Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Confidentiality on Virus Sent Docs?

CmdrTaco posted about 13 years ago | from the something-to-think-about dept.

Privacy 465

Sulka writes: "The latest Sircam outbreak has sent me a lot of documents from total strangers I've never heard of before. This led me to wonder what would happen if a trade secret doc from company X was leaked like this to me -- I guess the secret wouldn't be a secret anymore. But what's the legal standing of this? Is a virus sending a document the same as someone sending email accidentally to a wrong address? Could I send a M$ Halloween memo that popped to my address to the press?" I have now recieved 1.1 gigabytes of sircam virus email attachments. I'm just glad I don't pay for my bandwidth per k.

cancel ×

465 comments

Sorry! There are no comments related to the filter you selected.

Re:Hotmail deleted all my mail because of this vir (1)

mce (509) | about 13 years ago | (#2178973)

If this is true, you should talk to Hotmail about them having a major security problem, because in that case all Hotmail users clearly are open to all sorts of very nasty denial-of-service attacks.

If your e-mail quota are filling up, they should simply refuse to accept more mail, not delete old stuff. This scheme too is prone to denial of service, but at least your correspondents will know that their message to you was lost and that they should try again later.

--

Check out the Trade Secret Basics FAQ (5)

Tim Macinta (1052) | about 13 years ago | (#2178980)

There is a FAQ on Trade Secret Basics at nolo.com. In particular, look at the question titled "What rights does the owner of a trade secret have?" [nolo.com] I am not a lawyer, but I think it would be reasonable to assume that the SirCam virus would be covered by the line that talks about "people who learn about a trade secret by accident or mistake" (these people are not allowed to divulge the trade secret). So, I am playing it safe with files sent to me as the result of SirCam and just deleting them.

Courses in ethics... (2)

Improv (2467) | about 13 years ago | (#2178990)

Fall into two general categories..
1) Indoctrination so you'll be nice to corporate
interests
2) Review of different ethical systems and their
foundations
I suspect by your phrasing that you mean the
first. A code of ethics isn't something objective
that one can learn.. I recall, when I took a
course on ethics when I was an undergrad, we did
debates, and I managed to sway about a third of
the class to the position that intellectual
property is philosophically invalid. Fun.

Re:Confidentiality clauses (1)

Hallow (2706) | about 13 years ago | (#2178991)

Heh, funny. I don't think you can be held to a contract you never signed. Only the people who signed your contracts with the confidentiality clause could be held accountable to it.

Re:1.1 gigabytes? (2)

Alan Shutko (5101) | about 13 years ago | (#2178996)

Fair enough -- but if procmail is working as advertised and you route the data to the bit bucket, I don't see how you'd know how much you get in spam/forwarded viruses.

Procmail logs, naturally. It logs message size even when bit-bucketing.

Re:1.1 gigabytes? (3)

Alan Shutko (5101) | about 13 years ago | (#2178997)

Of course, by the time it hits procmail, you've already paid for the bandwidth (unless you have mail delivered to a server with procmail outside the net you pay for bandwidth).

Re:1.1 gigabytes? (1)

rho (6063) | about 13 years ago | (#2179004)

Fair enough -- but if procmail is working as advertised and you route the data to the bit bucket, I don't see how you'd know how much you get in spam/forwarded viruses.

Luckily for me, my ISP is one of the best on the planet (Netdoor [netdoor.com] ), and they've filtered out Sircam mail at their mail server. I got a couple of the mails on the first day in the wild, I've never seen another since. Didn't even have to touch my procmail files.

1.1 gigabytes? (5)

rho (6063) | about 13 years ago | (#2179006)

I have now recieved 1.1 gigabytes of sircam virus email attachments. I'm just glad I don't pay for my bandwidth per k.

You oughta be glad you don't get paid for your procmail skills.

Re:Well.... (3)

JanneM (7445) | about 13 years ago | (#2179007)

He isn't asking about the moral issues, he wants to know the legal aspects - these are not always congruent, you know.

I vaguely seem to remember that where I live (sweden) you are not free to redistribute or publish stuff that's gotten into your hands by mistake if the stuff is clearly sent to you by mistake or is obviously confidential. We've had some incidents where hospitals or social services have faxed journals and other files to private citizens by mistake, and I think that was the result of those incidents. Note that you are not required to destroy the documents, or alert anybody that the information's got astray, you just aren't allowed to spread it around.

/Janne

You have the info, there are no restrictions (2)

imp (7585) | about 13 years ago | (#2179008)

As far as I have been able to determine, if you have the information it is yours to do with as you like. There are several court cases where people have come into possession of otherwise private information and were free to publish it. The Supreme court has been somewhat consistant about that in recent years. It is a first amendment thing. If you come by information through an illegal act that you did not commit or encourage to commit, then you can do whatever you want with the information. Witness the poor union negotiator who had his cell conversation taped and later played on the air.

Contract law, btw, requires that all parties sign, or otherwise agree to the contract. With this virus, there's no such agreement between the recipient and those who wish to keep the information private. It would be very hard to prosecute someone for disclosing this information, except maybe a copyright claim which would only protect the instance of the information, not the information itself.

The infected sender might be extremely liable, or not at all. It all would hinge on wheather or not it was possible to take reasonable steps to ensure that such unauthorized disclosure would be prevented.

Bottom line: You can tell people whatever you want to about this. Posting actual documents may expose you to a copyright action (since all documents are copyright at birth), but that would not preclude you from posting summaries.

Re:Well.... (2)

Syberghost (10557) | about 13 years ago | (#2179015)

He didn't say ethics laws, he said ethics.

