Slashdot Mirror
Hotmail: Not Safe For Work?
silentknight writes "According to MSNBC, web-based e-mail providers such as Yahoo and Hotmail may not be a haven for your private e-mail anymore. At least not while you're at work. SpectorSoft is introducing eBlaster, which aims to "secretly forward all e-mail coming and going through such Web-based accounts to a spy's e-mail". Corporations will most likely argue that, because of sites like Internal Memos, companies need to keep a tighter grip on the information that flows in and out of their companies. But attempting to spying on private e-mail?? In the words of Homer J. Simpson: "Butt out, Buttinsky"."
Yet another example of how we owe our lives and our souls (and our personal e-mails) to The Man(tm) while working on his clock. I agree that you're at work to work, but I feel that this is intruding just a bit too much for my comfort.
/gleffler
That eBlaster software seems like a totally excellent way to increase the amount of spam you receive in your inbox per day.
Thanks, SpectorSoft.com! You've made my week!
- SMJ - (It's not just a name: it's a bad aftertaste.)
The time you spend at work, you ought to be working, not sending personal email, making personal calls, or anything besides work-related stuff.
Now this becomes a little tough because we aren't automatons and have lives outside of work that need tending to. However, to expect that what you do within the walls of your company is private is laughable.
Just assume that everything you do there is under surveillance. Heck, all your thoughts are already belong to them.
I have been pwned because my
After this was done, all virus problems on the network dropped from one incident per 2 weeks to maybe 1 incident per 4 months.
As to the privacy issue, the easy solution is to NOT SEND PRIVATE E-MAIL FROM WORK (or at least use GnuPG or PGP!)
http://www.hushmail.com
www.cgisecurity.com
www.owasp.org
If you use a company PC and bandwidth, you play by their rules. Sad, but true.
"Powers. I have them."
That kind of sucks. I've been putting this off, I guess, but does anybody know of a good web-based email client that runs with apache on linux (that doesn't require php)and that I install with minimum effort?
Roving Web-Teleoperated Robot
The best way to make people rise up against this is simply to encourage employers to try to apply the goals and reasoning of software like this against traditional communication services.
How many people you think would be cool with their employer listening in on their personal phone calls, and opening all their personal mail that gets sent to the office?
Apply it to everything, and people will understand that this is an encroachment on what we currently have, not a reasonable measure for dealing with a newish technology.
"Old man yells at systemd"
Not really anything new here; "The Man" can see what I'm doing right now, where I'm going, whether or not I'm logged in to a site (including my username and password), how long I've been on a certain page, etc etc etc - And he doesn't need a kiddie script to do it. That's just part of working for the DoD or any other institution that has full monitoring instilled in their computer use policy, I guess.
What, really? Oh no! Someone should've told me earlier!
I mean, legally, I have to side with the companies. Their machines, their time, their liability. The can do what they want.
BUT...it does suck, and I'd hate to work for anyone that would think they needed to read my private mail. My only hope is that more and more people will leave companies that do that to work for smaller companies, or start their own, and that these smaller companies will begin to resist the temptation of corporate assimilation. I see it beginning to happen now, there are some fairly large, privately held consulting companies that foster a great atmosphere for their people. The more I see big companies doing things like this, the more hope I have that this renaissance of the small business will grow.
This is why VPN was created so we can all VPN into home and use that connecting to get to hotmail.
Their computers.
Their network.
Their time.
Their money.
'nuff said.
slashdot!=valid HTML
... to read each and every one of the 300+ spam emails I get daily to my Hotmail account.
Of course this article is quite irrelevant for slashdotters. We should have our certificates, machines we can VNC to, encrypting proxy servers, etc.
But, ironically, it'll probably be the arrival of widespread wireless (be it 3G, a mesh network of 802.11, etc.) that provides a little privacy. Imagine, if you want to send a private email, just change your Wireless connection to be your public ISP-type network, send your mail, and voila. You use your ISP's network instead of the corporate one. Both parties are happier.
Likewise, the bandwidth I use is restricted to those activities necessary for me to carry out my duties.
I have specifically agreed to limit my use of thecomputer and network in this manner as a term of my
continued employment. Why would I expect any kind of privacy in this case?
Interested to know what people think about this.
Don't read this!
Use ssh or WinVNC (like I do) or somesuch to remotely access your home system, and run your personal stuff THERE. At work, the only non work-related software I run is WinAMP, WinVNC client and a web client. At home, I run an email client, IRC, ICQ, Kazaa, etcetera....
;-)
So long as the employer doesn't mind you connecting to your home machine (and you can encrypt that connection, somehow), then what you do with it is your own business.
Of course, you can still paste memos over VNC/ssh, so this just defers the problem somewhat.
.f00Dave
Yeah just what kids need, their parents reading their e-mail. As if they didn't have enough to deal with.
Sure, in some cases this could actually be an asset (as in if you're afraid your kid is going to run off with some 40 year old child molester) but otherwise parents should let it be.
Besides, if they really knew their kids they'd be able to guess their password ;D
-- Scientist: You aren't going to leave me here, are you? Boagh! Thump...
This really isn't neccesary when you can get programs such as keygrabber for windows, and if somebody's sneaking around on linux, they're either easy to track, or they're too good.
"And we have seen and do testify that the Father sent the Son to be the Savior of the World"
1 John 4:14
We really don't have the time or energy to look at every users web usage. However, we do make sure we have the tools to prove abuse if we need to get into a legal issue. Supervisors and coworkers can pretty much tell if you are abusing your company's Internet resources. I think many users don't realize what the IS dept. is able to track on them. Just like with every moral, ethical, and legal issue: if you feel guilty doing it, you probably shouldn't be doing it.
If employees are spending that much undo time at personal email at work, I think this speaks far more about the poor quality of the managers and the low morale of the company itself, than of problems of the employees. As such, it might even be useful to have a tool to determine if managers should go based on the rise or fall of such email traffic :).
Far more often than having your boss actually read your personal email every day, companies snoop to archive this sort of information so that if they need to they can review and use it later. This possibility for abuse in this regard is endless.
Doesn't have a functional web browser? What do you call Mozilla? Galleon? Konquest? Netscape?
Opera? The only browser it doesn't run is IE (you call that functional?) and there are some reports of IE running on Linux under wine!
BTW I did set up a Linux box running Debian at one place I worked. The machine was made out of parts salvaged from several junked computers so it cost the company nothing. My excuse was I wanted to evaluate Linux as a platform for a future internal project.
It took a little while to figure out how to set up proxies so I could reach the internet over the company network (MS friendly firewall) but it worked fine. I doubt that any spy ware intended for windows machines would work on Linux (and I could have just set up an internal firewall to try and lock any out).
My present client simply blocks all web based mail sites at the firewall. So I just send whatever I want through their corporate email system. Even mail relating to my other clients or negotiations for other contracts. If I really need security, I'll use encryption or simply give them a call. If they don't like what they'r reading or how I'm using their email system, they can either provide me with access to my yahoo email account or bite me.
It's just like my house. Anyone can look through my windows. But I can't be responsible if they're horrified by what they see.
Disconnect your television. Do your own research. Draw your own conclusions. They're probably lying. Don't be a sheep.
All this does is add competition to already available solutions for spying on employees. Such as hardware filters for keyboards or perhaps firewalls that log this kind of activity.
What I would like to know is what kinds of companies perform this kind of spying on their employees. I'd like to quote from Office Space;
"When I make a mistake, I have 8 different people comin' by to tell me about it. That's my only real motivation is not to be hassled, that and the fear of loosing my job. But you know Bob that will only make someone work just hard enough not to get fired."
Wealth is the product of man's capacity to think. -Ayn Rand
While I understand that a computer is company resources, I believe that responsible use should be acceptable and big big brother should not be there listening.
Blocking or intercepting email is more or less the same as listening in on a phone conversation. Yes, I know this horse has been beaten to death here but it's still ridiculous.
If you're not allowed to make personal phone calls then I can understand them not allowing or even monitoring personal computing use but for communications, email should be a protected medium.
There is no such thing as a "right to privacy" in the United States. Check out the Constitution and the Bill of Rights. You won't find find it along with other "rights" people say they have like, 'right to free health care', 'right to Social Security' and the often touted, 'right to party!!!'.
