- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
Except that since he was working as an agent of Innotrode, and it was Innotrode's site and data, and Innotrode certainly has the right to test their software, he had every right to test the software currently installed in order to be able to improve it.
Rich should not have been fired. Doing so was an act of political expediency. I have seen this kind of cowardice in the real world; I've had to leave an organization because one of the organization's directors is an abusive SOB who can't get along with anyone. But they won't get rid of him because they're afraid he'll sue them. So good people leave and bad people stay.
Admin
No -- you have to hack the Gibson.
Ob Captcha: feugiat -- feugiat about it!
Admin
Rest assured this came with some sort of agreement which eliminated the risk of them getting sued. No idea if you can put someone's termination as a condition of a legal agreement, in the US, but I bet there's ways around it if necessary.
Admin
We, skeptical public, know it usually comes down to: 'follow the money' or the 'perceived loss of it'. Rich is nothing more than a sacrificial lamb being slaughtered at the altar, spilling the blood of the innocent just to please the gods.
As it turns out, the company took the least expensive route, one that is most often adhered to in business practice, and thus the one that illustrates the lack of strategic business thinking.
The mere thought of an expensive legal battle was enough to slaughter the lamb, and pray that the gods are not furious enough to plant the seeds of a calamity on the populous. How many lambs will be slaughtered? There you have it, the silence of the lambs...
Admin
You're getting the parties backwards in your analogy. It's like breaking into the company that provides your security system, finding their proprietary design drawings, noticing an error, proving the error by exploiting it to break into another part of their facility, telling them all of this, and then getting surprised when that comes back to bite you. Yes, they suck. Yes, they're jerks. No, it's not right to break into their building to prove it.
For those who think Rich can sue for wrongful termination: yes, but he's not likely to prevail. Most states are "at will", meaning you can be terminated at any time for any reason. Two week notice is generally a courtesy, not a requirement. You can still sue in those states, but you have a very high burden of proof. "Did something possibly illegal and definitely unwanted to our website vendor which provoked a lawsuit against us" is not going to persuade a lot of judges that you were fired unjustly.
I tend to agree that he should not have been fired, but his employer was within their rights, and given that they had been threatened with a lawsuit, this may have seemed the least costly solution, and from a business perspective, might be unavoidable.
The business I work in is very unforgiving of acts like this; if I did something like this to one of our vendors, I could be facing federal charges of corporate espionage (more serious than simply unauthorized access), and my employer would be facing severe penalties as well. The fact that this resulted in someone losing a contract means it's very serious indeed. Maybe they deserved to lose the contract, but their fault was discovered through extra-legal means. The stakes can get very high for these things; this was small potatoes, but there have been defense contracting scandals in the past decade that were worth billions, and they were over nothing more than someone from one company looking at proprietary information from another without permission.
Tread very lightly. Is your company getting screwed? Maybe, but is it worth your job and possible criminal penalties to find out?
Admin
No, it was not Initrode's site. It was their data, but not their servers. When you rent a car, it does not become your property, and you will get in trouble if you deface it.
Admin
If only Rich had worked for Microsoft so he could have instead been deleted like the peons in the AOE games.
Admin
And to keep Askimet happy: Captcha: validus: Dis is da mos validus thin I could think of ta say.
Admin
See, the problem in this case is that Rich's company is based out of South Korea, and the web hosting site is a U.S. based company.
Admin
Yes, if Rich had not told anyone he would have been fired.
Meanwhile Tom would have gotten a big bonus.
That's how it works.
Admin
They could have easily countered with allegations that the hosting company was hostile and acting in bad faith. Showing a lack of technical knowledge, pattern hostile behavior, and outright lying to your customers about another service provider supplying a competing service is damaging to their business and to their brand image. They are essentially creating a service bottleneck and misrepresenting it as a fault of a competitor.
Slander? Libel? A business acting in plain old bad faith can be turned into a hell of a lot in court--good faith goes a LONG way. In criminal cases, good faith can show no criminal intent and honest intent to reconcile differences between ability and responsibility; in civil cases, good faith versus bad faith is the whole basis of the damn case.
This would definitely fall into a civil suit, regardless of any criminal offenses: one company damaged the profitability and reputation of another. A civil suit would reward punitive damages based on faith: bad faith will get you one hell of a windfall, and these guys are the sort of assholes you could only dream of having harm your business. Show that a competitor providing a distinct service used their business dealings with a mutual client to intentionally harass and harm the profitability of your business and the feasibility of dealings with the client and ... well, you will be awarded quite the cash moneys.
Admin
Admin
Admin
Rich should have loaded up the vulnerable site with child porn via ToR, and dropped an anonymous tip to the FBI including sample URLs.
Admin
That would be quite interesting. I can no longer trust these histories since "A process that never failed". How can I tell this isn't completely fictionalized?
Admin
Silly HR recruiter wants someone with many years of experience in Australian beer. Yeah, I can actually see that happening.
