Re: Dsniff/mailsnarf

To: tps@unslept.com, debian-security@lists.debian.org
Subject: Re: Dsniff/mailsnarf
From: john@keimel.com (John Keimel)
Date: Wed, 25 Feb 2004 09:41:34 -0500
Message-id: <[🔎] 20040225144133.GB4124@keimel.com>
In-reply-to: <[🔎] 20040224234550.GA30452@unslept.com>
References: <[🔎] 20040224231120.GA29684@unslept.com> <[🔎] 20040224231948.GA31664@keimel.com> <[🔎] 20040224234550.GA30452@unslept.com>

On Tue, Feb 24, 2004 at 06:45:50PM -0500, tps@unslept.com wrote:
> On Tue, Feb 24, 2004 at 06:19:48PM -0500, John Keimel wrote:
> > On Tue, Feb 24, 2004 at 06:11:20PM -0500, tps@unslept.com wrote:
> > > I've been asked to place a sniffer on a network that handles HIPPA data,
> > > and watch for e-mail containing certain strings. I figured that mailsnarf
> > > would be the best way to do this.
> > > 
> > Aside from any of hte technical details of this, I'm kind of wondering
> > how this fits into HIPPA and it's policies. 
> 
> Certain info has to be protected.

Like, all of it. I've dealt with HIPPA, so I know. My befuddlement was
over the idea of sniffing for that info and the assumptions that one has
to make in doing such a thing. <skip down>

> > I'd be sure that if I were you, I'd have written evidence of someone (a
> > boss/supervisor/etc) ordering this kind of behaviour and also my
> > objection to sniffing data that might be confidential under HIPPA. 
> 
> I have a very nice contract, complete with a very detailed scope of work,
> which my lawyer has OKed.
-snip-
> There's no CYA. I'm being asked to verify that there is no HIPPA
> information that is leaving the site, accidentally or otherwise. There
> is a nice defined set of keywords that would be used in any of the
> documentation (it's a testing Lab). If the capture file size *ever*
> goes above 0 bytes, they have a problem. That's all I'm involved with.
> I want *nothing* to do with the actual data. I'm just setting up a
> system that will notify certain people if there is a 'leak', and
> they can go in and figure out what happened.
> 

Well, you've already done your CYA [1] activities, so that's good. If
your scope is well defined and you've a good contract, excellent. I hope
you're charging more than enough for the priviledge of them having YOU
sniff their traffic :)  hehe. 

Good luck with it, hope it works out for all parties. 

j



[1] someone defined HIPPA in the thread earlier, but didn't define
"cover your ass" :)    

-- 

==================================================
+ It's simply not       | John Keimel            +
+ RFC1149 compliant!    | john@keimel.com        +
+                       | http://www.keimel.com  +
==================================================

Attachment: pgpL2eylkUSc8.pgp
Description: PGP signature

Reply to:

References:
- Dsniff/mailsnarf
  - From: tps@unslept.com
- Re: Dsniff/mailsnarf
  - From: john@keimel.com (John Keimel)
- Re: Dsniff/mailsnarf
  - From: tps@unslept.com

Prev by Date: Re: Dsniff/mailsnarf
Next by Date: Re: [ox-en] Walther
Previous by thread: Re: Dsniff/mailsnarf
Next by thread: Re: Dsniff/mailsnarf
Index(es):
- Date
- Thread