Strange women lying in ponds distributing swords is no basis for a system of government.
I have heard (and seen) small companies use email as a means of transmitting credit card numbers for purchases they get over the web because they are either too lazy or to cheap to set up a PGP based email system.
... and sending coorporate information to hotmail is NOT the way to do it!
... this is the first step into forcing cheap companies into doing so.
Although it may take a very unfortunate incident to really make people listen to me on this issue, forcing companies that need to keep their information private is a GOOD THING!
Customers trust companies to keep their information confidential, so they should do just that
Although I do not agree with spying into people's email, I do like the idea of scaring companies into investing into a more secure method of transmitting their customer's PRIVATE information
To all cheap bastards trying to run an e-shop: If you can't afford to buy a linux box, a small ISDN line, and PGP software to keep private customer information secure, GET OFF THE WEB!
HallmarkOrnaments.Com
I block most web based email systems... I have to... not because I want to be a a$$hole to my users, Its because no matter how many memos, emails, yelling at them...
They are downloading virus' to the network and causing me grief. Because then everyone get involved, and it becomes a huge mess just because someone wants to send something that should be done from home anyway?
Adult users, corp users should know better.. but i've been doing this for many years now, they act and treat the systems just like children... There are a few good ones don't get me wrong, for the most part they got from 35 years old back to being a giddy teen with a crush on someone...
So yes as a matter of fact I do think companies and admins should know what is going on at a users desk, it will save a lot of time and money for the company... and folks that's what's its about...
If a user bitchs (Like the one last week did) well I dont' have a computer at home, point there cheap ass to ebay.... and keep your personal crap where is belongs at home.
"The word "genius" isn't applicable in football. A genius is a guy like Norman Einstein," - Joe Theisman
Why are you doing your personal matters on their network, computers, bandwidth?
At one of the offices I Admin, I have two terminals set up in the breakroom with access to the public email sites (yahoo, hotmail, various popular ISP's), and only from those IP's (on their own subnet /30) can they get to those sites. Those workstations are also locked down, but have games and other break related software on them. All the users know that they are monitored on the "business" network for the sites they browse and the communications they make. Everyone is content with this. There is the option to use the break room computers, and if they want to do it on their machine (yahoo, hotmail, etc) they just plain can't. (unless you ssh/telnet(sniffed)/rdp/ica/pc-any to another computer off the network.)
www.oobersworld.com - For those that ride.
"Hotmail is phenomenal if you get there within the right time frame," said Kevin Mandia, a former Air Force investigator now working as a consultant with Foundstone Inc. "You can actually see people as they travel, checking messages from different computers. You can really track people effectively."
The owls are not what they seem
You!
Slashdot isn't safe for work.
Stop. You! In the cubacle - stop reading. You're being logged and will be delt with. Soon.
-Your Loving Managment
Moneyed corporations, non-working 'poor' and criminal prisoners are turning productive citizens into tax-slaves.
Interesting how they do not go into details how this product works.. I wonder if it will work through a secure connection (SSL-encrypted)? It doesn't even seem to mention if the product is a trojan horse-like program on the client computer or a firewall-like intercepting device.
Anyway, if the boss wants to read all of your SPAM, maybe you should just sign him/her up for all the SPAM lists your hotmail account is on. This way you don't even have to purchase the software to view all correspondence.
A computer is a valuable tool, so use it and stop whining.
I am an IT manager for a local government agency. We monitor all internet usage on a regular basis. for the most part it is rather boring. This also means that if sombody uses Hotmail or some such at work it gets logged. By state statute here all documents that are created on our equipment, i.e. you type an e-mail. It becomes public record. that means any Joe Blow off the street can send in a request for copies of any and all e-mails that we have on our system. This causes a few interesting problems. So I do a couple things. 1. I do not backup the e-mail system. All users are aware of this. 2. Zero retention on deleted e-mail. 3. A signed Acceptable Usage poilicy for each user. They are all aware of the possibility of being monitored. Does this stop people, no! We have had to take action on abuses several times. Like the guy that wouldn't stop surfing porn at work, he worked in the cube and there are several women that work in that office. Bad judgement. Last week things got worse. I noticed a user surfing a little porn so I checked the logs, I was a little surprised, he was accessing a Sex Offender Database. He was looking himself up! Turns out this guy is a registered sex offender in the neighboring state. I looked up what he was convicted of and it was RAPE. Also 90% of the workers in my building are female. We would have never known any of this without monitoring our system. Our lawyers are working on what to do with him now. People can bitch all they want about Big Brother, but ever consider sometimes this is bigger than one person feeling bad? Think about how you would feel if your sister or mother worked in that office and something happened. Wouldn't you have wanted us to do something about it? Take off the blinders and step off the soap box, because until you are the one responsible you don't know shit.
We have a very strict standard for e-mail. All e-mail that comes into our network belongs to the company, not the employee. If it's using our servers, it's ours. Granted, we don't allow managers to indiscriminately view an employee's mailbox without HR approval but we will do our best to protect our assets.
I block all web-based e-mail from our proxy - like another poster said, it prevents users from downloading viruses. I work in the medical field and we have to protect patient data so there's also the added risk of someone sending confidential material out of the company through a webmail account without our ability to take corrective action because of the lack of proof. Originally, I had to block hotmail because MS Proxy Server used to crash whenever someone accessed Hotmail so our company policy was actually born out of protecting our proxy server.
eBlocker, like so many other key logger programs, intercepts the email, web sites, etc before it reaches the network. So hushmail won't help.
So it's feudalism at work; democracy on your own time.
Your words could apply just as well to someone justifying plutocracy as the logical system of government for a nation -- the wealthy landowners get to make the decisions, because they literally own the country. Somehow, in these modern times, we've decided that that's just not acceptable anymore. Why do we still put up with it at work?
I have been getting a lot of spam lately on an address I only give out to my friends.
They all seem to keep it in their hotmail and yahoo address books.
Is that the spam leak?
Mouse powered Chips, Open source Processors and Lego
Err, excuse me, but since when have we had the expectation of privacy when using company resources?
You send email via Outlook and your company's Exchange server. It's logged (or at least monitored), for legal reasons.
You Web-browse on your company Workstation during lunch. It's logged (or at least monitored), for legal (and HR) reasons.
You send IM traffic across the company network to an external friend via ICQ. It's logged (or at least monitored), for legal reasons.
You send email via Hotmail using a company Workstation, out a company NIC, across the company Cat5, through the company switches and routers, out the company gateway and upstream to you company's service provider. It's logged (or at least monitored) for legal reasons.
Personal use of company assets on company time. Unless you have an absoultely rockin' Acceptable Usage Policy (from the employee's point of view), you're "up shit creek without a paddle".
You can bitch and moan about this kind of thing all you want, but it comes down to one thing. Is use of Web-based mail against the AUP policy you signed when you commenced work? If it is, and you do it anyway, you're screwed.
Sheesh, you'd think it was rocket science or something...
Janie took my gun...
CIA Operated.
tcpdump
Need I say more?
Why do all these webmail-users use plain HTTP, anyway? Use HTTPS and nobody can spy on you - it's that simple.
And if $Webmailer doesn't support HTTPS, switch to one that does, because Webmailers that don't use HTTPS don't give a damn about security anyway.
Why are you using private email at work? This is more than liekly against company policy. Simple solution, do not use private email at work.
Great Linux Site
But the whole idea of salaried employees blur this. If I am a salaried employee, my private time and work time start to become blurred. I am expected to work at home at times, and so I should be able to do private things while at the office.
An hourly employee is being paid for everything they do at the company, and that time does explicitly belong to the employer.
A salaried employee gets paid for the work they do, more than their specific time at the office.
Man, that site is hilarious! You can't make stuff like this up :-)
Do you even know anything about perl? -- AC Replying to Tom Christiansen post.
Putty is an amazing little win32 ssh client (does telnet and a few other things as well). For me, if I am working on windows and need to check my mail, I ssh out to my linux box and fire up pine. No muss, no fuss. It is worth checking out the license link... Simon, you ROCK!
+++ UGUCAUCGUAUUUCU
I have a shell where I host my web pages and such... or at least theoretically where I would host them were I to have any.