Any society that doesn't teach it's ethics will only have them for a single generation.

You need only look around your neighborhood (assuming you're in the US) to see that I'm right.

-

Re:IANAL (4)

dschuetz (10924) | about 13 years ago | (#2179018)

The information contained in this document is proprietary and confidential and may not be transmitted to others in any form without the express written consent of $COMPANY. If you have received this document in error, please call $NAME at $PHONE and promptly destroy all copies.

I hate that damned disclaimer. I regularly see it appened to email in mailing lists, and it's always a struggle for me not to respond to the guy that, no, I wasn't the original recipient, and he'd probably better check next time before he sends "proprietary and confidential" info to, say, the Pink Floyd mailing list.

I know that many businesses have such disclaimers automatically tacked on by a server or gateway, but that doesn't make it right. If it's legally binding, then it's legally binding for EVERY email on which it appears, in which case, it shouldn't be on the public mail forums. If they can make a case that the disclaimer doesn't apply there, then, well, why can't I make a case that it never applies?

Anyway, just a pet peeve. :)

Re:Confidentiality clauses (2)

SteveM (11242) | about 13 years ago | (#2179021)

Even if EVERYONE knows about it because ofa virus or a leak, anyone using it is doing so illegally and may be prosecuted for stealing trade secrets. If they delete it, no problem, if they keep it, big illegal problems.

That's fine for people who sign your contract. But what if the info is sent to someone who didn't sign your contract?

This appears to be the question being asked in this Ask /., getting info from "a lot of documents from total strangers I've never heard of before."

Steve M

Well, you said 'IANAL' (1)

Gridle (17502) | about 13 years ago | (#2179042)

According to the lawyer types I work with, it's more or less the same as if a fax went through to the wrong number. They are prohibited from disclosing the information if there is a legal blurb on the bottom of the page or wherever that says so.

Or alike how you are prohibited from doing anything with stuff that you receive - without solicitation - to your (physical) mailbox? Wait a minute, that's not the case. Cuecat anyone?

My strong opinion is that the monetary damage that comes from a virus leaking secret documents has to be collected from either the user who was dumb enough to open the virus - or if the spreading of the virus was possible because of a bug in the operating system or software, you have all the reason to get Microsoft to pay for the damages.

Re:Even if it _is_ illegal... (2)

turg (19864) | about 13 years ago | (#2179046)

(obvious, he wouldn't write "this is a virus")
Why not? You don't think people who open up these attachments actually read click-through licenses, do you? I think the author could describe the program's true function in detail without slowing its spread.

Ever try opening a sircam doc? (don't.) (2)

dewboy (22280) | about 13 years ago | (#2179051)

I'm the tech director at a small private school. Several of the faculty decided to open unexpected attachments (despite my advice to the contrary), finding that they "couldn't open the files properly." However, the virus still infected the host system and had to be cleaned. Basically, in my experience, the documents have been modified (they're .pif file extensions with the name of a local private document) and are not the actual document itself.

I havn't received one... (2)

cybrthng (22291) | about 13 years ago | (#2179052)

You guys must have some serious problems. I havn't received *ONE* nore *SEEN* one of these messages..

1 gigabytes of files? Sounds like you need some new friends if they don't know they're sending all that crap to you!

The only virus/virii i have seen is the snow white and the seven dwarves that hit all the oracle consultants on a weekly basis.. other then that, nothing.. nada..

destroying all copies is not free! (1)

Mdog (25508) | about 13 years ago | (#2179055)

What happens if they accidentally send you a 100 page document? Not only have they cost you a lot in printing, but now you're ``oblidged'' to take time out of your day and destroy it?

I don't see how you can incur responsibilities for someone else's mistake.
God I wish slashdot had spell check.

Depends how ethical you are. (1)

dkh2 (29130) | about 13 years ago | (#2179061)

A truely ethical person would contact the accidental sender with the information.

However, depending on the company, and the product in question, this may be your opportunity to really score some big chash in a couple of ways.

  1. Use the insider information to better your position on the stock market.
  2. Send the company a letter saying something like "it will cost you $75,000.00 plus taxes for me to keep my mouth shut."
If it's Microsoft, go for option 2, set an at job that posts the information anonymously to several forums at the same time you are in the meeting to sign the ream of legal documents they will want you to sign. Purge your system logs immediately upon your return.

Code commentary is like sex.
If it's good, it's VERY good.

No change (2)

ajakk (29927) | about 13 years ago | (#2179063)

IANAL, but the general rule is that precautions must be taken to perserve secrecy. There are two types of precautions: security and confidentiality. In one court case, the judge did not remove the trade secret status of documents even though the plant they were in had no guards, security systems, or locked storage. I would doubt that a judge would say that the lack of an effective virus scanner is lax security. The confidentiality precaution can be met if the document is marked confidential or secret.

In another case,however , a company sold an old computer with confidential data encrypted on it. They forgot to erase the harddrive. The person who bought the computer found out the password from a previous employee, and got to the information. The judge ruled that they forfeited protection by not erasing it.

Re:Excellent Question (2)

SpinyNorman (33776) | about 13 years ago | (#2179072)

I think that real-world analogies are a good way to determine the proper way to treat a cybercrime, but unfortunately some of the real world laws are rather loopy.

For example, if the neighbors kid trespasses onto your property and drowns in your pool, then YOU are to blame (in NY/CT).

