Ethics Question: You've been hacked...

[agraham999]

So get this...

Today I am working on a clients database and I decide to test it out on my PC (hosting it on my Macs) and when I go to Open Remote I see another person popping up on my network...so basically this guy is on a DSL line and he isn't running a firewall so his FMP was broadcasting to every FMP client on the same ISP...and anyone could come along and destroy this guys entire business records...since his Preferences setting was to try the default password.

I sat and thought about this...and I felt I had to do something...but what? I don't know his email or personal info...so I went into layout mode...typed him a message on his database so he would see it, explaining his problem and left my contact info. I then turned off the default password setting so no one else could open his files...including myself.

So...my question is this...as far as ethics are concerned...you think this was okay? I mean...I know that I would feel sorta violated myself...but would appreciate someone bringing it to my attention and preventing anyone from harming my data. If no one contacted this person they would never know their data was at risk.

What would you do???

[trevorg]

I'm not sure about the ethics of what you did. You meant perfectly well. However, if this person doesn't know what the default password was, they might never see the inside of that database again!

[agraham999]

I thought about that...but I was torn between which was the lesser of two evils. I mean...who doesn't know their own password...on the other hand...what if you came into your business and found the entire database wiped...or someone stole your records and marketed to your clients...

It was a tough decision...and one I didn't reach easily...I can only hope I made the right one. You know what they say about no good deed goes un-punished.

[Keith M. Davie]

From the recent examples of ethics coming from Wall Street, it is clear that it is better to ask forgiveness than permission.

[trevorg]

Do you still see the database on the network? I guess that would be the only way to know if they are still getting into it. Unless they saw your message and figured out how to turn off the networking. If that's the case then we are left wondering.

[agraham999]

One of the two files is still up...the other is closed...hard to figure what is going on...it is possible the person doesn't check the DB every day or hasn't seen my message. I wrestled with this decision for some time...I checked their scripts to locate email addresses...I checked their layouts...I looked for their computer name on ebay in case it was their last name or screen name...I called a company where they purchsed an item to see if I could track them down...I dug through the whole thing to see if I could find any clues...but couldn't put anything conclusive together...

So...I left a note and shut the door behind me. I figured that a person who has the setting to automatically log on to their database is just lazy...and knows their password...also this person had to use a password to set a password. It seemed the best way to be a good citizen.

These types of questions are never easy to answer...but I did what I thought was best.

[BobWeaver]

...it is better to ask forgiveness than permission.

Ah yes, the Emo Phillips philosophy.

"I prayed every night for a new bicycle. Then, I found out that God doesn't work that way. So, I stole a bicycle and prayed for forgiveness."

[rudydowning]

My own personal opinion: You did the right thing.

I hope people would be more concious about not taking

advantage of someone else's weakness....

[business model]

i think you did the right thing. this guy could have woken up and found someone has stolen all his files and learned personal information about his clients, which would be very embarassing for him and it could have caused him legal troubles (a client suing him because their information ended up all over the web or whatnot). i would have done the exact same thing. good job for a good deed well done.