Monthly Archives: April 2010

Captain X-Ploit: The Chronicles of David: Escape From Speeder Bay

Posted on by

The Adventures of Captain X-Ploit:
The Chronicles of David: Escape From Speeder Bay
– Part 6 of the epic chronicle –
Captain X-Ploit vs. The Bills

It had become abundantly clear to David this was no ordinary speeding violation. He managed to catch bits of the conversation between the officers. “It’s David Stone, I can’t believe I was the one to do it,” was the particular phrase that made David rethink his situation. Even as David sat waiting to be processed his mind was spinning with ideas of how to escape this place. Yet even after several hours he still had no idea how he was going to get out of this one.

His situation only seemed to worsen when he was placed in a small cell with an officer standing guard outside. Casting about, David found little in his cell that could aid him in his escape. He finally settled on the guard as being the weak link. Walking to the bars David said “Hey, Mr. Fuzzy, I got some news you might want to hear.” The police officer looked at David and said “What?” Clearing his throat David said, “I have detected one escaped prisoner in your prison. If you let me go I’ll find him and bring him back for you.” The man looked frightened and confused. “Maybe I should talk to my superior officer first…” he said with shaking voice. “My God, man! There’s no time! He’s on the verge of escape!” The man looked at David, sweating profusely with true fear in his eyes. With quivering voice he managed to squeak out “… and if I let you go, you will catch him for us?”

Several Minutes later:

David was wandering down the hall of the prison carrying a note reading “This prisoner has been granted full access to the prison so that he may capture the escaped prisoner.” He was wandering without purpose for the first few blocks. Having had his bagels, coffee and car confiscated he couldn’t help but feel a little dejected. Then it hit him “If I I had a cop car I could speed and never have to deal with this kind of annoyance again!” He then began to follow the signs leading to the garage.

He found it rather strange that he encountered no police officers en route to the garage. “Perhaps everyone is busy or distracted,” he thought as he swung open the door to the garage. Casting about for someone he found a man about to enter a rather nice looking cop car. Sauntering over David said “I’m sorry sir but I’m afraid I’m going to need this vehicle.” The man, who looked shocked, said something David had been hearing a lot lately. “What?” David responded by handing him the note and snatching the keys out of the man’s now limp hand.

Several Minutes later (again):

David was speeding out of the garage and heading home. Hungry and thirsty, racking his brain trying to figure out how to remedy this, he didn’t even notice the gigantic saucer-like object hovering just above him. Didn’t notice, that is, until his car was no longer on the road.

TUNE IN NEXT WEEK TO SEE THE THRILLING CONCLUSION!

Narrator: Do you really think anyone will get the video game reference in the title?

Reader: Do you think anyone actually reads what you write in the end notes?

Narrator: Not really… In fact I think I’ll pass the post game back off to Joseph again. He was doing a better job. Why don’t you take it Joseph?

Joseph:

So once again the good Captain is exploiting the system. This time he convinces the prison guards that a dangerous situation is afoot and that he, David, has the best remedy. This gains him an elevation of privilege that ultimately leads to his escaping with something valuable. If this sound vaguely familiar, it’s no accident. How many times are naive web users confronted with the dreaded “Your computer is infected with a virus!” message with a “click here to fix” button. Yep, the old malware posing as anti-malware trick. In this case our hero(?) nets a nice new police cruiser. In the real world beyond Trustonia the bad guy makes off with your identity or other valuable info. But now I’m wondering what’s up with the flying saucer.

Captain X-Ploit: Go directly to jail, do not pass go, do not collect $200

Posted on by

The Adventures of Captain X-Ploit:
Go directly to jail, do not pass go, do not collect $200
– Part 5 of the epic chronicle –
Captain X-Ploit vs. The Bills

We rejoin our hero as he drives onward not into the proverbial sunset I threatened him with. Nay, he drives headlong into the dawn of a new age. No one knew it then, but the world was about to change. Something earth shaking was about to happen that could conceivably rip apart all we have ever known in the world. Perhaps I’m being a bit melodramatic, let me just tell the story as it should be told, with haste and many a punch line.