I ssh into that and use pine while at work, and then when I am home I use pop3 to yank it down.
this has worked well for me and I'm gonna stick to it. it isn't free like hotmail, doesn't have a slick web interface... or at least a web interface - but I like it well enough.
(it is like free to me because I would have this account whether I were using the e-mail or not)
There are some odd things afoot now, in the Villa Straylight.
Especially those thoughts. Are you thinking them now, you bad monkey?
I have been pwned because my
of anything you send through Hotmail - it's in the T&C.
for we's too dim to handle such a sichuashun in the real world! please, mista eye-tee man, keep a sharp eye!
Who, is his right mind, ever thought Hotmail was a haven for commercial or otherwise private information, when not a month goes by without a new flaw in their security or a new loophole in their privacy policy comes to light?
Additionally, that e-Blaster software even traps and logs the keystrokes of the workstation: not even SSH or any other software that requires typing your password will help you here. If you're using your company's computer, and you are subject to their rules. ***END OF THE STORY***
¦ ©® ±
On that internal memo's site, there was a pretty funny memo:
p ?memo_id=780
http://www.internalmemos.com/memos/memodetails.ph
This is why I do all my personal email through a ssh connection to my home server. Makes snooping a bit more difficult
The last place I worked, I had to do something like this. We had a problem with an employee who was suspected of leaking company trade secrets to a competitor.
It turns out she was using a Yahoo e-mail account to send CAD files of complete circuits to her "ex" boyfriend at a competitor. She was doing this from computers at work, and yes she had authorization to access the CAD files in her job.
Because we were able to monitor the activity, the company knew what/when/where the files went. She was fired for cause and we contacted the competitor and waved the evidence. They had little choice but to fire the person on the other end and we watched them close to see if they introduced any "new" products over the next year or so that were based off of our designs.
* * *
Fast forward to my new company -- a once major telecom giant -- they now block all webmail sites they can find via their firewalls.
Simple fix? Squid proxy on your home computer running on port 443 (HTTPS) and requiring a username/password.
Learning HOW to think is more important than learning WHAT to think.
This software = keylogger on steroids.
Essentially, it doesn't matter if you're using 183903248099041-but SSLv329780132 encryption between your computer and the mail system, because the monitor is ON YOUR COMPUTER and logs the email before it's encrypted.
retrorocket.o not found, launch anyway?
I rather enjoy:
Fowler wouldn't describe particulars about how the technology
worked,
In combination with:
a judge wouldn't be able to rule on the legality of the software
without knowing exact particulars about how the technology works
So, they seem to have written a TCP/IP sniffer with a set of filters
to catch email sent to/from web based email but they're not going
to admit it because they don't want to get arrested for potentially
making it easy to break wiretap laws without really meaning to.
I teach in the public schools in NY state and we have had all free email sites (yahoo, netscape, etc) blocked by the damn firewall. The reason given is that such things allow for malicious attacks on the network. Is there any truth to this? I imagine that there are better ways to attack out school system's network than My Yahoo (not that I'm looking for those ways). I just want to use my Yahoo account to read mail on my free period and communicate with students.
Can anyone give a compelling reason why this should be firewalled or, better for me, a compelling argument as to why it need not be?
Yeah, I'm as old as my UID would suggest.
While I do not have any unresonable expectation of privacy, if I were working in your organization, I would take you to civil court and sue your ass personally as well as the organization as a whole. Clearly your company is making hiring and firing decisions based on personal information it finds out about it's employees. While this privacy concept is clearly non-tenable, the idea of doing what your company does is illegal in my state and many others. I believe it is also illegal under federal law.
Consider a less "emotional" example. What if a manager learns one of his employees has become pregnant. Now this means she will likely take maternity leave. So, the company decides its best to terminate her now, because it would cost less for health coverage. Imagine further that she is unmarried, and the people making this decision become aware of this and take this into account in her firing decision.
Many times things like this and other forms of abuse occur every day, but they are hard to prove. Often they occur but the human resources department never openly talks about it. I am sure the people in your organization will appreciate the fact that you personally have made this form of illegal job descrimination easier to demonstrate when they need to bring wrongful termination suits.
Fine, then the following also applies:
I will only work minimum required hours, no more.
If I'm not being paid for oncall, then I am not contactable, I don't care if an meteorite hit the data centre, don't contact me.
I will take all of my holidays each year
If I'm even slightly Ill I will take a sick day up to the allowable maximum, I will not come in anyway to finish the project on time.
The first job offer I get, I'm gone in the shortest possible time, most likely by taking any left over holidays. BTW you can forget about quality hand-over.
Fine work time can be work time, and my time will be my time. Now who will be the biggest loser here?
Look at items like that lawsuit that an ex-employee lost about an idea he developed on his own time.
More and more companies are attempting to lay claim to any and all thoughts that you have while you're employed with them. If they feel that they have the right to invade your brain and harvest the fruits of your spare time then they can't exactly complain when you confuse work and personal time as well.
--- I wish I could hear the soundtrack to my life. That way I'd know when to duck.
Unfortunately, dasher (and any other nonstandard text-entry interface) will only work against keylogging alone, not against keylogging + screen dumps. The only way to safely transmit information via a company computer (untrusted) is to enter already encrypted data into it. So, the solution is to have some PGP-like software on your (trusted) palm, or to learn to do PGP in your head (trusted, if you wear a tinfoil hat) ;-)
11. So, if eBlaster does not show up anywhere, how do I get into it?
So does anybody know what those four keys are?
Corporations will most likely argue that, because of sites like Internal Memos, companies need to keep a tighter grip on the information that flows in and out of their companies.
It seems like they would have already figured out that ethical business practices are a good way to handle that.
I wonder if Adaware will be updated to kill it. It should be a simple matter to find the dir and delete it tho.
Anyone who is skilled will know how to encrypt their outgoing connections. Or even will know a few free e-mail services (hushmail anyone) that can encrypt their connection when they check e-mail.
Personally I try to SSH to my mail servers when I need to.
Just remember though. If you are going to rely on SSL to protect your e-mail. Don't use IE (since it would be easy for a company to put a Man in the Middle attack on your IE). Use Mozilla or Something that does SSL properly.
~ kjrose
The last time I signed up for a hotmail account, I was bombarded with spam (bombarded being operative) within 48 hours. The typical user either deletes or "unsubscribes" to the email, which possibly carries the standard penis-lengthening advertisement. Why would one want to venture into that territory at work in the first place?
This sig no verb.
I don't normally use the +1 bonus for 'mod this up' messages but in this case I will make an exception. Feel free to mod this down as long as you mod the parent up.
Who actually use hotmail anyway? Still haven't figured it out why people use it.
this is not my signature.
I don't know about anyone else, but I'm often under a lot of stress at work, and am often isolated from human contact. If I don't get to check my personal e-mails or chat occasionally with some friends, I get... twitchy.
:)
I work for a small non profit and happen to be the Sysadmin, so I get to WRITE the AUP if I wanted to.
I'm so glad I work in a less than formal environment!
--
Why didn't you tell the world, eh?!
Contrary to the large contingent of "company can do whatever it wants on its property" boosters, there in fact seem to be all kinds of legal protections and privacy expectations established for workers in corporate offices.
The fascist model that says otherwise is not only frightening, it's untrue.
The full quote from the lawyer in the article (in reference to the 1986 Electronic Communications Privacy Act):
Spyware like that produced by SpectorSoft and competitor WinWhatWhere Corp. has not yet faced a definitive courtroom test. But David Sobel, general counsel of the Electronic Privacy Information Center, equated private Web-based e-mail account with an employee receiving a personal letter through the company mailroom. The contents of such a letter are protected by U.S. mail regulations.
"The question is: Is there a reasonable expectation of privacy? I would argue that if a company.com account is provided to me for company business, I can assume it might be subject to monitoring
We know where leadership by an anti-intellectual "strongman" who scapegoats minorities and likes boisterous rallies goes
One day I'll drag the name of that webmail provider out of you!
Why do you need it?
Become your own webmail provider.
I use fetchmail to grab mail from remote sites. I also point the primary MX for my own domain to my home box. This consolidates most everything into one email address.
At that point, you can use imap(s) and horde/IMP to create your own webmail service... or just SSH in and start up your favorite mail program remotely. (I've even done it with Netscape/mozilla .. It's slow, but it works).
