[GLLUG] Am I over-reacting to this?
John Edwards
john at cornerstonelinux.co.uk
Tue Jan 14 16:59:12 UTC 2014
B1;3201;0cOn Tue, Jan 14, 2014 at 04:34:52PM +0000, Bernard Peek wrote:
> On 14/01/14 14:10, John Winters wrote:
>
>> I nearly fell off my chair when I discovered this. Am I over-reacting?
>
> No. And the fact that the ISP hides the fact that they have opened
> the interface takes this into territory covered under the Computer
> Misuse Act 1990. Whoever authorised this could get 6 months
> porridge.
Unlikely, as that covers "unauthorised" access and I would expect the
ISP to argue they their access is authorised as part of the ongoing
service.
It is quite clearly bad practice and would also violate the PCI DSS
requirement for a secure network and not using vendor defaults for
system security. The Data Protection Act 1998 also talks about the
need to prevent unauthorised access to personal data.
--
#---------------------------------------------------------#
| John Edwards Email: john at cornerstonelinux.co.uk |
#---------------------------------------------------------#
More information about the GLLUG
mailing list