David was driving home to eat and drink and be quite merry when he saw a posted speed limit sign that informed him that the speed limit was 35 miles per hour. Just as he was reading this sign a police officer in a squad car found fault with his driving and pulled him over.

David was wondering what exactly the officer had found wrong with his driving taking note of his speed of 36 miles per hour. The police officer that emerged from the police cruiser was a rather fat unattractive man with greasy hair and unpleasant gait. He was wearing a police officer’s uniform but atop his bulbous balding head was a cap with a fruity logo on it. David immediately knew that this was not going to end well.

The police officer walked up to the David’s car, adjusting his belt in a superior manner as if to say “I’ve got you now, punk.”

Looking past David as if he couldn’t be bothered with noting the existence of his prey, he said “do you have any idea how fast you were going?”  David quickly responded, “Yes. 36 miles per hour,”

“HA! So you admit it, you were speeding,” the annoying man said.

“The speed limit is 35,” David said, pointing to the convenient sign right in front of them.

“Yes, and 36 is a bigger number than 35,” said the cop condescendingly. Tilting his sun glasses down and for the first time giving David a real good look he said “You’re David Stone, aren’t you?”

“I prefer, Pope David,” replied David smiling. The slow witted man seemed confused by this but took it to mean “yes” and asked David to step out of the car. The officer then said “I was going to give you a ticket but I’d really rather take you to jail for reckless driving”. David frowned and said “I’d really rather not if that’s ok,” the cop looked at him again confused and sneered, “Look buddy don’t try your mind tricks with me, it’s jail time.”

The police officer then escorted David to the police car. And off they were to county lockup.

Tune in next week to see if David can escape the clutches of the evil jail!

Reader: What? That’s it?

Narrator: What? I told you it would be earth shaking. I don’t think you understand HE WAS JUST ARRESTED!!! For the first time ever! That’s freaking crazy stuff, man.

Reader: But he didn’t even find an exploit this week!

Narrator: Look! Ok, it’s really hard to come up with a different exploit every week AND drive the plot forward. Sometimes David needs to have stuff happen to him that he can’t exploit his way our off of or he would just rule the world wouldn’t he?

Reader: Sounds like a cop out argument to me.

Narrator: I’ll admit it kind of is, so tell you what if two readers post comments asking for it I’ll release the next episode early. Maybe on Wednesday instead of Friday.

Reader: Does the next episode have an exploit in it?

Narrator: Yes a great one, one so awesome I had to spend this entire episode setting up for it. THAT’S HOW AWESOME IT IS!!!!

Reader: Fine, let’s just hope your devoted readers comment. Because personally I can’t wait.

Maybe privilege for you after all

Posted on by

In an earlier post entitled No privilege for you! I wrote about how an employee’s attorney-client privilege was not applicable because communication with his attorney took place via his employer’s email and therefore there was no reasonable expectation of privacy. In that case the e-mail communication in question took place on the employer’s internal email system via hardware owned by the employer. The four factors the court set forth for consideration in determining whether an employee has a reasonable expectation of privacy in computer files or email are worth repeating here.

  1. does the corporation maintain a policy banning personal or other objectionable use,
  2. does the company monitor the use of the employee’s computer or email,
  3. do third parties have a right of access to the computer or e-mails, and
  4. did the corporation notify the employee, or was the employee aware, of the use and monitoring policies?

Recently a similar case, with a subtly different twist received a completely different ruling from the Supreme Court of New Jersey. This entry in Electronic Discovery Law blog reports it as follows.

Stengart v. Loving Care Agency, Inc., 2010 WL 1189458 (N.J. Mar. 30, 2010)

In this employment litigation, the Supreme Court of New Jersey addressed whether employees have a reasonable expectation of privacy as to attorney-client privileged emails sent and received on a work computer. The court held that under the circumstances presented, the employee/plaintiff did have a reasonable expectation of privacy as to emails with her attorney. Additionally, the court remanded the case to the trial court to determine what, if any, sanctions should be imposed upon defense counsel for reading and utilizing the emails at issue, despite indications that they were protected as privileged.

So what makes the circumstances of this case different from the first case wherein the court ruled that the email in question was not protected by the attorney-client privilege because the defendant had no reasonable expectation of privacy? Well, it turns out there was at least one major difference. Ellen Messmer in this article in Network World describes the circumstances of this case.