20MB max?? HA! how big is your /var partition?
The biggest problem I currently have is that, with Mozilla, the SSL Certs for my web server and imaps server collide. If I save the cert for one, the other claims that it's invalid.
Free Software: Like love, it grows best when given away.
A new M$-WinXP laptop for some reason decided to try an https connection to a Hotmail netblock. So now the firewalls have
.NET/passport nag messages or from the MSN IM nag messages? (Which I think are somehow related anyway.)
OrgName: MS Hotmail
OrgID: MSHOTM
NetRange: 64.4.0.0 - 64.4.63.255
blackholed anyway.
Do y'all expect that connection resulted from the
The problem I have with this sort of monitoring is it requires interpretations on the part of the reviewer. What should matter is whether I am creating a hostile work environment and whether I am doing my job. End of story. Mess up on either of those and you should be out the door.
These sorts of issues are very similar to consensual crimes where the government wants to monitor what you do between consenting adults.
"Only one thing, is impossible for god: to find any sense in any copyright law on the planet." Mark Twain
What about a telecommunication and computer workers union? Not a trade union, but an industrial union?
http://www.iww.org/iu560/
There are two types of people; those who divide people into two types of people, and those who don't.
Who needs web-based email?
Toolkit for doing things that you aren't supposed to do at work:
SSH to Linux box at home and "screen -r -d".
The best thing is it's all text, so it's indistinguishable from actual work to most people. And it's all encrypted.
If you're not using corkscrew to tunnel through their web proxy to your unix box at home to read your email in mutt or pine over ssh, then maybe you shouldn't be reading personal email at work anyway.
Another way to say the same thing is: if you're not capable of bypassing the restrictions that are placed, then you're not qualified to bypass them and you should sit back and realize that the restriction is for your own good.
"Nothing was broken, and it's been fixed." -- Jon Carroll
I actually find that interesting. What *does* a URL in text count as, linguistically? Is it one word, or several? Or is it something entirely different?
...it's the bosses bytes.
;)
You shouldn't use the company PC for personal work. That said, one could always just VPN home and work from there remotely
Does this scare anyone else that you know someone is probably going to use this on a school's LAN. Can you imagine how much info they can steal with probably 90% of everyone using AIM/AOL/Yahoo Mail/Hotmail?
I'm at school now and I can see how much that would suck if someone runs that program here.
Scary
Triforce66
Why use X-forwarding when you don't have to? Mutt and Pine do everything that Netscrape does, but at a fraction of the resource consumption.
Smoking pot is not be any means equivalent to smoking crack. Someone who smokes crack is called a crackhead/ Someone who smokes pot is called an almost-blind person, or in some cases, a person appetitie challenged.
That doesn't make any sense, what you just said. They found information proving that the man had lied on a job application. I work for the public sector; it seems pretty universal that you get asked whether you have been convicted of any crimes on your application. What other possible reason would they need for firing this guy?
Let me preface my comments. I am a staunch supporter of privacy rights.
However, before you get too far up in arms, most companies have some form of acceptable usage policies. Typically these policies state what you can and can not do while at work. Additionally, most companies have within either their acceptable use policies or security policies, a section explicitly stating that the company owns all files and information on their corporate network. You usually have to read and agree to these policies when you are hired.
I know that I have had to sign documents that stated that I have read and understand all of the companies security/privacy policies. If you don't like the companies policies, go get a new job.
en tea
18. I do not have physical access to the PC I wish to monitor. Does eBlaster support remote installation? eBlaster can be configured to send the program installation file to another email address. Assuming that the receiving email client will allow the receipt of a .EXE file attachment and that the user opening the email clicks on the file attachment, then eBlaster will automatically install itself on that computer. Once installed on the remote computer, eBlaster will send recordings from that computer to your email address.
VERY IMPORTANT: You MUST be the owner of the computer to which you are remotely installing eBlaster. If you are NOT the owner, or have not received permission from the owner to install eBlaster on that computer, you could be in violation of state or local law by monitoring the activities of property that does not belong to you.
A shell account at an ISP (or to home if practical) is like a Swiss army knife.
By using SSH and port forwarding you can encrypt and protect yourself from almost any corporate sniffer, access blocker, or packet logger (at least plain text).
Even if your not using it to "bypass" a restriction, its worth the effort simply for the encryption over the local network.
My last job used to block DejaNews and Google groups. I used it for quick fixes and support. If your ISP is not running a proxy you can run your own small proxy like cj.pl (cookie_jar) or junkbusters and bounce from that.
I guess my point is, if you need it, there is a way to get access to it. It may not be ethical and may raise suspicion and get you fired but it works.
Bad boys rape our young girls but Violet gives willingly.
I think it's really interesting that when you click on the 'Practical Applications' link, it brings you to a page that reads "Coming Soon!". I love it!
"Mr. Wong, we've been monitoring your incoming hotmail and we can only assume you've spent hours of company time sending out hundreds of inquiries requesting information on how you can lengthen your penis by 3-4 inches with some kind of herbal supplement..."
Phallic Symbols in LOTR
Reading this thread and writing responses to it on company PCs/bandwidth/time :)
Nothing ZoneAlarm and PGP can't solve.
My life is one big siesta in which I'm dreaming I wished my life was one big siesta.
Here's my setup:
- MY laptop (no company spyware), Win2k HP Omnibook 6100
- SecureCRT - SSH client with the following tunnels setup
* port 80 - to www.anonymizer.com for web traffic (pay service, worth it to me)
* port 110 - my RH7.2 box - all incoming POP mail
* port 25 - my RH7.2 box - all outgoing SMTP mail
* port 1080 - my RH7.2 box - free socks5 proxy server from www.socks.nec.com (use this with my IM client software from trillian.cc to connect to MSN, AOL, ICQ all at once)
Anyone out there have similar setups? Any ideas? My thought is that if my company shuts off port 22 outgoing, I will buy wireless service from Verizon or somebody to keep this up and running.
I'm also running a perl proxy on 8081 of my RH box, that I mainly use to debug problems with HTTP stuff (I'm a web developer).
ps. I'm a sports gambling fanatic (amateur) and that's why I jump through the hoops.
get in touch:
secret@blueplanetsports.com
http://www.ziplip.com/
Free email, accessed over ssl, supports SMIME for
transport too.
KEYLOGGER!!! VPN won't help that. They'll get at least half of any conversation.
This kinda crap makes me sick. I remember walking off a job because someone asked me to violate some one elses email. This "it belongs to the corperation" bullshit has to go. If I typed it its mine, If I sent it to another person its also theres.
IMHO This is akin to the your mailman opening your personal email. Its really sad that idiots who subscribe to the corperate mentality of company first would do this.
Sysadmin ethics seem to be gone forever and people wonder why the computer industry fell apart? Next you'll be wearing a tie to work. Glad I am retired cause I couldnt work with the type of asshole that would install this form of spyware.
--- Always remember. 99.36% of all statistics are inaccurate.
At work, they "own" everything, they say when you can and cannot go to the bathroom. They tell you when to go and when to leave. They tell you what to wear. They may spy on anything you do. If they give you a computer to take home, they may spy on that as well. Same with a phone. They can tell you what to say or what not to say.
If you don't like it, you can go to another company that will do the same thing. We call that FREEDOM.
Remember your last paycheck, when they took all those taxes out? Some of those taxes probably went to your employer, if you work in fincance, airlines, manufacturing, advertizing, defense, technology, etc. The computers that those companies bought with your taxes, that's their property.
We call that CAPITALISM.
There are two types of people; those who divide people into two types of people, and those who don't.
I am sick of these anti-Microsoft stupids.
All mail is opened before being delivered to the recipient. I have NEVER received a sealed mail while working here.
Well, twice. They didn't bother opening some junk mail on a Novell training seminar.
At a call center job four years ago (Inbound only, I answered a warranty line) calls were randomly monitored. Same at the job I have now. I once heard a rumor that the company was looking into the cost of recording cell calls, but I think (hope) it was all talk.
IM logging and blocking is a priority for the network admin (Per orders from higher up). Yahoo and AIM are heavily abused.
There are a number of people in this company who would LOVE to get their hands on a copy of this software if they knew it existed.
