel their installs and return the hardware. It would become apparent to the mother company that I am losing sales for them. I will be terminated. ???

So, what do I do? Throw away my job or take the moral high ground and possibly get fired, go into debt and let my family suffer?

 

Well, you should tell them, as you do have somewhat of an obligation to do that as a computer techie type guy. But on the other hand, inform them that its low probability of a hacker getting the information, as they have to be within a certain distance and other crap like that. If a hacker really wanted the info, I am sure he/she knows other loopholes to get it.

Edit: Tiny grammer and also, it might save your company from many lawsuits should the customers get hacked.

 

[RU482]

I think I can help. Just send me their addresses and we'll get this under way

 

[gopunk]

what would your management do if you told them about your concerns?

 

[HappyPuppy]

Just drive down Wilshire Boulevard in L.A., you'll pick up all the sigs you could ever want. Attorneys are the stupidest (non-technical) people you would ever not want to meet.

 

[djheater]

<< Just drive down Wilshire Boulevard in L.A., you'll pick up all the sigs you could ever want. Attorneys are the stupidest (non-technical) people you would ever not want to meet. >>



I don't know i've met some PRETTY stupid technical people I wouldn't want to meet either....wait... does that make sense...

 

[Chooco]

don't make specific things like "they could grab this file and make a credit card under your name"

just tell them a vague statement like "i recommend you get a firewall just so you have that extra big of security "

 

[djheater]

<< don't make specific things like "they could grab this file and make a credit card under your name"

just tell them a vague statement like "i recommend you get a firewall just so you have that extra big of security " >>



Wow... you either are or are destined to be a great consultant....

 

[HappyPuppy]

I work for a third party service company that contracts with the major corps. My company wouldn't care because they have no liablity other than proper installation. The parent company would, of course, be very unhappy if they started getting their hardware shipped back to them because of me.

Bottom line, the process would continue, only without me.

 

[HappyPuppy]

Choco,

Funny because part of our install script is to disable/uninstall all firewalls.

 

[wnied]

...just tell them a vague statement like "i recommend you get a firewall just so you have that extra big of security

If these are wireless networks he's hooking up...what would a firewall do to curb signal capture?

~wnied~

 

[gopunk]

i vote you *not* rock the boat. it might be different if you were single and had no dependants, but since you said you would go into debt with a family... i think your first obligation is to your family.

 

[Viper GTS]

<< ...just tell them a vague statement like "i recommend you get a firewall just so you have that extra big of security

If these are wireless networks he's hooking up...what would a firewall do to curb signal capture?

~wnied~ >>



Nothing, but you can put the firewall between your wireless access point & your internal network.

Viper GTS

 

[Chooco]

<< Funny because part of our install script is to disable/uninstall all firewalls. >>



you work for a pretty crappy company then, disabling firewalls is not good. why not just put a sign on the puter that reads "haxable"

 

[Lithium381]

hrm, i'd tell them.....hmmm, tough spot you are in though......up to if you can live with it or not....

 

[FoBoT]

um, you mean they aren't using encryption? of any key length? not 128?

wow, i just found this site that lists a ton of security issues with 802.11 !!

i knew i didn't like this, now i know why!!!

look for a new job while you keep doing your present job, when the right opportunity comes along, bail

 

[HappyPuppy]

Now you see my problem. I don't mind doing my job, but if doing my job might mean allowing harm to be done to others, then what is the resolution? These people don't understand that they are, in effect, posting all of their personal data and business information, on what amounts to a billboard.

I realize that the chances that any one of them will ever come to any harm due to this is very slim, but don't we, the "knowledgeable" techicians that they trust, have a responsibility?

 

[gopunk]

i look at it this way, what is more important? your family, or your clients?

 

[HappyPuppy]

Thanks, FoBot. Encryption is something else we are told to disable or not activate unless the client requests it.

 

[Chooco]

why would you uninstall firewalls? firewalls don't get in the way of installing stuff. just shut down the firewall, install the stuff, see if it works, turn firewall on.

 

[NikPreviousAcct]

Well, what that kind of information, it's your obligation as a professional to speak up. However, before you do, bust your butt to get a plan together with hardware/software to secure their connections. Then, when you present it, you can be like "Although you are completely vulnerable, I've taken the liberty ahead of time of putting together a plan on paper to secure your connections and make you less vulnerable."

If I were the employer, not only would I make sure that your job is secure for a number of years, I would give you a bigass bonus for being honest, speaking up, and doing something to keep my vital information safe even though it will take you longer and be more of a hastle of getting the job done.

nik (will take care of his employees very, very well when he owns his business)

 

[HappyPuppy]

gopunk, rest assured that my family always comes first, last and always.

Whatever the outcome of my quandry, my family will not suffer and I will find a way to rectify the situation.

I am still open to suggestions on how to approach my employer about the possible dangers we are putting out clients in.

 

[FoBoT]

maybe you could get a security organization involved, something like @Stake
you could let them know the situation and maybe they could approach your employer with the information, since they are a "reputable" organization, maybe a big corp would listen to them, and you could remain anonymous

 

[HappyPuppy]

Chooco, our installation instructions specifically direct us to disable or uninstall all firewalls. We are not to re-enable the firewalls. Extremely irresponsible isn't it?


ffmcobalt, I consider myself to be very professional. That is my problem. I can't approach the clients with the security issues because that will only result in my termination. I need to come up with a way to convince my employer that the way we are being forced to do these installations is not in the best interests of the company.

 

[apoppin]

You are in a tough spot. Go with your conscience.

I think you should look for a better job. In the meantime, you might pass some concerns on to your employer - that they may get sued by your customers if they get hacked. After all you are compromising security by disabling firewalls without informing them.

I think your company is really foolish - they are missing an opportunity to sell extra (really needed) security.