Re:How to open safely? (5)

Snowfox (34467) | about 13 years ago | (#2179074)

I'm interested in seeing what all these idiots are sending me (call me nosy; I also look at car wrecks when I drive by). What's the safest way to open these attachments on a Windows 98 machine that is not running Outlook?

Save the file on your harddisk, then remove the first 137216 bytes. You need a hex editor to do that.

Only in the World of Windows would adding 137kilo-bloat to a word processor document be considered "stealthy."

i don't know legally... (1)

zook (34771) | about 13 years ago | (#2179075)

I have no idea what the legal answer is, but it seems to me that morally it comes down to whether you believe it's the fault of the person who sent it, or the person who wrote Sircam.

If you blame the Sircam author, then it seems akin to publishing documents that have been stolen from a company.

If you blame the sender, then it comes down to publishig documents that they've already released, albeit accidently.

Personally, my reaction would be different in each case.

A related question (1)

Hal-9001 (43188) | about 13 years ago | (#2179089)

Can Microsoft be accountable for damage done by the Sircam virus (e.g. libel, industrial espionage)? Might give them an incentive to patch those security holes rather than release them to the public...

Re:How to open safely? (1)

Hal-9001 (43188) | about 13 years ago | (#2179090)

Unplug the modem/NIC...

pif and com files (2)

wiredog (43288) | about 13 years ago | (#2179092)

IIRC, pif files are text, emacs should handle it. Com files are executables, you'll need a disassembler AND emacs to view them.

Exactly! How could they possibly prosecute? (2)

Myself (57572) | about 13 years ago | (#2179110)

I'd love to hear what the lawyers say to this one.

Click through licenses on virii/DDoS (2)

Myself (57572) | about 13 years ago | (#2179111)

This topic came up at our local 2600 meeting last month. How about a handy little program that says, buried in the EULA somewhere, that the user is solely responsible for traffic generated by his machine. Then the program turns out the be the zombie for a massive DDoS, and once everyone's installed it, it turns around and nukes someone.

Better yet, mail checks to universities that say "by depositing this check, you agree that it constitutes total payment for any information technology and computing resources that the issuer(s) may use, and you grant license to the issuer(s) to use said resources for whatever purpose they see fit". Cut a few thousand checks for $1 each, then go root whoever cashes them. AT&T, eat your heart out.

How about an mp3-spreading virus? (4)

Myself (57572) | about 13 years ago | (#2179113)

It searches your drive for files with "metallica" and "mp3" in the name, then emails them everywhere :)

Can you imagine a beow*LART* okay, I guess not.

Must take reasonable care... (2)

q2k (67077) | about 13 years ago | (#2179119)

I sign a lot of non-disclosure agreements and there is always a clause along the lines of "must take reasonable care to prevent accidental disclosure blah blah blah..." Appropriate virus protection seems like it would be covered under reasonable care so failure to block the virus could make you liable for releasing the information under an NDA, I think. If the document were clearly and obviously confidential I suspect the receiver could be liable for damages if they took some active part in disseminating the document. Just receiving it and deleting it should be safe.

However, IANAL.

Re:Hotmail deleted all my mail because of this vir (2)

jhoffoss (73895) | about 13 years ago | (#2179128)

Serves ya right for using hotmail for critical communications!

(Yes, I know the address next to my name is @hotmail.com, but I've never once received a message that wasn't SPAM or a one-time registration info message.)
---

Different than a fax? (1)

palme999 (82528) | about 13 years ago | (#2179137)

How is this different than a misdirected fax? Although potentially embarrassing for me a recipient of a misdialed fax is ethically oblicated to ingore/trash it.

AFAIK they aren't legally obligated to pretend they didn't see but certainly ethically.

Re:Ever try opening a sircam doc? (don't.) (2)

Moonshadow (84117) | about 13 years ago | (#2179138)

It's got the document embedded in it. If you remove the first ~137k you'll get the document. Somebody else posted the exact number of bytes. Or you can just open it in your favorite text editor and browse through it.

So far I've gotten portions of the Lord of the Rings, some kid's essay on trains, and several other things. Nothing really fun though.

Yet Another Outlook Virus (1)

orkysoft (93727) | about 13 years ago | (#2179152)

There have been dozens of Outlook viruses recently, and people still use Outlook and open the attachments.

One could reasonably say that people don't mind getting their computers infected by these viruses, and having their documents sent out, meaning they're not meant to be confidential.

That said, I did reply to those SirCam mails I got telling the sender to get rid of Outlook. I didn't pay much attention to the attachment, and deleted it shortly afterwards, to save space in my web mail box.

IANAL (5)

Zaphod B (94313) | about 13 years ago | (#2179153)

...but I *do* get to deal with this on a more-or-less daily basis these days.

According to the lawyer types I work with, it's more or less the same as if a fax went through to the wrong number. They are prohibited from disclosing the information if there is a legal blurb on the bottom of the page or wherever that says so.

I never thought I'd see the day when I'd welcome more legalese on documents... but any sensitive documents should really have that blurb, quoted (well, mostly) here:

The information contained in this document is proprietary and confidential and may not be transmitted to others in any form without the express written consent of $COMPANY. If you have received this document in error, please call $NAME at $PHONE and promptly destroy all copies.

In the case of financial documents, which is what I concern myself with, the use of them for gain is tantamount to insider trading and is a Bad Thing for He Who Gets Caught.


Zaphod B

Re:Check out the Trade Secret Basics FAQ (1)

jdcook (96434) | about 13 years ago | (#2179154)

The Nolo FAQ is pretty good. In most states, if a secret is accidently divulged to you and you know or have reason to know that the information is secret, you have an affirmative duty to not reveal that secret.