[The employee's] lawyers and [employer's] own team of lawyers had been squabbling over whether [employer], which had collected [employee's] e-mail after she filed suit against the company, had to turn over to [employee's] lawyers the half-dozen or so Webmail-based e-mails the company had managed to capture as forensic evidence.
These were e-mails [employee] had sent via her personal password-protected Yahoo account to her lawyers before her resignation; [employee's] lawyers also wanted [employer's] lawyers disqualified in the case. [Employer's] lawyers argued [employee] had no reasonable expectation of privacy in files on a company-owned computer in light of the company’s electronic communications policy.
[Employee] had sent the e-mail via her Yahoo account via her work computer at the office, not her corporate e-mail account. [Employer's] lawyers argued that [employee] “had no reasonable expectation of privacy in files on a company-owned computer in light of the company’s policies on electronic communications,” a court document states. [Employee] argued she had been given no warning that e-mail sent from a personal account would be monitored or stored.
According to a court document, [Employer's] policy states the home care services firm may review, access, and disclose “all matters on the company’s media systems and services at any time,” and also stated that e-mail, Internet communications and computer files are the company’s business records and are “not to be considered private and personal” to employees. It also stated “occasional personal use is permitted.”

So the key difference was that in this case the employee, while utilizing the employer’s computer at the employer’s site was communicating via her personal e-mail account – not the corporate e-mail system. So this certainly sets aside the prevailing notion that there is no reasonable expectation of privacy when using your employer’s computer. Unfortunately it’s not that clear. Not yet anyway. As this summary of the history of the case shows.

Upon leaving her position and filing her complaint, [her] former employer hired experts to create a forensic image of [her] laptop. The emails, which had been stored in the laptop’s temporary files, were recovered, passed on to counsel, and eventually utilized in the course of discovery. Upon learning of defense counsel’s possession of the emails, [employee’s] counsel demanded their immediate return. Defense counsel refused, and the issue went before the court. The superior court decided in favor of [employer] and held that there was no breach of attorney-client privilege “because policy placed [employee] on sufficient notice that her emails would be considered company property”. The appellate court held that the policy upon which the trial court relied could allow an objective reader to conclude that not all personal emails were company property and reversed the trial court. The issue was then appealed to the Supreme Court. The Supreme Court found in favor of [employee].

There is another key issue here related to the use of Webmail: The employer had to resort to extraordinary means – a forensic analysis of the computer – to actually retrieve the e-mail in question. This also figured in the court’s analysis of the case.

Beginning its analysis with an evaluation of the policy addressing an employee’s personal computer use, the Supreme Court determined that the scope of [employer's] written policy was “not entirely clear.”  The ambiguity resulted from the policy’s failure to specifically address personal emails, from the lack of warning that the contents of all emails were stored on the users’ computers and could be forensically retrieved and read later, and from the policy’s explicit statement that “occasional personal use [of email] is permitted.”

The court found that “[employee] had a reasonable expectation of privacy in the emails she exchanged with her attorney on [employer’s] laptop.” Specifically, the court noted that [employee] “took steps to protect the privacy of those emails” by using a personal, password-protected email account and by not saving the password on her computer. “In other words, she had a subjective expectation of privacy in messages to and from her lawyer discussing the subject of the future lawsuit.” The court also cited the ambiguity of the policy, as explained above, in support of her “objectively reasonable” expectation of privacy and also that noted the emails were neither illegal nor inappropriate and that the emails were marked as privileged.

But don’t start celebrating this new reasonable expectation of privacy on personal communications from your employer’s equipment too soon. The court concluded that your employer still has the right to enforce electronic communication policies that you might consider quite invasive of your privacy. In other words your expectation of privacy with respect to your work laptop is not reasonable in light of a well written policy.

