How Not To Respond To A Security Problem

from the it-probably-helps-to-actually-fix-things dept

If you’re an online merchant and some nice person calls you up and explains that you’ve made a silly mistake in setting up your order tracking system – so silly that anyone with half a brain can get all sorts of information about every one of your customers – what would you do? ComputerHQ shut everything down, but then came back online with the same security hole. Probably not the best solution. So, they were called again. They did the same thing again. Wired News went and contacted a bunch of people who had ordered from ComputerHQ (they got the info through the security hole) and those people are now pretty pissed. One of them called ComputerHQ – who said the problem had been fixed, even though it hadn’t. It would seem that the smartest thing to do would be to take down the site until you knew the problem was fixed – and not to lie when confronted with the problem. Also, many of the customers are pissed that no one from ComputerHQ contacted them since finding out about the hole.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...