If anyone wants to ask, "How am I supposed to know that _________ is a secret? They can't prove that I knew that.", tell them they should try not to be a dumbass. If you get these messages and know you only got them because of a virus, you know there was no intention to send them to you. Don't publish them. Just let it go. Nobody cares.

Hotmail deleted all my mail because of this virus (5)

cworley (96911) | about 13 years ago | (#2179164)

I was out of town for a week... didn't check my hotmail account.

During that time, my hotmail Inbox filled up with these sorts of messages (large attachements with the text: "I send you this file in order to have your advice").

Once it reached the maximum size for hotmail diskspace, hotmail started automatically deleteing older messages: all the messages in all of my folders had been deleted by the time I checked my hotmail account.

All that was left was spam in my Inbox.

Thanks, Microsoft!

Excellent Question (2)

zpengo (99887) | about 13 years ago | (#2179167)

Some legal things to consider:
  • What happens if someone steals your car and causes a fatal accident with it?
  • What happens if a child finds the gun you left in your dresser and shoots himself?
  • What happens if someone breaks into your house, trips over something and breaks a leg?

Strangers (4)

zpengo (99887) | about 13 years ago | (#2179168)

total strangers I've never heard of before

Those are the worst kind of strangers!

Re:You are responsible for your actions, that's it (2)

mmmmbeer (107215) | about 13 years ago | (#2179175)

I disagree. After all, this is your mail. So it's not the same as getting someone else's mail in your mailbox. It's like getting someone else's mail in your envelope. (I do agree with the comment about insider info, though. IANAL, but I think it doesn't matter how you get the information.)

Why don't we explore this a bit. Let's say Mr. X is writing some letters, and he accidentally puts Mr. Y's letter in Mr. Z's envelope, and vice-versa. What are the legal implications of that? Are Mr. Y and Z free to use any information therein, even if it is clearly not meant for them?

Even if it _is_ illegal... (5)

mikeage (119105) | about 13 years ago | (#2179182)

...What if some clever virus/worm writer put a click through license. Would that be legal? If so, how much "honesty" (obvious, he wouldn't write "this is a virus") is required to ensure that a victim actually agrees?

On another note... are you saying I can't post those so-called confidential emails between Slashdot and goatse.cx paying for click-throughs?

--

Gee.. I feel unloved (uninfected) (1)

SirGeek (120712) | about 13 years ago | (#2179184)

In all this time, I've only gotten 2 emails from sircam.. Funky. I guess that most people I deal with have "some" intelligence...

I have just finished coding a new email virus... (1)

mr_gerbik (122036) | about 13 years ago | (#2179188)

...that attaches our favorite goatse.cx photograph to the email. The virus only sends itself to Chinese email addresses. The subject of the email is "Now thats what I call Code RED"

Trade Secrets (1)

Merk00 (123226) | about 13 years ago | (#2179189)

Given that the trade secret was gotten fradulently and that you knew that it was gotten fradulently, then spreading the trade secret would be a violation of federal law. So you would be responsible for it.

Re:An analogy... (2)

SuiteSisterMary (123932) | about 13 years ago | (#2179191)

No, actually, the better analogy would be somebody breaks into the jewlery store, steals the jewlery, boxes it up, puts in a note saying 'I send this jewelery for you to try out. Please to wear it and tell me what you think' and mails it from the store's address. Is it 'ethical' for you then wear it?

Re:Well.... (2)

SuiteSisterMary (123932) | about 13 years ago | (#2179192)

The fact that you're even asking this question tells me that you've never taken a course in ethics before.
Any society that needs to write down it's ethics laws, let alone teach them is already fucked beyond repair.

Re:Confidentiality clauses (5)

regen (124808) | about 13 years ago | (#2179195)

This means, that for anyone to be released from a confidentiality clause, then teh information has to be legally published.

Let us say that Alice and Bob enter into a contract, with a confidentiality clause. Bob's computer is infected with SirCam and it mails the contract to Carl. Carl then publishes the contract in a news paper. Alice may have grounds to sue Bob for breach of contract (Bob's copy was leaked) but doesn't have grounds to sue Carl for a breach since Carl was never a party to the contract.

Now for Bob or Alice to release any information may still be a breach, but Carl can do whatever he wants.

What does that say about your friends? (2)

Grab (126025) | about 13 years ago | (#2179198)

Taco's got 1.1 Gigs of attachments from his friends? I must be lucky then, all my friends are smart enough not to click on files attached to emails that look dodgy!

And this is rather blatant. I mean, do many ppl have friends who send an email saying 'I send you this file in order to have your advice'? Everyone I know passed 3rd-grade English...

Grab.

1.1 GB (1)

Kondoor (135852) | about 13 years ago | (#2179208)

For the love of pete, what kind of connection do you have? I've got to assume your on a corporate lan connection, hasnt your network\email admin came over and asked you what the heck was going on yet?

Re:1.1 GB (1)

Kondoor (135852) | about 13 years ago | (#2179209)

I'm not saying that 1.1 GB is that big, but I am making an assumption that 1.1 GB traveled thru there email gateway just from Sircam attachments and that all of it is external. Passing 1.1 GB of mail to 1 user all coming from an external source should put up a red flag.

How to open safely? (1)

jcoleman (139158) | about 13 years ago | (#2179213)

I'm interested in seeing what all these idiots are sending me (call me nosy; I also look at car wrecks when I drive by). What's the safest way to open these attachments on a Windows 98 machine that is not running Outlook?

