lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 06 Jun 2007 11:57:52 -0400
From: "J. Oquendo" <sil@...iltrated.net>
To: Tim <tim-security@...tinelchicken.org>
Cc: full-disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Re: You shady bastards.

Tim wrote:
> As mentioned multiple times by multiple posters, but apparently eluded
> your reading, the recipient's consent:
>
>  A) May have never been given
>  B) May have expired with the employment contracts
>  C) May not apply at all if the monitoring party was not given
>
>
>     authorization by the company

You're basing your arguments on assumption...

A) I don't know ... Do you?
B) Most contracts have expiry dates on NDA's if signed. More then likely 
with a security company.
C) You don't know. I don't know.

We can infer from B) and C) that 1) recipient worked for a security 
company. 2) More than likely
signed an NDA or contractual agreement 3) Because they are a security 
company in place, they
*should have* had some form of policy in place detailing things.

So if 2 and 3 are correct, there is no law broken period. So re-posting:

/ *SNIPPET * /

"Courts have held that the wiretap law required interception in 
transmission before - finding that
seizing of a computer gaming company's email, perusing a secure website 
under false pretenses,
reading an independent insurance agent's corporate email, installing and 
using tracking cookies,
and even hacking into a computer and retrieving email does not violate 
the wiretap law.
/ * STOP FOR A SECOND * /

See the last sentence?

/* SNIPPET * /
The courts have observed that to "intercept" something, according to the 
dictionary, is "to stop,
seize, or interrupt in progress or course before arrival" and therefore 
that "a contemporaneous
interception - i.e., an acquisition during flight - is required to 
implicate the Wiretap Act.
/* STOP AGAIN */

See this last sentence?

/* SNIPPET */
Several court cases have upheld that checking email after transmission 
is legal (i.e. email auditing),
since it is viewed as no different than searching through a file in an 
employee's drawer.
/* END SNIPPET */

So before I go on... May I ask you how many times have you dealt with 
these issues or
anything like them in court? Care to ask me the same?

See: "The Ordinary Course of Business Exception"
http://www.law.duke.edu/journals/dltr/articles/2001dltr0026.html
http://www.theregister.co.uk/2004/07/05/close_email_wiretap_loophole/
http://thomas.loc.gov/cgi-bin/query/z?c109:S.936:

-- 
====================================================
J. Oquendo
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743
echo infiltrated.net|sed 's/^/sil@/g' 

"Wise men talk because they have something to say;
fools, because they have to say something." -- Plato



Download attachment "smime.p7s" of type "application/x-pkcs7-signature" (5157 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