"Live Free or Die." Don't like it? Then keep out of the USA
Meant to say, you will not be adversly affected if he uses *HIS* phone to make a call which would bring RICO charges while he is billing you...
I like the part about the mercenaries.
:)
My wife and I have 2 completely different views on work. I hold the mercenary philosophy, she thinks has to be a slave. I'm much less stressed.
Sean D.
"Hmm. I am to metaphor cheese as metaphor cheese is to transitive verb crackers!"
WHY do people use hotmail? Are they stupid? It's not like you need to have a hotmail address to use msn messenger. 2 megs of space and a limit of 1 meg of upload, it's not enough. To people that have a connection at home, use your isp email! To people that want an email to subscribe to stuff and keep your main address with less spam, then you may use a hotmail or similar address. I prefer http://www.inbox.lv , they have a great antivirus working
Open Source Java Web Forum with LDAP authentication
I'm no lawyer, but presumably a few people at Nolo are, like the person that wrote this article about your rights at work. Surprising you have very little.
_______
2B1ASK1
At least I can still {my} use slashdot to {boss} send {is} super sneaky {a} encrypted {bozo} posts.
The problem is not the question of firing the one jerk, but the solution used to do so is wrong regardless of the result. The ends do not justify the means, and it is clear that any company or organization that uses private information on employees to make such decisions risks doing so for the wrong reasons. Should police be free to monitor what people do in hotels and parked cars because they might catch a date rapist?
I have consulted the oracles and they have spoken. The secret combination is Ctrl-Alt-Del and then 'T'. That will show the Task Manager (assuming you are in Windows), and there you can probably see the sucker running.
Rome taught me patience and assiduous application to detail. Virtues which temper the boldness of great, general views.
On a shortcut through the law department at my university, I noticed many of the Proffessors had posted there contact e-mail address on the doors of there offices.
Without fail, these were all hotmail accounts rather than the official university address they are given.
I can only assume this is because they don't know how to connect to the universities mail server from home (or more likely, assume it cant be done).
The solution to this was to print out the regester article entitled Hacking hotmail made easy and stick it on each door displaying a hotmail address.
Last time I went through the law dept, everyone had given up on hotmail!
Anyone quoted by a reporter knows how little they understand
Don't believe what you read is the truth.
You know, I don't mind that /.'s editors are so blatantly anti-Microsoft. I mean, that's part of what /. is. What bugs me is when they go out of their way to do it. This article clearly mentions Yahoo! mail as also being just as "unsafe" for work as Hotmail is, but what's the subject? HOTMAIL unsafe for work! Good God.
And anyway, like pretty much everyone else has said, if you want something to be private, don't freaking do it at work. Simple simon.
Typing away in Emacs. "Damn, there's that blasted eBlaster again! Every time I try to run my HTML Tidy Lisp script...."
"Live Free or Die." Don't like it? Then keep out of the USA
This is such a common-sense thing, that it's hard to believe
people are hiring employees dumb enough to do this shit, then
subsequently hiring more "employees" to spy on them.
Network usage rule #1 in an office is to always assume there is some sort of spyware logging you, and even if there isn't.. ever hear of a
camera?
I personally have had to be in charge of confidential data before and
i'll tell you, hackers are nothing compared to your own stupid employees. Just block *msn.com, *hotmail.com in your firewall and remind people that company time is not for private email and be done with it. Then you can go back to the server room and browse porn
in peace.
It wasn't that long ago that companies were claiming they should be able to spy on their employees after hours, in their own homes.
The only way to keep corporate scum in hand is have as much information as possible available to the public so we should be implementing systems to help more internal information to get leaked out.
We don't give up all our rights just to work for The Man. I get breaks at work, I use the bathroom, and I get some privacy. As long as I don't abuse the resources given me or take outrageously long breaks, I ought to be able to make a personal phone call, check my e-mail, or read part of the paper.
Having some personal time at work guarantees that I'll be sane enough to be productive the rest of the time. If I couldn't take a break and have a little privacy, I'd probably end up staring blankly at the screen drooling on my keyboard and I'm sure the IT folks would REALLY love that.
-Me
Under capitalism man exploits man. Under communism it's the other way around.
18. I do not have physical access to the PC I wish to monitor. Does eBlaster support remote installation?
eBlaster can be configured to send the program installation file to another email address.
Assuming that the receiving email client will allow the receipt of a .EXE file attachment and that the user opening the email clicks on the file attachment, then eBlaster will automatically install itself on that computer. Once installed on the remote computer, eBlaster will send recordings from that computer to your email address.
VERY IMPORTANT: You MUST be the owner of the computer to which you are remotely installing eBlaster. If you are NOT the owner, or have not received permission from the owner to install eBlaster on that computer, you could be in violation of state or local law by monitoring the activities of property that does not belong to you.
Even considering their warning, the mere fact that they put this in their FAQ means that they are pandering to people who want to use this to prey upon the multitudes of "dumb users" who are willing to click on random enticing .EXE files in their email. We can argue back and forth about the moralities of monitoring employees/kids, but this entery into the FAQ makes THEIR morals seems much more questionable.
There is a difference between being aware/concerned and asking questions and rummaging through their stuff (diary, notebooks, etc). It's one thing if you have a specific reason to be suspicious (as I previously noted) but otherwise you're just putting yourself in a position for more harm than good.
If one can't see that then maybe they should be looking into the mirror when they say "you've got some growing up to do."
-- Scientist: You aren't going to leave me here, are you? Boagh! Thump...
"Built for Windows
eBlaster is fully compatible with Windows XP, Windows 95, Windows 98, Windows ME, Windows NT and Windows 2000."
Well, thank god for that.
[calum@womble calum]$ uname -a
Linux womble.umtstrial.co.uk 2.4.19 #1 Fri Aug 9 15:21:00 BST 2002 i686 unknown
Get your own free personal location tracker
You must work for the government, right?
That's pretty much exactly why I quit and went into IT. But, then again, it's not just the governments that do this; almost any large bureaucracy can tend toward this.
Isn't that what we're really talking about here? Dealing with employment that turns people into widgets?
----
Not to be confused with Col.
If I understand correctly, hotmail does encrypt the transmission of the password, but not the data session. I imagine the software is just reads the network traffic, but has not locally installed component. Maybe we should all get usb keychain hard drives on which to store our private PGP/GPG keys and use hotmail as the transport layer. Plus, there has to be a free webmail service out there that supports https (My old college account does: webmail.colostate.edu).
Instead of block, a good alternative is to install viralator
in a linux with squid.
Viralator calls the antivirus from the web proxy when a file is downloaded,
if it's clean the user can download it.
If i ssh, vnc, or just use the internet for ANYTHING that is not work related, it leads to instant termination. Apparently not even a warning.
Now, they had clearly laid out what is work related and what is not, but it's just the fact that if I do a google search it could lead to my termination.
Then again, I work with a VERY large database of people's private information. (Everything from names, phone #'s, social security #'s, credit card #'s... etc etc) I think the largest fear is that someone could start sending customer data back to their home PC. The other fear is infecting the network w/ a virus. (It's all Windows 98 - 600 machines...) That virus would spread like wild-fire through the company.
If I was in IT, I'd get them changing some things, but that's me. Possibly the reason why I'm NOt in IT. oh well.
So yeah - make sure you're allowed to remotely access your home PC, cause if not, you can be fired.
Depending on how there software works - at my current work we use a program called "websense" (normally used to block mp3 and porn sites) but we also block external email sites like yahoo and hotmail - basically they don't want us surfing the net - anyway what I have been doing is basically VCN to my home computer and surf the sites from there. If i'm using SSH2 when I connect does anyone think they would still be able to grab that info since it is not local?
Other variables - I am on a mac connecting to box A (linux) and/or box B (windows)
Ave Molech Setting
Please excuse my ignorance, as I'm not 100% sure on all the mechanics behind PGP, GPG and other such encryption schemes. But if someone is using a program like eBlaster on your computer that captures not only outgoing e-mails but also keystrokes, would having access to both the encrypted message and the plaintext (via keystroke logging) make it any easier to deduce your private key? If this is the case, then eBlaster could severely undermine public-key encryption.
Again, sorry if this is stupid or alarmist. I'm not trolling, I'm asking out of curiousity.