Confidentiality clauses (3)

michaelsimms (141209) | about 13 years ago | (#2179215)

In contracts I am writing up at the moment, there are standard confidentiality clauses. This means, that for anyone to be released from a confidentiality clause, then teh information has to be legally published. Even if EVERYONE knows about it because ofa virus or a leak, anyone using it is doing so illegally and may be prosecuted for stealing trade secrets.
If they delete it, no problem, if they keep it, big illegal problems.
IANAL, but I hired one and thats what they said.

Re:How to open safely? (1)

sowalsky (142308) | about 13 years ago | (#2179216)

notepad

Re:Well (3)

www.sorehands.com (142825) | about 13 years ago | (#2179217)

It got to you, via a virus. That means that:
  • You did not do anything illegal to get it
  • They did not take sufficent precautions to prevent the leak.
I would guess you would be safe in releasing it. But, if it got to you, it probably got to many others so the leak would not be traceable.

See a lawyer.

An analogy... (2)

Lizard_King (149713) | about 13 years ago | (#2179225)

... to perhaps clarify your question.

Imagine a theif who robbed a jewelry store and while being pursued by the police, he/she places the stolen goods in your mailbox on the street. You find the jewelry in the morning. Questions: Is the jewelry now yours? What's the ethical thing to do in this situation?

The ethical thing to do would be to notify the authorities so they can return the jewelry to its rightful and legal owner. Who should be notified in this case? The sender? The sender's company?

Incase you didn't get the memo... (1)

cr@ckwhore (165454) | about 13 years ago | (#2179243)

Just incase you didn't get the memo, its not wise to store critical documents in your "my documents" folder. "My Documents" are everybody elses documents too.

Hypocratic Oath? (1)

g-14 (173080) | about 13 years ago | (#2179252)

I am not really sure how you can be at fault if the documents were sent to you without your request, and then you opened them and discovered that they were trade secrets/plans to take over the world/etc...

Being an information security analyst (one of the many hats that I wear), anything that demands that level of confidentiality is treated VERY differently than "My Letter to my mom.doc"
Documents of that nature have to be encrypted and stored on a SECURE network (aka sitting behind a firewall or localhost network ONLY).

These companies obviously did not take the time to protect their docs, so why should you suffer with information that resides on your computer. You signed no confidentiality agreement nor did you sign a contract.

Personally, if a file came to me and I discovered that I could make $$ by playing the stock market with the information, I would release the information at the same instant that I made the trade(s) - combats the insider trading charge and I get to walk away with lots of $$$$ =)

encryption (2)

hex1848 (182881) | about 13 years ago | (#2179261)

If a document is top secret, it shouldnt be stored on a networked computer. If it is stored on a networked computer, then it should be encrypted. problem solved. encrypting important documents should be as important as backing them up.

Doesn't Have Anything to Do With The Law... (1)

brulman (183184) | about 13 years ago | (#2179262)

When the post-man accidentaly delivers mail addressed to your neighbor, do you read it? Not if you have any class. You deliver it to your neighbor yourself. In the instance of email, one might respond to the originating address and inform them their information has ended up on your system, but I don't think this is necessary. Just delete it.

All your advice... (1)

SigmoidCurve (188795) | about 13 years ago | (#2179270)

Waitaminute...Does this mean that all those people weren't really asking for my advice? I've spent the last 3 days correcting grammer mistakes, making content suggestions and it's all a hoax?!?

I just thought maybe my editorial skills were so widely known.

LOL:)

czep

Re:Excellent Question (1)

egerlach (193811) | about 13 years ago | (#2179276)

True story:

I can't remember where this happened, but I remember reading the article in Business class when we were talking about Law. Anyways, someone was having a pool party at their house. Most of those attending were drunk. A good time was being had by all.

The next door neighbour had built a shed up against the fence which seperated the two properties, and he was using it to store tools, etc. (No, this was not Arthur "two-sheds" Jackson). Some of the drunk people decided they could make the 10-foot long jump from the top of the shed into the pool. Needless to say, the first one that tried didn't make it, and suffered irreperable damage (don't recall exactly what.)

Here's where the story gets good: The injured party sues, guess who: The Neighbour! And he won! Why? The court ruled that the Neighbour had been negligent when he had built the shed, not anticipating the case that people next door would get drunk and try to jump from it into their pool.

So those questions are more interesting than you think....

I feel so unloved! (1)

Mtgman (195502) | about 13 years ago | (#2179278)

I haven't gotten ANY documents as a result of the sircam worm. I did get a really cool email from a chic named "Wendi" though. Aparently she found my email address in her outbox on something she had sent me earlier(she lost my emails you see). She told me she got a webcam and took some pics of herself and posted them on her website. I just have to be sure not to tell Todd about these pics. It feels so naughty somehow :) Here is the email

Hello this is Wendi!
I Lost your e-mails boy i am glad i found the address in my outbox!!

i just went out and bought a webcam and snapped a few pics of me and posted them here http://wendi3487.devil.ru

be sure to check them out and let me know how you like them!
DO NOT TELL TODD!!!!

He would get really pissed at me for showing anyone these pics. He thinks I took them for him.. :)

http://wendi3487.devil.ru

love ya!
Wendi
xoxoxoxoxoxoxoxoxo


Now I'm searching my outbox looking for emails for her address, she sounds hot! This Todd fellow kind of scares me though, if he's like the other guys I know from .ru he could probably kick my pasty white arse.