Regarding the effect of their conclusion, the court stated:

Our conclusion that [employee] had an expectation of privacy in e-mails with her lawyer does not mean that employers cannot monitor or regulate the use of workplace computers. Companies can adopt lawful policies relating to computer use to protect the assets, reputation, and productivity of a business and to ensure compliance with legitimate corporate policies. And employers can enforce such policies. They may discipline employees and, when appropriate, terminate them, for violating proper workplace rules that are not inconsistent with a clear mandate of public policy. But employers have no need or basis to read the specific contents of personal, privileged, attorney-client communications in order to enforce corporate policy. Because of the important public policy concerns underlying the attorney-client privilege, even a more clearly written company manual–that is, a policy that banned all personal computer use and provided unambiguous notice that an employer could retrieve and read an employee’s attorney-client communications, if accessed on a personal, password-protected e-mail account using the company’s computer system–would not be enforceable.

So there you have it. Maybe some privilege for you after all.

Captain X-Ploit: The great liberation of the coffee from the oppressive closet of motivation.

Posted on by

The Adventures of Captain X-Ploit:
The great liberation of the coffee from the oppressive closet of motivation.
– Part 4.5 of the epic chronicle –
Captain X-Ploit vs. The Bills

After watching his patsy escorted out of the store by the manager and the picture of the ‘evil twin brother with a mustache’ taken down, David resumed his quest to get coffee without having to deal with the unpleasantness of paying for it. Casting about for opportunities he spotted a pamphlet labeled “Why work for us?”  The bullet point that caught David’s eye read “Every employee from management to delivery gets free coffee!” David stroked his goatee as he contemplated this.

Through further observation he realized there was a door labeled “Storage” with a 10 digit keypad on the side. No doubt they used the keypad to lock the door because it wasn’t behind the counter and they didn’t want customers going in there. Wandering over to the door David hastily read the key pad, it said “please input code, ****” David thought for a moment before punching in “1-2-3-4” the lock clicked and David slipped in unnoticed.

He found himself in a smallish room that had several boxes labeled “Coffee” lying about. On the wall was a motivational poster that had power cliches written on it. “Confidence! Motivation! Energy! Understanding the Customer!” David was about to purge this useless motivational drivel from his mind as no doubt every person employed there had done when the final phrase caught his attention: “Emotionally relevant.” He pondered this briefly and then laughing to himself, picked up an unopened box labeled “Coffee” and walked out of the room.

No one took notice as he wandered out of the coffee shop with the box, sat down and checked his watch. He figured he should wait two to four minutes before he going back to the shop.

3 Minutes Later:

David entered the shop with the box and walked up to the counter. “Hi, I’m the new delivery guy. I thought I’d hand this off to you, and maybe pick up my free coffee.” The girl smiled brightly, took the box and made him a cup of coffee. David was shocked, however, when she opened the register and handed him $400 saying, “Here’s your coffee and the money for the coffee.”  Attemping to overcome his surprise David said “uhh…” The girl, looking concerned asked, “Is everything ok?” Finally getting his wits about him David replied “Thanks. Yeah, I’m ok, just a bit slow and tired today.”

The girl took the box with a cheery “Thanks, See ya!” as she flounced away to storage closet. David waved and said “Have an emotionally relevant day!”.  He took $200 from the cash he had just received, slipped it into the tip jar and grabbing his coffee beat a hasty retreat from the shop.

Back on the street David noticed that Homeless Ted was sporting a new sign that read “Will eat for food!” David laughed as he approached him. Homeless Ted was Trustonia’s one and only homeless person. Ted was in fact a brilliant man who at one time was the CEO of a great company, but one day decided to give it all up and live on the street making inspirational and funny signs. People in Trustonia loved his signs so much that he actually earned enough that it was not uncommon to see him sleeping in the park wearing a tuxedo.

After handing Ted the rest of the money David hopped in the car and headed home with his bagels and coffee.

Afternote:

As David was speeding home to eat, drink and be quite merry he said “Hi everyone, this is David Stone, I just wanted to say if you guys like my adventures please be sure to comment, I would love to know how many people like/dislike this.”

“Are you seriously breaking the fourth wall David?” asked the narrator.

“Yes, yes I am. I think I should be able to tell the audience something if I want,” David replied.

“Are you kidding me? That is so pretentious. Who do you think you are?”

“I don’t think it’s that pretentious.” David said somewhat angrily.

“Are you kidding me? On a scale of one to pretentious that’s at least 3 Stephanie Meyers.”

“Fine, I won’t do it again, but they should still comment.”