Admin
It has its uses. Needed a quick tool to bugger a file about in a particular way a while back. Needed it quickly. Heard that Perl was good for that. Downloaded it, installed it on my machine, then googled around and found some instructions on how to use it. By the end of the day I had my tool for buggering about with the file. As a language I don't like it much, it looks too messy and it's too easy to write difficult-to-read and badly-structured code. But, and get this, the fucker works.
Admin
Admin
You have to be careful with that sort of thing - it's often easier than you think to trace the exact path taken for a given file to travel from A to B, and once they find your metaphorical fingerprints on it, you've fucked, me old mate.
Admin
Admin
Riches employer should have contacted a federal criminal defense lawyer that specializes in internet law to see if it was illegal, because from my personal experience it's not. Then after they got someone back saying it's not illegal contact their companies lawyer(s) and sued the shit out of them for purposely trying to sabotage their business. The hosting company was simply upset, because they lost the "programming" side of the contract and wanted the new company to look like they didn't know what they're doing by making things up.
I worked as a jack-of-all trades (mostly sys admin / net admin stuff though) at a small wireless ISP (only about 10k customers). We would occasionally do website development, but we did a lot of website and email hosting for businesses in the area. There would be times where people would transfer from us and I'd try to be as helpfully as I could during the transfer if I was in control of it. Then there were times where I'd be handling the transfer in and depending on where they were coming I knew if it was going to be smooth or not. Some people are real dicks about loosing business. People like the hosting company in the article deserve to lose all of their clients.
/rant
captcha: valetudo (how appropriate for a rant!)
Admin
Shut up. Shut up. Shut the fuck up. Shut up
Admin
Admin
ORLY???
Admin
If we're being peevish that is.
Admin
What's with the HTML entities in the source code, and no "
" on their own line? I can hardly read the article!
Admin
Imagine how fun it would be to explain it to the FBI.
Admin
Poor -- honest! -- Rich. He should have read The 48 Laws of Power. He did everything that was just and moral. He gave his former employer a new contract and when he was no longer useful, they simply tossed him to the curb (he's not the only web developer on this planet!) Making others dependent on you is so much better :)
Admin
He should have mentioned it. He just shouldn't have exploited it first.
Of course, if he told the hosting company, they could deny it, and he might not ever be able to prove to Initrode that it existed without exploiting it.
Admin
But what is it when you cast it before swine?
Admin
Admin
People in Rich's position must decide if each battle is worth fighting. Corporations and employers know this, and therefore play the odds.
-Harrow.
Admin
IANAL, but I would think the hosting company would have a tough case. Rich was authorized to use the system. He had a contract to write code to be deployed on the system. This implies a right, indeed a responsibility, to test that code. In the course of testing, he found a security flaw, which he promptly reported.
Imagine a non-IT analogy: You hire a plumber to perform upgrades on your house. He makes several visits, and each time you let him in so he can do his work. One day he arrives to find the door ajar. He opens the door, sticks his head in, and calls, "Hello, anybody home?" When there is no reply, he steps in and looks around to see if perhaps you are injured and unable to speak. When he finds no one, he leaves and calls your cell phone to explain what happenned.
Could he be charged with breaking and entering or burglary? I doubt it, and if he was, I doubt he'd be convicted.
Sure, laws can be pretty stupid, and legislators, lawyers, and judges can get very confused by new technology. But Rich's position seems pretty safe to me.
Admin
initrode is a reference from the classic mike judge movie "office space"... not a real company!
Admin
True, but he did not vandalize the site -- at least not as the story is told here. The analagy would be that you rent a car, do all the paperwork, pay, and while you are waiting for the rental agency to bring you the keys, you happen to try to open the door and discover that it wasn't locked. So you open the door and toss your luggage in the back seat. Then the clerk comes out and sees that you entered the car before he gave you the keys, and he calls his boss and they say they're going to sue you for breaking into the car.
Admin
Admin
I've been in this exact situation a few times. The trick is to make sure the client understands the problem without actually exploiting it yourself or at least don't cop to it. Describe to the client how to reproduce the exploit, even give them the perl script, and let their engineers try it out. Unfortunately what he did can be a criminal offense, at least in some pays of the world.
Admin
Admin
Yep, Texas is a small town in south west Queensland.
Admin
Admin
Having the paragraph opening and closing tags on separate lines would be wrong, since the carriage return should be interpreted as whitespace within the text node.
Admin
Nice Javascript extra - I triggered it undeliberately :-)
Admin
The other acronym is my favorite, Pathologically Eclectic Rubbish Lister.
Admin
In the country I live in those kinds of limitations would be illegal and thus null and void if Rich was fired by the company. Also, even if he parted with the company by his own free will, any limitations as to his new employer would be illegal unless he is compensated for that (for a one-year limitation he'd have to be paid a one year wage when quitting).
In the less developed parts of the world things might be different, though.
CAPTCHA: bene. Where have you bene lately?
Admin
Admin
No good deed goes unpunished.
Admin
That's because the name has been changed to protect the innocent.
Admin
Wrong answer. The correct answer would be "Pathologically Eclectic Rubbish Lister".
Admin
Sooooooo true!
Admin
Too late.