Steven

Re:I got someone's stock option contract... (2)

11223 (201561) | about 13 years ago | (#2179280)

Look, pal, you better believe yourself into getting a lawyer, because you could get into some serious legal trouble doing that. Whether or not you believe there's any legal trouble doesn't mean you won't end up in jail, kid.

Re:Ever try opening a sircam doc? (don't.) (1)

sh00z (206503) | about 13 years ago | (#2179283)

(they're .pif file extensions with the name of a local private document) and are not the actual document itself.
Not necessarily. I was ignoring all of the SirCam documents I got until one floated in with the title "credit application.doc.pif" on it. I planned to let the sender know, but the e-mail account had been terminated (maybe because of the virus?) Then, being a good citizen, and completely fearless because I'm running a Mac, I opened it to see if there was a name/phone. Turns out it was a blank credit application, but a perfectly readable document otherwise.

I really do feel sorry for the Victims of Microsoft. I hope that this and Code Red will wake a few people up.

There's no more privacy on windows (2)

smnolde (209197) | about 13 years ago | (#2179288)

With this SirCam virus, there can no longer be privacy on windows machines.

I explained this to a church leader who had his computer flailed with this virus. There is no user security on Win98. It gets better on WinNT and Win2k, but there is nothing preventing this virus from sending out anything on your computer. This time it was only a few DOC files.

The church leader is on a minister search committee and had MANY private docs on his computer. Every notion of security and privacy just went out the window as soon as SirCam hit.

The worst part about it he did have a personal firewall, but his young child's friend/cousin/other allowed SirCam access to the internet.

Re:Confidentiality clauses (1)

Planesdragon (210349) | about 13 years ago | (#2179290)

Any special terms in your contract don't apply to those who aren't parties to that contract. (i.e., saying "you can't say "MS Sucks" in a contract doesn't make it so for everyone else)

Your lawyer might know of other laws that apply (say, copyright and patent laws), but the contract certainly won't stop them.

(Which is beside the matter... the hypotehtical SirCam victim didn't steal the document, he was sent it by your company's hardware.)

IANALBIPOOTI (I am not a lawyer but i play one on the internet)

never take legal advice from strangers on the internet. I am a stranger.

Am i the only one (2)

evanbd (210358) | about 13 years ago | (#2179291)

who hasn't gotten a single one of these? Not one. I have yet to get infected by one of these worms, but still -- I got copies of the others. I feel all lonesome.

Re:Confidentiality clauses (1)

nihilvt (212452) | about 13 years ago | (#2179292)

In contracts I am writing up at the moment, there are standard confidentiality clauses. This means, that for anyone to be released from a confidentiality clause, then teh information has to be legally published.

Doesn't one have to sign into a legally binding contract? A contract doesn't automatically include everyone in the world simply because the contract claims to. I don't see how an inadvertant discoverer of a non-patented/non-copyrighted document gets automagically included in the confidentiality clause.

p2p (1)

Bender Unit 22 (216955) | about 13 years ago | (#2179302)

I have also got a lot of sircam mails. Most of them seems to be MP3 files. It could be the next p2p network :-)
And don't worry, my pine does not seem to spread it. :-)
--------
For sale: Rhesus-Monkey-Torture-Kit 40$

So what have you guys gotten? (1)

update() (217397) | about 13 years ago | (#2179304)

In today's tidBits, there's an article [tidbits.com] about SirCam, with some Mac user gloating but also an interesting list of what the author has received. (The article, by the way, is by a Jamie McCarthy - is that our beloved Slashdot editor of whiny articles about censorship and porn-deprived children?)

So what's the most interesting thing you guys have seen? I've gotten a time card template, a cover letter for a job application at IBM and a lot of gibberish. Please don't post anyone's dirty laundry! Just wondering what the worst has been.

By the way, what's the best way for a MacOS/Linux user to view those .pif and .com files? I've never seen those formats before.

Unsettling MOTD at my ISP.

Re:I havn't received one... (1)

update() (217397) | about 13 years ago | (#2179305)

You guys must have some serious problems. I havn't received *ONE* nore *SEEN* one of these messages..gigabytes of files? Sounds like you need some new friends if they don't know they're sending all that crap to you!

SirCam sends mail to any addresses in your IE cache. When your address is all over a site as heavily read as Slashdot, you'll get quite a few of them. You didn't think that the readership here is really composed of Linux wizards, did you...?

Unsettling MOTD at my ISP.

Nolo Definitions (2)

drDugan (219551) | about 13 years ago | (#2179308)

Nolo Law [nolo.com] has a Trade Secret Basics FAQ where I was able to learn a lot. Specifically, they state that the definition has a carve-out for "improper acquisition and theft." -- Meaning I DO think that you would be legally bound to maintain that as a trade secret, just as if you has stolen the documents yourself.

I got someone's stock option contract... (2)

KarmaBlackballed (222917) | about 13 years ago | (#2179309)

And I deleted it. However, if it had contained some neat company secrets I would not have felt any remorse in sharing it nor do I believe there is any legal obligation for anyone to refrain from doing so.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ the real world is much simpler ~~

Just a polite request (2)

KarmaBlackballed (222917) | about 13 years ago | (#2179310)

If you have received this document in error, please call $NAME at $PHONE and promptly destroy all copies.

That is just a request. It is not the law and is not enforceable through the courts. Be careful what you fax and where you fax it. Same with email, virus facilitated or not.

There is a reason employers, real estate agents, car salesmen, etc, ask you to sign, sign, initial and sign again. If it was as simple as writing a blurb, then all anyone would have to do is "show you" the contract.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ the real world is much simpler ~~

Re:How to open safely? (2)

KarmaBlackballed (222917) | about 13 years ago | (#2179311)

Unplug the modem/NIC...

