Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hotmail: Not Safe For Work?

Posted by CmdrTaco on from the no-shocker-there dept.

silentknight writes "According to MSNBC, web-based e-mail providers such as Yahoo and Hotmail may not be a haven for your private e-mail anymore. At least not while you're at work. SpectorSoft is introducing eBlaster, which aims to "secretly forward all e-mail coming and going through such Web-based accounts to a spy's e-mail". Corporations will most likely argue that, because of sites like Internal Memos, companies need to keep a tighter grip on the information that flows in and out of their companies. But attempting to spying on private e-mail?? In the words of Homer J. Simpson: "Butt out, Buttinsky"."

11 of 564 comments (clear)

  1. blocked at work by Jucius+Maximus · · Score: 5, Informative
    In the large company where I work, all access to Hotmail, Yahoo, etc is blocked at the firewall. This is because too many lusers kept downloading klez, hybris, (random vbs trojan), etc and executing them.

    After this was done, all virus problems on the network dropped from one incident per 2 weeks to maybe 1 incident per 4 months.

    As to the privacy issue, the easy solution is to NOT SEND PRIVATE E-MAIL FROM WORK (or at least use GnuPG or PGP!)

    1. Re:blocked at work by Jucius+Maximus · · Score: 2, Informative
      "Bah, forget it. I'm not feeding a box I don't trust a disk with my private key on it, much less even type out my passphrase on that machine."

      You are encrypting to send to someone else. No private key is required. If you really need one, generate a new key for work purposes.

    2. Re:blocked at work by Nomad7674 · · Score: 5, Informative
      Another alternative, when e-mail from work is essential, is to get a wireless device capable of sending e-mail without using the work e-mail system. The Kyocera 6035 Smartphone (and the coming-soon 7135), Palm's i705 Palm.Net service and Earthlink's various wireless services seem like good possibilities.

      Of course, a truly persistent person or corporation can find a way to tap into any technology, given time and money.

  2. One word : by M1000 · · Score: 5, Informative

    http://www.hushmail.com

  3. this can be monitored already by prisen · · Score: 3, Informative

    Not really anything new here; "The Man" can see what I'm doing right now, where I'm going, whether or not I'm logged in to a site (including my username and password), how long I've been on a certain page, etc etc etc - And he doesn't need a kiddie script to do it. That's just part of working for the DoD or any other institution that has full monitoring instilled in their computer use policy, I guess.

  4. you missed something by mattdm · · Score: 4, Informative
    The 9th amendment -- for some reason, people who want to restrict the rights of US citizens seem to conveniently forget that one. Here it is:
    The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people.
    There's my right -- and yours --to an adequate standard of health, to be looked after after a life of contributing to society, and yes, to pursue happiness. Oh, and of course, to live like a free human being, not a corporate slave, even when I'm at work.
  5. Examples of privacy at work by dcollins · · Score: 4, Informative
    From the article:

    ...a personal letter through the company mailroom. The contents of such a letter are protected by U.S. mail regulations.

    Contrary to the large contingent of "company can do whatever it wants on its property" boosters, there in fact seem to be all kinds of legal protections and privacy expectations established for workers in corporate offices.

    The fascist model that says otherwise is not only frightening, it's untrue.

    The full quote from the lawyer in the article (in reference to the 1986 Electronic Communications Privacy Act):

    Spyware like that produced by SpectorSoft and competitor WinWhatWhere Corp. has not yet faced a definitive courtroom test. But David Sobel, general counsel of the Electronic Privacy Information Center, equated private Web-based e-mail account with an employee receiving a personal letter through the company mailroom. The contents of such a letter are protected by U.S. mail regulations.
    "The question is: Is there a reasonable expectation of privacy? I would argue that if a company.com account is provided to me for company business, I can assume it might be subject to monitoring ... but if I take additional step to set up a Hotmail account that I occasionally access from my desktop at work, I think that could be construed as an expression of an expectation of privacy."

    --
    We know where leadership by an anti-intellectual "strongman" who scapegoats minorities and likes boisterous rallies goes
  6. [from the FAQ] by FuzzyBad-Mofo · · Score: 3, Informative

    18. I do not have physical access to the PC I wish to monitor. Does eBlaster support remote installation? eBlaster can be configured to send the program installation file to another email address. Assuming that the receiving email client will allow the receipt of a .EXE file attachment and that the user opening the email clicks on the file attachment, then eBlaster will automatically install itself on that computer. Once installed on the remote computer, eBlaster will send recordings from that computer to your email address. VERY IMPORTANT: You MUST be the owner of the computer to which you are remotely installing eBlaster. If you are NOT the owner, or have not received permission from the owner to install eBlaster on that computer, you could be in violation of state or local law by monitoring the activities of property that does not belong to you.

  7. Re:Ooh, goody... by Anonymous Coward · · Score: 1, Informative

    If this bothers you, use one of many excellent web based email providers that support secure connections.

    I can totally recommend FastMail.

    Though of course, if you are using IE, you are shot anyway.

  8. Simple, OpenSSH-tunnel work arround by depsypul · · Score: 2, Informative

    When I'm using a Linux box away from home, and I absolutely don't want my web traffic to be able to be sniffed, I use this semi-quick solution.

    I installed Squid (the proxy server) on my box at home (which has a cable connection) and then use this simple one-line SSH command to create a SSH tunnel, which forwards all my web browsing to my proxy server at home, across an encrypted channel.

    ssh -o ProtocolKeepAlives=15 -q -f -N -C -g -L 45855:localhost:3128 myusername@MY.HOME.IP.ADDRESS

    Then I just have a copy of Opera on my machine away from home, set to use a proxy server on localhost port 45855. Works beautifully for web browsing that a company can't sniff.

    Note that I used the "-g" option of SSH, which allows other machines to connect to my locally forwarded ports (i.e. they can use the proxy server back at my home by connecting to the local port on my machine.) Take it out if you don't want this.

  9. With this, no help to encrypt your connections! by Nonesuch · · Score: 3, Informative
    Please read the linked web site before posting.

    Encrypted communications will not help here, as the software is a "trojan" installed on your PC, logs every keystroke, and intercepts content of email after it has been decrypted.

    Basically, if you cannot trust the PC that you are running your HTTPS browser on, you should assume that the encryption is not giving you any protection against the owner of that PC, or anybody else who "0WNZ" that PC...

    Personally, I bring my personal laptop to the office each day, run a local firewall on that laptop, connect it to the office LAN, and never install any company-provided binaries on that laptop.

    The company provides a corporate-owned business desktop, and I use that machine solely for messages and network traffic that I would not have any problem with the helpdesk people reading -- since the corporate standard is to install LanDesk, I have to assume that the HelpDesk people can and do have access to anything on that machine.

    Keep your business life as distinct from your personal life as you possibly can.

    --

    I do not deploy Linux. Ever.