lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue Nov 22 20:05:03 2005
From: pauls at utdallas.edu (Paul Schmehl)
Subject: Re: Your One-Stop Site For Sony Lawsuit Info

Not just SOX.  HIPAA and GLB will do the same thing.  HIPAA will hold an 
individual practioner liable for security failures, if the corp had an 
acceptable plan but the implementation either never took place or was done 
shoddily.  If the plan isn't in place, then the admins are liable - 
personally liable.

--On Tuesday, November 22, 2005 12:20:33 -0700 Christopher Carpenter 
<ccarpenter@...a.net> wrote:

> Hi Jason, Paul:
>
> While Jason's point may _currently_ be valid in reference to
> programmers, legislation like Sarbanes-Oxley is reiterating individual
> accountability for auditors and executives.  We may see a trickle-down
> effect to lower level management and/or project managers if other
> corporations infringe on personal liberties or "pull a Sony."
>
> Chris
>
> -----Original Message-----
> From: full-disclosure-bounces@...ts.grok.org.uk
> [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of Jason
> Coombs
> Sent: Tuesday, November 22, 2005 12:13 PM
> To: Paul Schmehl
> Cc: intertwingled@...st.net; bugtraq@...urityfocus.com;
> full-disclosure@...ts.grok.org.uk
> Subject: Re: [Full-disclosure] Re: Your One-Stop Site For Sony Lawsuit
> Info
>
> Paul Schmehl wrote:
>> So, all those corporate execs walked out of the court house in
> handcuffs
>> weren't really going to jail?
>
> There's a huge difference between a financial crime committed by an
> individual and a crime committed by a corporation.
>
> Let me know if the distinction confuses you and we'll discuss this more
> privately. You are aware that not every action of a person employed by a
>
> corporation is considered an action of the individual, right?
>
> No individual programmer who writes spyware will ever be prosecuted for
> doing his or her job on behalf of a corporation. No exec who instructs
> said programmer to author said spyware will ever have personal criminal
> liability for giving said instruction.
>
> If you don't like the world you live in, change it or get out.
>
> Regards,
>
> Jason Coombs
> jasonc@...ence.org
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/



Paul Schmehl (pauls@...allas.edu)
Adjunct Information Security Officer
University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/ir/security/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