No. That is not enough ... your machine will still get infected.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ the real world is much simpler ~~

Re:Confidentiality clauses (5)

KarmaBlackballed (222917) | about 13 years ago | (#2179316)

The lawyers out there will know the Latin word (and there is one) but there has to be something received by both parties entering into a contract for that contract to be enforceable in the USA.

You cannot forward a document to a stranger and then legally bind that stranger to behave according to the content of that document. Not in the USA.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ the real world is much simpler ~~

Re:Excellent Question (2)

Kierthos (225954) | about 13 years ago | (#2179319)

Some legal things to consider:

What happens if someone steals your car and causes a fatal accident with it?


They are charged with theft and aggravated assault. Unless you gave them the gun, you are not technically liable. Let's face it, your hypothetical person committed a felony by stealing the gun. How is this your fault? (Well, unless you live in a country with fierce gun laws.)

What happens if a child finds the gun you left in your dresser and shoots himself?

You are liable, as case law has shown. The proper place for a gun in any household that has children is not in the house. Failing that, use a gun safe.

What happens if someone breaks into your house, trips over something and breaks a leg?

They committed a crime by breaking in, and therefore should not benefit in any suit brought by actions during the commission of a crime. Well, generally speaking, but I think some idiot judge in Minnesota (or Michigan, can't recall which) gave the judgement to the crook when he got shot while breaking into a house.

However, with this virus, you didn't break into anyone else's computer and take their docs. Depending on the jurisdiction, you may be legally bound to report what happened to the owner of the document, you may not. But in most places, you are not allowed to diseminate the document in any way, shape, or form. And blackmail is a no-no in most countries too.

As always, IANAL.
Kierthos

Public Domain (1)

MystHat (231954) | about 13 years ago | (#2179326)

Frankly, I don't see the difference between leaving an unencrypted document on a computer, and leaving an unshredded document in a trash can, or sending an unencoded message over radio. It up to the author and the intended recipient to keep things secure if they don't want their secrets to get out. If you get something very interesting, I say send it to every newspaper you can find.

alone? (2)

astr0boy (265689) | about 13 years ago | (#2179354)

i must be the only person in the world who has never gotten spam or a virus before... strange...

-----

Re:Well.... (1)

dachshund (300733) | about 13 years ago | (#2179359)

The fact that you're even asking this question tells me that you've never taken a course in ethics before...

The fact that it required a course for you to understand basic ethics tells me that... oh hell, I don't know.

So... (5)

cavemanf16 (303184) | about 13 years ago | (#2179360)

What you're saying is...

I send this Ask Slashdot to you to get your advice.

Re:Can anybody translate this for me? (1)

lukehan (314567) | about 13 years ago | (#2179372)

Have you tried this? Babel Fish [altavista.com]

The same as a letter you found on the street! (1)

Tricolor Paulista (323547) | about 13 years ago | (#2179378)

Consider this: because somebody in anger throws an envelope, even an unglued, unstamped one, thru a window and it falls at your feet, do you have a right to open and read it? Of course not!!

The problem here, I'm afraid, has nothing to do with technology, computers or viruses, but with ethics!

Well.... (1)

FreakOfTheWeek (415378) | about 13 years ago | (#2179388)

The fact that you're even asking this question tells me that you've never taken a course in ethics before...

Rather than random attachments to random addresses (1)

NutscrapeSucks (446616) | about 13 years ago | (#2179390)

Hopefully this outbreak will bring to light the enormous possibilities of industrial espionage that e-mailed executables have. While for the most part this stuff has been for the annoyance factor only, it would be easy to imagine a modified version that attacked a particular company or companies, searching for key words in documents and mailing them back to a specific address or posting them to usenet or whatever.

IT's response has been pretty much limited to updating virus definitions. That's not good enough if somebody is out specifically for your company in particular. Time to either get smarter users (yeah, right!) or block all executables at the mail server.

Re:Depends how ethical you are. (1)

Registered Coward v2 (447531) | about 13 years ago | (#2179392)

option 1 puts you afoul of securities laws. Just because you are not a company "insider" doesn't mena you can't be guilty of trading on inside information.

Re:How to open safely? (5)

tlk nnr (449342) | about 13 years ago | (#2179393)

I'm interested in seeing what all these idiots are sending me (call me nosy; I also look at car wrecks when I drive by). What's the safest way to open these attachments on a Windows 98 machine that is not running Outlook?

Save the file on your harddisk, then remove the first 137216 bytes. You need a hex editor to do that.

Or with Cygwin it's

$dd if=virus.doc.pif of=clean.doc bs=1 skip=137216

Rename it to the actual file type and open it.
Do not double click it, instead open it from the correct app (just in case you didn't remove the virus properly - Word doesn't open windows executables)

How do you prove it? (1)

siegesama (450116) | about 13 years ago | (#2179394)

Can you prove that the documents were sent to you due to viral activity?

What if I want to send internal documents to a competitor, or some other outside source. Could I claim immunity if I could "fake" the virus? Or rather, could I get the virus then purposely send an outsider a document and claim it was due to the virus? Or better yet, ensure that you get the virus, and that the only thing it can find to send is a series of very specific documents you WANT leaked?

Of course, you'd also have to fit all the criteria. You'd have to have outlook, and ms office, and people in your outlook address book. Those using lotus notes (and I pity them because I am one) and smart-suite (or evolution and abiword, etc) are immune and hence could not fake it. The document(s) sent would also have to be infected.