Let me get this straight:
You use the company's computer and the company's bandwidth to read and send your private email. And, you do it during the time you agreed to be working for the company.
And you bitch if they are monitoring what is being done on company time with company equipment over company bandwidth?
Do you refund the company the money you wasted in salary while you sat around emailing your girlfriend or forwarding that latest idiotic joke email? I doubt it.
> Just like security cameras in a department store or bank. There is normally no trouble, so nobody looks at the tapes.
Here in the USA, there have been quite a few news reports of the fuss when people discover the hidden "security" cameras in rest rooms and dressing rooms.
If you believe those tapes are only used when there is some sort of trouble, you don't understand the real motive for installing them.
"Hey, there's trouble in dressing room 3." "What sort of trouble?" "This chick walked in carring several swimsuits." "Ooh! We've gotta make sure there's nothing illegal going on in there."
Those who do study history are doomed to stand helplessly by while everyone else repeats it.
As I type this, a nice man named Dennis is installing a furnace and new ductwork in my house. While he's at work, he is not checking his personal email or surfing the Web.
Why is that? Because he doesn't have access to a computer here, of course. And I don't plan on providing him that access, because he doesn't need it to do his job. He seems OK with that.
The phones, computers, etc. that we use are provided for your use by the company because they believe that you need them to get your work done, and for no other reason. If suddenly your job requirements changed and that computer was no longer necessary, do you really believe they'd shell out the IT dollars to keep in on your desk so you can check Slashdot for updates? Not a chance.
The next time you want to complain about a company exerting restrictions on personal use of their resources, just imagine how often you would be checking your email while you were running gas line or rooting out sewer pipes.
Now having said that, of course it's reasonable to expect a certain amount of flexibility in the office environment. But if they have a good reason to crack down (corporate espionage, virus transmission), tough noogies.
By the way, compared to many engineers, the money's better in plumbing, and the work is more recession-proof... something to consider...
So, they want to read my personal email but they don't want to read my ideas on how fix some corporate IT problems?
Perhaps I should put my suggestions in personal emails sent through Yahoo!, that way they might get some attention.
Speak truth to power.
If your employees have nothing to do, they will fill their time accordingly.
If they are surfing HALF the day, obviously they can do TWICE the work they have been doing.
Managers, it is your fault your people are wasting time, deal with it. If you don't want to trust anyone, don't expect any respect in return, and don't expect ANYONE to go the extra mile when needed. First replace the managers, if they cannot manage, buh bye!!
You are lazy and have no honor.
I wish all the "cracks" of our e-mail systems were so easily fixable.
My observation is that people have become addicted to e-mail, whether personal or professional.
It amuses me to think that many of the people who slag the poor cigarette smokers for taking their productivity-siphoning nic breaks are themselves logging into their personal e-mail accounts, I-M services, or message boards constantly throughout the work day.
But because this can be done while staring at a monitor, as opposed to shivering in the parking lot, it is overlooked. Or, based upon the post that has sparked this conversation, was overlooked until now.
Interact with co-workers at work. Interact with your personal contacts off-hours. Full stop, end-of-story. It seems so incredibly simple to me, that any other angle just seems a rationalization for one's e-mail/Web addiction.
Not everyone has the resources or ability to do that. Even if we all did, as someone else pointed out your employer can block access to your server just as easily as they did Hotmail.
kevin zollinger - kevin@mailsoap.com Spam Free Email!
Hotmail: Not Safe For Work?
Cancer: Not Good For You?
Thanks Captain Obvious!
what part of "duh" dont you get?
but then companies using hotmail is no surprise and is more common than most of you think. why? because one reason or another; such as there are some 'old boys' high up that like easy stuff, cost cutting, etc OR the people are just not with technology...
yes, even in seattle with UncleBill looking over your shoulder this is more common than one would think. I could name names, but then someone would probably kill me.
Appended to the end of comments you post. 120 chars.
There are two types of workers, those who WLL get the work done regardless of distractions and those who will NOT get the workdone even if placed in a locked room. Hire and trust good people! Big brother tactics just makes the productive people less productive and won't fix the duds.
Read the article.
eBlaster is a fancy keystroke logger. Encrypted network connections are completely irrelevant.
SSH, Pine, VNC, anonymous web services--choose whatever gets through the firewall, and keep your mail yours.
If you are on your employers time and equipment expect this sort of thing. Too bad for them, that they cannot have it both ways. Either they allow open communication or not...
Blogging because I can...
"eBlaster is fully compatible with Windows XP, Windows 95, Windows 98, Windows ME, Windows NT and Windows 2000."
Software that monitors what web pages you view... Wait until they see how much time you're spending at /.
Wait, what are you doing here now? GET BACK TO WORK!
Aren't other trojans like Back Orifice and NetBus marketed as 'network tools'? How long before anti-virus programs either add this to their lists or are somehow convinced (bought out, coerved) to intentionally keep this from their list like that did with the FBI's Carnivore program? If you purchase the software eblaster you would think it is yours ,
but that is not the
case.
Spector soft designed the software to periodicly register its serial number with there database. This way if the software is installed in one or more machines they disable your software. Sure a firewall would prevent this communication, but it should also prevent the program from working anyway. I also woant to know what level of trust would one place into a company that can then have total control of your system. Are all those emails marked 'confidential' being sent to the company president also being routed to some other location? In this case security is only as strong as this software company's security. Could someone not take over and then have instant access to hundreds of corporate zombies? Sorry, but I am not about to take that chance.
Cave, wreck, and deep diver.
From the HushMail FAQ:
Can HushMail protect against keystroke recording?
Hush cannot protect the user against this kind of security threat as our system is designed to ensure secure transmission of data between computers only. If a HushMail user's private computer has been compromised or if they are accessing their HushMail account from the workplace where keystroke recording software is installed, their HushMail passphrase may be accessed by a third party.
To combat keystroke recording software, we suggest you:
* Change your HushMail passphrase regularly
* Choose a secure passphrase
* Update your virus checking software regularly
* Send sensitive communications through your private/home computer
As much as it's evil... information privacy is a tricky business.
Forget the law, forget everything else, let's talk morals and common sense here.
I'm your boss. It's my network, outright. You work for me.
Should I be able to read all your emails and learn private details of your private life? Should I be able to learn which other poeple in the office you've been sleeping with? Of course not, that's personal.
But.. when information worth millions suddenly appears on the black market, and SOMEONE leaked it, should I be able to look through a log of ALL my network traffic and find out who sent it? DAMN STRAIGHT I should.
Yes, it's hard to draft a law that says this, as there is always room for abuse.. and that's the problem. It's a fuzzy thing.
Limiting access to information is one thing.. but controlling the USE of that information is far more critical.
This afternoons events in the restroom.
The events eluded to are funnier than an outright statement of what happened would be.
Maybe the state's highest function is to grind out insoluble problems. (Zelazny, Hall of Mirrors)
The arguement for businesses to read your private email is that they own the network (there is another arguement that they Must read your email.) Since they don't own the wireless network for your phone or your phone, then they couldn't legally tap into it. Don't get me wrong, I know some slimey HR types that might agree that it'd be good to tap cells and the payphones at my ex-employer, but it's still not legal.
"Tax preparation software eliminates errors your[SIC] may make...." From IRS home page.
In all of the jobs I've worked at, access to web-based mail systems that don't directly relate to work are blocked. Which is really how it should be anyway....... I waste enough time as-is putzing around on the Internet without compulsively checking my personal mail accounts every 15 seconds.
When I'm using a Linux box away from home, and I absolutely don't want my web traffic to be able to be sniffed, I use this semi-quick solution.
I installed Squid (the proxy server) on my box at home (which has a cable connection) and then use this simple one-line SSH command to create a SSH tunnel, which forwards all my web browsing to my proxy server at home, across an encrypted channel.
ssh -o ProtocolKeepAlives=15 -q -f -N -C -g -L 45855:localhost:3128 myusername@MY.HOME.IP.ADDRESS
Then I just have a copy of Opera on my machine away from home, set to use a proxy server on localhost port 45855. Works beautifully for web browsing that a company can't sniff.
Note that I used the "-g" option of SSH, which allows other machines to connect to my locally forwarded ports (i.e. they can use the proxy server back at my home by connecting to the local port on my machine.) Take it out if you don't want this.
