[lug] CYA

Nate Duehr nate at natetech.com
Wed Oct 2 23:38:49 MDT 2002


I can't go into a lot of detail, but I was involved with cleaning up a
situation similar to what you describe.  The company had an airtight
contract with the employee that any work done for them was their property.
Even if done outside of business hours.  Check your contract to see if
you're in this category.

The employee left under "bad terms" and decided (similar to your situation)
that the company didn't deserve to have his/her code that they "didn't pay
for".

This person broke into a number of machines via backdoors, trashed them, and
thought they left no signs of who they were or why they did it.

A professional analysis of the systems in question found plenty of evidence
(some circumstantial, other very direct evidence) that the person in
question was indeed the culprit, and the restore from backups and securing
the machines so the person couldn't return only took about a 1/2 hour...
even though the backups were not so good.

A quick education of my client on how to keep their systems patched (which
didn't really sink in all that well, but well enough), backed up properly,
and to turn off unnecessary services and put systems behind the firewall
where they belonged, and then the client had some breathing room.

My last meeting with them was to discuss the situation with their attorney
who was preparing a case against the former employees with the help of law
enforcement.  There was enough evidence they weren't even interested in
anything other than a possible affidavit signed by me about what I did and
what I saw... they didn't even need my testimony.  It appeared that due to
the circumstantial nature of some of the evidence they probably would not
have been able to continue the effort to prosecute on their own, but the law
enforcement folks were highly interested and the person was definitely in a
lot of trouble if they could put together a better case.

Courts and law enforcement post 9/11 are not very nice to what they might
deem as, "network terrorists".  Be very cautious and professional in your
dealings with the company, review your contract carefully and tactfully
negotiate a fair agreement about the software in question before things get
really ugly.  Professionally.  Or with the assistance of an attorney.

Unfortunately the way companies treat people in this situation teaches us
all to NOT offer off-time and other services without a direct understanding
IN WRITING about such services... but such is the world these days... they
have no obligation to you other than what's on that piece of paper, and
unfortunately unless you have an excellent relationship with them, you have
to limit your activity/help/work for them to only what you're willing to
give away, especially after-hours.  Sad, isn't it?  Yes, companies and
managers WILL take advantage of your helpful nature.  Been going on for
centuries.

Now if they were dumb enough NOT to have you sign a contract that says they
own your work, you could demand that your software you provided and weren't
paid for be removed.  However if you remove it without legal backing, a
court could find that you were negligent or even that you were grossly
negligent (different terms under the law, and more damages for the latter)
in removing the firewall script and you'd be in legal hot water.

Tread lightly.  But even so, go get 'em.  Free work isn't fun at all.  If
you can't figure out a way to repair the situation this time, chalk it up to
experience, and move on... you'll know better next time.

--
Nate, nate at natetech.com


> -----Original Message-----
> From: lug-admin at lug.boulder.co.us [mailto:lug-admin at lug.boulder.co.us]On
> Behalf Of j davis
> Sent: Tuesday, October 01, 2002 1:17 PM
> To: lug at lug.boulder.co.us
> Subject: Re: [lug] CYA
>
>
> we have no contract. This was something i did at night on my own time.
> I took one of my personal firewall scips and modified for work,
> on my own time at my house. I have never been paid for this scrip
> and do not want this company using any of my work that i did for free.
>
> If there are any shisty companys out ther reading this post....you
> will do best not to hire me. ALSO...my life is not about a job..
> i thank you for your concern though. Using Linux is about using
> Linux for fun.I refuse to let corprate assholes be a killjoy.
> .....
> I guess im being childish. I just hate it when my good nature
> has me be taken advantge of....thats all.
>
> jd
>
>
> >From: rm at fabula.de
> >Reply-To: lug at lug.boulder.co.us
> >To: lug at lug.boulder.co.us
> >Subject: Re: [lug] CYA
> >Date: Tue, 1 Oct 2002 21:13:16 +0200
> >
> >On Tue, Oct 01, 2002 at 06:43:32PM +0000, j davis wrote:
> > >
> > > Hello,
> > >  I admin a firewall for a company....things are not going so well
> > > between them and me. I dont want them to be able to lock me out
> >
> >As a matter of fact, since they own the box, they have all rights to
> >do so, and even attempting to circumivent this might get you into serious
> >trouble (esp. after anouncing it in the bulic -- jd, this post will
> >stay arround for probably the rest of you career in archives like
> >Google! Do you really think _anybody_ hires an admin that's
> openly thinking
> >about locking his customer out of their hardware?).
> >
> > > one
> > > day and keep using my personal code for ther use.
> >
> >Are you shure it's _your_ code? Unless you have an absolutly watertight
> >contract that states that all code and configuration data produced during
> >the work involved belongs to you, you better don't touch that
> stuff. Other-
> >wise you destroy _their_ property (and they can and probably
> will sue you).
> >
> > > So, they are not that
> > > linux savy. If i remove my iptable scrip i could cripple the whole
> > > network...but this requires root...wich i have for now. Could i remove
> > > the exe "passwd" without breaking anything...to keep asshole from
> >changing
> > > root. I dont really want to trojan the box....i just dont want the
> >company
> > > using
> > > my firwall scrips and personall admin scrips after i am gone.
> >
> >That's something you should have thought of before starting to
> work -- not
> >now. And, just as a good advice: you better do super good work for them
> >from now on, otherwise, in case of a legal fight, they might
> accuse you of
> >intentional bad work and use your posting here as evidence.
> >
> >   Ralf Mattes
> >_______________________________________________
> >Web Page:  http://lug.boulder.co.us
> >Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> >Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
>
>
> thanks,
> jd
>
> jd at taproot.bz           |  "MORE INPUT!"  |
> http://www.taproot.bz   |    Johnny 5     |
>
> _________________________________________________________________
> Send and receive Hotmail on your mobile device: http://mobile.msn.com
>
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
>





More information about the LUG mailing list