I have I told the people in charge, it not my problem any more, my
contract is filled. I have ask law/told law enforcement and my civil
liablity ends, I could be civil liablity if I did not tell the management.
Remeber I had the CFO, CEO and IT manager and there aids has the report.
Since the information was in the reported it is their problem. If I tell
law enforcement with say with my infragard protection contract. I would
have to rescan there network to test for the problems again so my
information would be up to date. This could opening me up to liablity
again. It is the same problem if you find a computer that is hack. I can
not report to law enforcement unless management want me too. You know
those people where you pay check come from.
What I have found out is security in not security it politics. If you
tell the whole truth you get kick out and nothing it is done. Let look at
the computer voting machine problems. Do you trust any company that if
you say anything again the company security of there product they want to
sue you.
I will bring up one more client. It goverment with critical
infrastructure network. The Cisco network has redundancies build in. The
network has not be monitor for over 3 years. They do not even know if
primary or backup way are making the network work. No updates on the
routers or pix boxes. All I can do it make the report and beg for
funding because they do not have the personal that can fix it.
I have got them to the point they believe there is a problem. It only
step one. I still working on them. But as a contractor I have to walk on
egg shells not to make any mad even if they are incompetenced.
This is becomming stander operating procedure and this is reallity.
But on the bright side if the just do 1/10 of what I said security is a
little better. That is the only hope I do have now. I have turn over the
reports to sells to put the best light on the report.
The quote: "The truth, you can't handle the truth!" rings really true.
Enjoy,
Richard Rager
On Sun, 26 Sep 2004, Atom 'Smasher' wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Thu, 23 Sep 2004, Richard Rager wrote:
Well the contractor is mad at us because I point out a problem they
caused. The client stop using the palms computers. It was a pet
project of the CEO and the IT staff did not have the resources or skills
to fix all the problems. CFO said they did not have the money to fix to
problems. So I scare the hell out of them. They removed the contractor
and us. So every one is mad at us. We can not go directly to the
client because of contracts. So that is the way the cookies crumbles.
==============
IANAL. TINLA.
if you are aware of a violation of law (HIPAA, in this case) then you may
be legally required to report that violation to proper authorities (who
enforces HIPAA?). talk to a lawyer.
DO NOT mention your intent to report the violation to the contractor that
hired you; even with the best of intentions (to have the problem solved)
it is likely to be misinterpreted as a threat or blackmail. simply report
it to the appropriate authorities. if you are an employee you may be
legally protected as a whistle-blower. talk to a lawyer.
...atom
_________________________________________
PGP key - http://atom.smasher.org/pgp.txt
762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
-------------------------------------------------
"Take sides. Neutrality helps the oppressor, never the victim.
Silence encourages the tormentor, never the tormented."
-- Elie Wiesel
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.6 (FreeBSD)
Comment: What is this gibberish?
Comment: http://atom.smasher.org/links/#digital_signatures
iQEcBAEBCAAGBQJBVzd3AAoJEAx/d+cTpVciVdIIAJ7r0TNXkDACizRX8DZCMci1
ZSxK6ZJWIyjPiODfDSYCHe3iL6rB14lQ4x1ATNCq7wJwXtgP+In8yF6yWtw63pJ7
Eeicn7TJ+hkm5Q3On+WPpOzKNo+r1IBPOm/cIB3NVJh4Znonfnd8FzFUyZBjmm36
XUh6SRM5f2cuPo5enaokq6x2X7QOkZkXxKmqFybddS4drxs/ZEN3nQTRGVQrq5dl
bHFeojVvvGT8GarXDhGAtpyP+MZEiV2VPMcmvlnWbkZt0r40gcEwyPLLdICLJhVl
/QF5h5Vgnur0tKoankV+eA8Xl/wdnDGwUKjus+JsejrRhLVKU58yJ8qooLBzQl8=
=8o3E
-----END PGP SIGNATURE-----