I'm positive that the details vary from co. to co., but even the most draconian agreements I've had in the US (in spite of the fact that we seem to be seriously lagging in terms of little-guy "us" protections) *only* applied to work in the same field as what I'm employed in, and only if I used company time (i.e. *not* what I do on weekends) and resources.
If I do it at home on my own time, it's mine and no one elses. If I do it in a lab at work, then they own it.
Very simple, really. (again, maybe I've been lucky in every single job I've had). I'm an engineer, in case that makes a difference.
Um, do you think the poster knew that Homer's usage of the term "buttinsky" was a not-very-veiled derogatory term used toward a homosexual character? Not so sure that it works in this context...
OK, is there a way to encrypt my e-mail? I imagine not if I'm using Yahoo, but not sure.
Is there a howto somewhere that would left me talk to the (mostly) unencrypted masses safely? Or would I be "stuck" sending and receiving e-mail only from fellow geeks? (I guess I'm a geek, just not a CS geek. )
If you're at work, you're supposed to be working, that's why you're being paid to be there. Most companies do allow you to access hotmail, etc as long as it's not affecting your productivity, but they don't have to and as long as you are doing it with their equipment while they are paying you, it is their business. Actually, most of you probably signed contracts stating that any information you put through the network at your place of employment may be monitored, read, deleted, and so on.
Just a quick FYI
https://mail.yahoo.com
This won't stop them from tracking you, but at least your content will be private.
Most webmail providers now have SSL access, not? If your employer snoops on that, it's hacking and it's most likely illegal. If your webmail provider doesn't offer SSL, then switch. If your employer blocks webmail providers, ask your boss to open it. If he doesn't do it, bad luck.
There is constitutional right to have your employer to kiss your ass and take care of you.
Strange women lying in ponds distributing swords is no basis for a system of government.
I check my email while I'm logged onto my box through webmin over SSL, which is WAY cooler than having to put up with the lack of filtering options, and other limitations of webmail. I also restrict the ips that connect to webmin, activate the service through an email trigger, and deactivate it thru the interface when I'm done. I don't have anything to hide. I just hate fscking webmail.
From Government intrusion not from corporate monitoring on corporate property. Big difference.
Strange women lying in ponds distributing swords is no basis for a system of government.
Encrypted communications will not help here, as the software is a "trojan" installed on your PC, logs every keystroke, and intercepts content of email after it has been decrypted.
Basically, if you cannot trust the PC that you are running your HTTPS browser on, you should assume that the encryption is not giving you any protection against the owner of that PC, or anybody else who "0WNZ" that PC...
Personally, I bring my personal laptop to the office each day, run a local firewall on that laptop, connect it to the office LAN, and never install any company-provided binaries on that laptop.
The company provides a corporate-owned business desktop, and I use that machine solely for messages and network traffic that I would not have any problem with the helpdesk people reading -- since the corporate standard is to install LanDesk, I have to assume that the HelpDesk people can and do have access to anything on that machine.
Keep your business life as distinct from your personal life as you possibly can.
I do not deploy Linux. Ever.
Let's get drunk and delete production data!
three words: tongue in cheek
if you don't know what that means, it's not frenching
It runs on my own server, not a commonly-blocked Hotmail server. It even lets me reply to messages. And because it's on my own server, and written in good-ol' PERL, I was able to completely customize it - to filter spam a dozen ways from Sunday, including naughty-word lists, friend lists, and blacklists. I can do much better filtering than common POP3 programs (Netscape, or Eudora, or Outlook Express) because I have absolute control - I can filter on any part of the message, strip out HTML, limit download size, you name it. In fact, I like it so much I have started using it FIRST to identify and delete spam before I run OE to download the mail onto my PC.
Don't grouse to me about server space; I'd bet 90% of /. readers have server space with cgi-bin access. If not, and you're getting blocked at work, this might be a good reason. Are you unwilling to pay $5-10/month for this?
Com'on, instead of whining about it, do something useful.
--Brandon / Split Infinity Music
Employeers are not allowed to record person phone calls made from company phones and/or on company time....this does NOT however cover for the fact that your are using company time for personal business.
"Simon Says, Fuck You" - George Carlin
Unless your workplace and network are used by experienced computer people (ie; those who are competent in their operation and know all the risks they might be open to in there use), then your fellow coworkers make computers not safe for work. Email. Surfing. Games. Programs. Sticking their tongues in electrical sockets. Sure, security helps, but you can only do so much for the gimp behind the keyboard.
You need a FREE iPod Nano
I confirmed that projects made on my own time, that don't use company resources (including work time) are my own. When you're starting a new job, it really doesn't hurt to ask about right-of-ownership. Most employers I know didn't find the question offensive, in fact many found it intelligent - and indicative that I enjoyed what I do (if I were also the type to code on my own time).
Just as a safeguard, you can also request an anmendment to your contract indicating that your work at home is your own, and what constitutes non-company owned work.
In my case, much of what I work personally I offer to the company free, but allowing that I may offer the non-proprietary stuff elsewhere, and use it personally, so long as it's clear that I will never charge my employer for the use of said code/knowledge (even should I be terminated or quit).
And when you've had the "screw it" attitude for the past 3 years, and either quit jobs or just generally been an ass, then how do you find another job when you have no good resume references from former employers.
Interview/Application Question: Previous employment
Ummm.... I've worked at many companies, but prefer not to name them as they now hate me. It's all their fault though, really!
I prefer to do a good job, enjoy my work and take pride in what I do. I do check my own emails, post to/read slashdot, etc.
However, I try to not tie up a lot of time I could be being productive. It also helps that when I ask for a day off, or a perk/raise, I often get it or at least get reasonable consideration. There's no reason to work like a slave, but a little honest dedication tends to have its rewards.
was hotmail ever considered a secure way to do anything?
-
keylogger will intercept stuff before encyption
(hardware and software)
the best you can do without a portable computer is protect your paraphrase with something like tinfoil hat linux (until it allows video-game-style text entry for things other than paraphrases)
even with that, you still have to enter the data before it's encrypted
with a portable computer (palm/iPaq/laptop), you could write the message on the portable, encrypt it, and transfer it to desktop for sending.
You can install it even if you don't have physical access to the machine.
o ws/remoteinstall.html
Check out the optional remote install where they tell you how to install a trojan version of their software:
http://www.spectorsoft.com/products/eBlaster_Wind
At that point, you can use imap(s) and horde/IMP [horde.org] to create your own webmail service...
Don't bother with horde. Get Squirrelmail and you won't regret it.
//m
... actually use hotmail for anything other than a spam folder when you need to sign up for a website that requires an e-mail address?
I wouldn't trust MS to hold on to any information I considered important.
"People will pay big bucks for the luxury of ignorance."
"Breathe on your own time, dammit!"
Had to be said.
-- Terry
InterHack reports that SpectorSoft sends all captured data (this includes the emails) through their own servers. Employers that monitor their employees with this software will also be giving Spectorsoft a clear view of what their employees are doing. Proprietary and otherwise sensitive data are certain to fall into Spectorsoft's hands. Who is Spectorsoft, and why should you trust them to keep your secrets? Read the report here.
If as a parent you have to snoop your kids e-mail account (yeah, it's wrong. Yeah, the kids will find out. No, they won't -nor should they - forgive you) then I have to suggest that there are deeper problems than e-mail in the kids life.
/. ers) are gonig to need help from their kids in setting up the software in the 1st place!
I'm sure a lot of people won't agree. I think this is sad.
I look at it this way, if you're snooping it's either because
a) the kid refuses to tell you what's going on in their lives (u're already not a part of it)
b) you feel you can't believe what the kid tells you (therefore there's a lack of trust on both parties, and when kids lose trust in their parents, snooping won't do any good).
I guess I'm saying that parents that think they need this probably would do better to read a book or learn to treat their kids with the same respect and honesty that parents demand (and the software won't do a bit of good).
Besides, who are we kidding? Parents (maybe not
The companies are only acting in their best intrest. Anything that YOU as an employee send out from their establishment, they are liable for.
I dont blame them
If you want to make a 'private / personal' email, do it at home. NOT at work. IF you are using your companies resources, it is certainly NOT private.