I don't (but then, I'm clueless) think that anyone on the receiving end could be held responsible should anything be sent to them, but the sender might be in trouble.

IANAL, but (1)

4thAce (456825) | about 13 years ago | (#2179403)

In the example you mention, I don't think that you would run afoul of criminal laws, but I wouldn't think you'd stand much of a chance avoiding a civil case from their suits.

Which is the closest analogy to this sort of thing?

  1. You are renovating your house and discover a wall containing some old letters containing incriminating evidence regarding an Uncle Scrooge, and send them to a historian.
  2. You are out on a windy day in Atlanta and the wind drops a piece of paper at your feet. When you realize that it is the formula for the secret ingredient for Coca-Cola, and you proceed to post it to Usenet.
  3. You are on IRC and someone just happens to mention the Sultan of Brunei's credit card number without your asking. You're off to Amazon.com to order a few items off of your wishlist.
  4. You go to the Olympics not to watch the games but to collect mosquitoes, which you process in your personal human cloning lab in order to produce a master race.

Re:Huh? (1)

allism (457899) | about 13 years ago | (#2179405)

Me neither...I feel left out...Or does this just mean my friends are smarter than your friends?

Sound like PokeMON! (1)

MrSquish (459359) | about 13 years ago | (#2179406)

trade? like that Pokeman thing? hehe

Re: A Better Question is... (1)

dohcvtec (461026) | about 13 years ago | (#2179407)

... for the love of Pete what kind of friends do you have? You must know a _lot_ of people that fell for the old 'open the attachment' trick.

How Unfortunate (1)

pmz (462998) | about 13 years ago | (#2179410)

If trade secrets leak out of a company, because the employees put critical secrets on networked computers running Outlook, then that's just too bad. If companies haven't learned by now the dangers of casual networking, then they deserve what they get.

Even worse than these viruses are advertising spy programs that setup shop as a background process on PCs. These scare me more because they are installed discretely with otherwise well-known software and track your activities. No networked computer is safe. No matter how much you try to secure it, it still is not safe. There are people, if only the network admins, who can easily know everything you do without you knowing that they know.

Important trade secrets should be stored on totally isolated networks that have no route to the Internet. The computers should be stored behind securely locked doors. The set of people who know of this inner network should be controlled at all times. This is the only way to truly secure a computer. Anything less is foolish.

Re:How about an mp3-spreading virus? (1)

hivolt (468311) | about 13 years ago | (#2179415)

Ah, but then running said virus (even unintentionally) would be copyright infringement.

Re:Well.... (1)

shimmin (469139) | about 13 years ago | (#2179417)

Taking a course in ethics only requires you to know about them (and not even that if you don't care to get particularly good marks.) It does not require you to actually believe them, much less act according to them.

Trade Secrets (1)

javahacker (469605) | about 13 years ago | (#2179418)

Trade secrets enjoy no legal protection. To get legal protection you register it (patent) with the government. Since you didn't break into their equipment to get it, there should be no way to prosecute you if you distributed it.

You might want to consider if it would be financially better for you to sell your silence to the company involved. If it really is essential information to keep secret, it could be worth it for them to pay you off.

On the other hand, they could accuse you of stealing it, get all of your computers confiscated, and let you suffer through the legal system proving your innocence, while they come up with a way to control the damage.

Do you feel lucky?

Just this once, shoot the messenger (1)

Nihilanth (470467) | about 13 years ago | (#2179420)

I don't know what the "legal" ramifications of leaking a document like this through a virus would be, but i would certainly expect the company to hold the individual responsible for abusing company property in this way. The person who downloaded the file and clicked on it could conceivably be fully accountable to the company for the damages they've incurred, and rightfully so, i beleive. I would imagine the company would sue the employee foolish enough to leak the document in this way. It would be easy enough to do, you could track where the file came from, who's machine it was sent by, when it was sent, etc.

What -I- would be interested to know (since it relates directly to my current employment) is how the government would treat the leaking of defense information overseas as a result of this virus. Would the person who infected the machine be arrested for treason/espionage? Interesting question...

As for who is "logically" or "ethically" responsible for the damages, I firmly beleive the person who downloaded the file and allowed it to execute is the one at fault. Viruses like this specific one depend on ignorance to propagate, and theres really no excuse for ignorance.

Re:Gee.. I feel unloved (uninfected) (1)

Nihilanth (470467) | about 13 years ago | (#2179421)

I've only gotten one email..but frighteningly enough it was from a WEBSITE that I ordered COMPUTER PARTS from with my CREDIT CARD NUMBER. I wish I had looked more carefully at which company it was before i deleted it, so i could avoid them in the future.

You are responsible for your actions, that's it (1)

paranoidia (472028) | about 13 years ago | (#2179429)

Legally, (IANAL) I would think it would be the same as if you got some mail in your mailbox that wasn't yours. You are not at fault for having the information, but you are then responsible for your actions with that info. If you got some insider info on a company, and made millions off that stock, you would be liable for insider info fraud. So you could read away, but just don't do anything with it that you might regret.

Re:You are responsible for your actions, that's it (1)

paranoidia (472028) | about 13 years ago | (#2179430)

no, I disagree. The content in the e-mail does not belong to you, even though the e-mail does. Technically you have it, but that does not mean it belongs to you. Think of it this way...Lets say in some business there is an automated system of sending out info. If there's a bug in the system, and someone else get's some info, it's not theirs, it just ended up in their box. Same thing here, something took info and sent it to a random person. That document is someone elses in your box.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>