According to a post from Out-Law.com The US court rules an employee has no privacy on company computers.
Basically the man was convicted of stealing $650,000 from his employer while working as a book keeper. The story notes his desktop and laptop were searched without warrants, and there was confusion that the laptop was his personal property and that he abandoned the laptop. The court relied on a previous case whose ruling said that someone who abandons property no longer has an expectation of privacy in relation to it.
But what about the personal property? The man claimed that he paid for the laptop himself but is some one that has stolen money from a company (especially $650,000) really entitled to say that they paid $500 for a laptop from that very company? To add more confusion it turns out that the laptop was paid for once on a company card also. This is some shady accounting going on, and the man probably was guilty. As for privacy at work, he wasn’t really at work when the searches were done. Do you have a right to privacy after you leave? What if you format your hard drive.. you could serve some time for a sabotage. This is exactly why companies should have clear privacy policies and computer usage policies governing the use of computers, data and communications. If the company needs information off of their own property, they should be entitled to that information, but what came first the chicken or the egg?
I’ve been subscribed to the IDG Connect mailing list for a while now, while I don’t read all of the content they sent me this one caught my attention. I’m not going to be viewing this web cast since I have prior arrangements, but any one else is welcome to sign up for it. If your looking for a web application security primer this might be a good one. I’ll check it out once its finished if they put it online. It starts at 1PM EDT so, you’ve got about an hour and 10 minutes.
In the movies, getting past high-tech security is no joke. Like that scene in Minority Report when Tom Cruise has trouble hanging onto the squishy eyeball he needs to trick the retinal scanner. Or in Resident Evil, when the infiltration team meets up with those unfriendly lasers… Thankfully, in the real world, we’re not there yet. So it’s probably best to keep your eyes looking inwards, on the network. Learn the vulnerabilities of Web applications and how they put your organization at risk.
For a detailed overview of how you can test for vulnerabilities and the tools you need, register for the complimentary online presentation “Learn how to protect your corporate web application now! Web Application Security: Causes, Discovery and Remediation.”
This presentation, courtesy of eEye Digital Security and IDG Connect, will take place tomorrow, Tuesday, September 16, 2008 at 10:00 AM PDT/ 1:00 PM EDT. Register now, join your colleagues and have your questions answered live by expert presenters, all from the comfort of your PC.
We think you’ll find it both interesting and beneficial.
Proof of concept code has been released for the phpMyAdmin vulnerability and all versions prior to 2.11.9.1 need to be updated. The RC release of 3.0.0 is reportedly vulnerable also. RC2 was released this morning, I can not tell from the “Notes” section if RC2 fixes this problem. http://www.phpmyadmin.net/home_page/downloads.php?relnotes=0
Not 24 hours after I posted about media player vulnerabilities this one was released. This vulnerability was reported by the vendor (Microsoft) and has luckily updates are already available. Hopefully nobody figures this out before the majority of people have updated.
http://www.securityfocus.com/bid/30550/info
Microsoft Windows Media Player is prone to a remote code-execution vulnerability.
An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.