Originally Posted by
RodG
If that isn't enough to convince them, you could also try the legal argument.
Specifically, they are currently running a site with well known exploits that can lead to the leaking of their customers personal data (Names, addresses, phone numbers, products purchased, and in some cases, even their Credit Card details).
Unless they take immediate action to rectify the problem they could be held legally liable for any damage (or perceived damage) as a result of the leakage of this personal information.
Simply put, they have a legal responsibility to ensure that their customers data is secure.
They *may* get away without penalty if they are unaware of the expoit(s), but now that they are aware of it, they have no excuse. If they are unable to protect their customers data they *must* take the site offline to protect both themselves and their customers.
The relevant law falls under "Duty of care" in most countries.
Regards
Rod. (adv dip network security)
Bookmarks