Dont know if this has been said before but to lazy to sift through the 500 something posts that are made
This is not an ideal solution. Basically you get a lot of spam, some personal email, and maybe the occasional company memo. Especailly if you monitor inbound mail, I think there are some issues not only with privacy but also with effective security and draning resources from places where they would be better spent.
LedgerSMB: Open source Accounting/ERP
Never fear, the law is here... Don't worry that your company is secretly copying all your emails, becuase you own the copyright on each and every one of them. And even if you have signed them away, your friends happen to own the copyright on all the emails comign into the system.
It will become very expensive very quickly for companies to keep copies of employee emails when people begin sueing for license fees ($4,000 per email, right?)...
"Your superior intellect is no match for our puny weapons!"
That these companies will simply lose competitive advantage from the waisted time and energy monitoring the emails.
Remember, though, where I work we have a site license for VMWare. This does NOT prevent me from installing GPG and incryping the memmo with a GPG key on a floppy disk and then attaching it to an outgoing email (or uploading it to my sftp server at home).
LedgerSMB: Open source Accounting/ERP
I really don't agree with the software being offered here (as apparently much of you don't either). I have had internet access for just about as long as commercial ISPs have been offering it (for a cheap price, naturally), and to me it seems that if there are employees screwing off on the company's dime, it is just as much the fault of the manager of that employee as it is of the employee themselves. You motivate your people to take pride in thier work, and they have good output, despite the fact that they might check yahoomail or /. from time to time.
If the output is quality work, who really cares what happened between instruction of task and completetion? (barring of course, those fools who surf pr0n all day on work and subject themselves and the company to a fat sexual harrassment lawsuit, of course.)
Why do I M2 everything negatively?
Loyalty works both ways. I think some of the children on slashdot forget that.
I respect that your company understands the concept of loyalty, but you're in the minority. These days, you can work your ass off for most companies, but when the time comes that you need some reciprocation, there's none to be found.
For example: My wife's supervisor got pregnant and had to take a sabbatical to go on doctor-requested bed rest for about 6 weeks. She was a hard worker, but the second week she was gone, they were already training her replacement. When she comes back, they're moving her into a new position -- the one that nobody wants, the one that temps quit after a day. It's a way of forcing her out without firing her.
I've seen this happen many, many times. It's just the new modern style of management. So I find myself reluctant to push as hard as I once used to. Where I used to volunteer to do the hard jobs, only to have them expect me to do them from now on, now I take a wait-and-see approach. I evaluate multiple factors before I take on additional responsibility. And I cringe when I watch the new guy get screwed.
Ultimately, I think businesses have just gotten too big. In a small business, relationships really make a difference. You feel like you're in it together. You feel like a team. In most large companies, though, that feeling of teamwork is gone. Managers put on phony smiles and give lifeless cheerleading routines. They often hate their jobs, too.
At any rate, if you've got loyalty, you're doing something right. Keep it up. Don't let your business get so big that it loses the small things that make it special.
I think that any responible company would get this software to protect themselves from the Patrick Naughtons of this world.
(Just don't go selling access to your home box to all the nubes that download and run viruses).
Free Software: Like love, it grows best when given away.
Not to encourage the concept, but there are times when it's necessary to know what's going on, if only to protect yourself.
I have a good friend who due to a nasty personal situation (not of her making), is in need of a keystroke logger with capabilities to match EBlaster (*must* be able to capture mail sent and received thru Hotmail and the like).
But my friend really can't afford EBlaster's price. So...
Does anyone know of a good free equivalent that runs on Win32? It must hide itself from the reasonably computer-literate (tho need not be geek-proof -- just staying out of Task Manager would be sufficient) and the ability to forward captured mail, a la EBlaster, is a major plus.
My friend thanks you in advance for your help.
(Email me if you don't want to be seen posting such stuff: rividh at earthlink dot net)
~REZ~ #43301. Who'd fake being me anyway?
The right to be secure in my person, place, articles and effects against unresonable search and seizure has been egregiously trampled by the War on Drugs(tm) and the War against Terrorism(tm), so much so, that cops derisively refer to the fourth amendment as the one-fourth amendment.
Arguablely the 4th, 5th, 9th, 10th and 14th amendments and their penumbras enumerate a right to privacy. However the fourth amendment has been thougoughly castrated by incompetant judges and power-mad politicians. I wouldn't hold my breath on positive change until after a liberal Congress and Executive branch has been elected and liberal Judges appointed to the Supreme Court.
And by liberal, I do not mean Democrat, since those plutarch assholes are just as worthless as the Republicans!
Taco's spelling is won-dur-ful as usual. It's buttinski, not -sky.
Even better IMHO, give OpenWebmail a try. Easier to install than IMP/Horde and Squirrelmail really only works well if you're running IMAP.
Violation of state or local law?? These guys really are slimy if they don't warn customers that Uncle Sam's law enforcers would be involved.
Write a little program that accepts SMTP or POP connections on localhost and then just loop some rediculously large garbage messages through those ports. If eBlaster grabs sent emails based on port activity and forwards them to the boss, you should know if your company is using it about the time your company's email server fills up and crashes. Of course you might have a little explaining to do...
The keystroke logger bothers me a bit. That is very invasive. Of course it wouldn't be too hard to have a program that sends "My boss is a tool" a few thousand times to notepad or Word while you're away at lunch either.
'Same speed C but faster'
For my job (I do off-shift engineering support in the semiconductor industry), I had to sign a conditions of employment agreement... It had all the usual intellectual property clauses I'd expect from a tech job -- but it also had stipulations that company resources (phones, faxes, data systems) were for business use only... For anyone who signs such an agreement, hey, there are no expectations of privacy in the areas controlled.
And, yep, I've seen people fired for violations of the "business use" guidelines. If you sign away a right to privacy in order to get a job, it's not really being violated if the company snoops on your email.
Friends help you move... Real friends help you move bodies...
Then companies have no right to call us out of hours or making us work overtime with no pay, no matter what the situation is.
:-P
Most sensible people know they have to be flexible to meet work requirements, I expect a sensible company to do likewise.
BTW all my posts are made mainly from my office during idle moments
IANAL but write like a drunk one.
YHBT man, YHBT....
Reasonable expectaion of privacy is established under the guidelines of our policy, which every employee signs. By signing the documents they testify and agree to this. Period thats it. The policy has went through several lawyers and is 100% enforcable in court. There is nothing to sue us about you moron. We haven't taken any action against the guy as of yet. That is a matter for our lawyers. And it sure as hell is not illegal. The whole point is he is a registered sex ofender. You may live in some liberal state but here we have laws. If you are a registered sex offender there are disclosure laws. You move into a new city, the residents of that city are to be notified about you, your address and your criminal history. It is the law, no exceptions! I didn't write them but I happen to work at a place that enforces them. As for backround checks, they are only completed on people working in certain areas. They are not cost effective to do for every employee at $1000 each.
>Corporations will most likely argue that, because
>of sites like Internal Memos, companies need to
>keep a tighter grip on the information that flows
>in and out of their companies. But attempting to
>spying on private e-mail??
Paprikash, I say!
I think you're logic is flawed here. You're assuming that
leaks occur predominantly via email.
But everyone knows that email is unsafe.
Maybe there are people stupid enough or that just don't care
if they are caught.
I bet most use their own
secure method to post.
ssh to your own box and then upload later from
home.
Maybe internalmemos will post a graph showing
percentage from real companies vs. ISPs.
(although that may not prove anything since
the net has become "blurred")
And as for spying on personal email,
it's no longer personal once the bits are traveling over
their "wire".
This is not new insight, right?
http://tinyurl.com/3t236
Someone at the EPA is *spunking* on keyboards? How THAT is seriously SICK....
Polymorphism -- It's what you make of it.
That's like saying that a company can't force you to take a company administered colonoscopy unless you fart. (Assuming farting is against company policy.)
...was Hotmail particularly secure to begin with?
Note to M1-ers: a curt but otherwise insightful message is not "Flamebait" or "Troll".
...airplane pilots on commercial carriers are forbidden to drink for up to 24 hours prior to flights as this affects their reaction speeds. ...a lawyer who is consistently drunk before showing up in court may not do a great job defending you from murder or a substantial civil judgment. ...a doctor about to go on shift should probably not have been doing an all-night rave with E less than an hour before. ...YMMV.