“Ok, but leave that stuff to me from now on, I’m the one telling the story. Remember that or I’ll make you drive off into the proverbial sunset and never be seen from again.”

“Fine, I’ll remember that.”

And so David drove off into the proverbial sunset to most likely be seen again next week.

Captain X-Ploit: Banished from Bloodshot

Posted on by

The Adventures of Captain X-Ploit:
Banished from Bloodshot
– Part 4 of the epic chronicle –
Captain X-Ploit vs. The Bills

David was thinking himself quite the master as he raced toward the coffee shop in his new toy. Swiftly parking the car he hopped out the open roof. Whistling a jaunty tune he held the door for a couple of nice old ladies then followed them inside.

This was the Skylight Deer, his favorite coffee shop of all time. David loves caffeine, and one of the many persistent rumors encircling the Skylight Deer involved a humming bird evolving to a being of pure energy after ingesting merely a drop of their signature “bloodshot” blend.

Walking up to the counter he David was a little surprised to see his picture on the register, under it was written “Shall be denied service due to gross abuse of gift card policy.” David smiled as he thought about last week when he jumped the counter when the employee was in back and made himself a $1,000,000 gift card. This was truly unfortunate as his gift card still had more than $999,990 left on it.

David let his gaze wander up from the picture of himself, lingering for just a moment on his handsome face, before looking the clerk in the eyes. She was a nice 20-something girl who clearly recognized him as the infamous David Stone.

“What’s all this then?” asked David. The girl, who seemed sincerely regretful about having to deny him service, replied, “Well, after you left the shop with your coffee last week, we found the card you used to have been entered into the system against regulations. We can only assume you did this to get free coffee, so we were quite regrettably forced to ban you from purchasing further items. You may stand and enjoy the quite entertaining process of making the coffee, however if you wish. That is entirely free, Mr. Stone.”

“What if I were to tell you some shifty-eyed guy on the street gave me that card and asked me to get him a coffee,” asked David thoughtfully. “Well, that would make sense.” said the girl thinking for a moment, “Tell you what, if we have problems in the future with cards and or find the shifty-eyed man, Your name will be cleared and all restrictions against you dropped. Okay?” “Sounds fair,” David responded.

The clerk turned away and went back to making coffee. David hastily grabbed a pen from a nearby jar and altered the picture of himself, adding a mustache.

He then cast his eyes about the coffee shop where they fell on a familiar face, it was the man whose car David had traded for a picture of a car and a promise. Casually wandering over David said, “Hello, sir. The car is working great, I hope to have the first line up soon!” The man’s eyes lit up as he heard this. “But, if you wouldn’t mind helping me again, I could use some coffee. I am so very tired and need some caffeine to complete my designs.” The man was quick to respond, “Why of course, my good man, I would hate to attempt anything without some coffee. I suggest you hurry up and buy some.” David smiled knowing he had already won this round. “But you see sir, there’s a problem, these people won’t sell me coffee because my evil twin brother ruined my reputation.” “Oh dear!” exclaimed the man. “Indeed, they have a picture of him. You can tell he’s the evil one because he has a mustache whereas I do not,” explained David. “Obviously,” agreed the man. “But sadly they don’t see that,” continued David, “So, I was wondering if you would be so kind as to use my gift card here,” David pulled out the infamous gift card, “and get me a coffee with it.”

The man quickly agreed and just as he was heading to the counter David added, “Oh, they told me that the person who finds the hidden coffee bean logo somewhere behind the counter or in the store gets free coffee for life! I’d definitely look around for it if I were you. Big sweeping motions are the trick my friend.” After thanking David again the man walked over to the counter eyes darting around rapidly, making him look decidedly shifty-eyed.

David smiled as he thought to himself “Part one solved, now to figure out how to get the coffee now that they will serve me”.

So once again we find the (not so) good Captain engaging in more beat-the-system hacks. In this case he resorts to the good old, tried and true, social engineering “set up a patsy by duping them into falling for the trap set for you” scam. The great point here is that the victim (the luckless car-for-a-picture) guy is tricked yet again. This is one of the cornerstones of grifting and has been since time immemorial: the mark is always “in for a penny, in for a pound”. Stay tuned for more Captain X-Ploit.