Slashdot Mirror
Hotmail: Not Safe For Work?
silentknight writes "According to MSNBC, web-based e-mail providers such as Yahoo and Hotmail may not be a haven for your private e-mail anymore. At least not while you're at work. SpectorSoft is introducing eBlaster, which aims to "secretly forward all e-mail coming and going through such Web-based accounts to a spy's e-mail". Corporations will most likely argue that, because of sites like Internal Memos, companies need to keep a tighter grip on the information that flows in and out of their companies. But attempting to spying on private e-mail?? In the words of Homer J. Simpson: "Butt out, Buttinsky"."
That eBlaster software seems like a totally excellent way to increase the amount of spam you receive in your inbox per day.
Thanks, SpectorSoft.com! You've made my week!
- SMJ - (It's not just a name: it's a bad aftertaste.)
The time you spend at work, you ought to be working, not sending personal email, making personal calls, or anything besides work-related stuff.
Now this becomes a little tough because we aren't automatons and have lives outside of work that need tending to. However, to expect that what you do within the walls of your company is private is laughable.
Just assume that everything you do there is under surveillance. Heck, all your thoughts are already belong to them.
I have been pwned because my
After this was done, all virus problems on the network dropped from one incident per 2 weeks to maybe 1 incident per 4 months.
As to the privacy issue, the easy solution is to NOT SEND PRIVATE E-MAIL FROM WORK (or at least use GnuPG or PGP!)
http://www.hushmail.com
If you use a company PC and bandwidth, you play by their rules. Sad, but true.
"Powers. I have them."
That kind of sucks. I've been putting this off, I guess, but does anybody know of a good web-based email client that runs with apache on linux (that doesn't require php)and that I install with minimum effort?
Roving Web-Teleoperated Robot
The best way to make people rise up against this is simply to encourage employers to try to apply the goals and reasoning of software like this against traditional communication services.
How many people you think would be cool with their employer listening in on their personal phone calls, and opening all their personal mail that gets sent to the office?
Apply it to everything, and people will understand that this is an encroachment on what we currently have, not a reasonable measure for dealing with a newish technology.
"Old man yells at systemd"
Not really anything new here; "The Man" can see what I'm doing right now, where I'm going, whether or not I'm logged in to a site (including my username and password), how long I've been on a certain page, etc etc etc - And he doesn't need a kiddie script to do it. That's just part of working for the DoD or any other institution that has full monitoring instilled in their computer use policy, I guess.
What, really? Oh no! Someone should've told me earlier!
I mean, legally, I have to side with the companies. Their machines, their time, their liability. The can do what they want.
BUT...it does suck, and I'd hate to work for anyone that would think they needed to read my private mail. My only hope is that more and more people will leave companies that do that to work for smaller companies, or start their own, and that these smaller companies will begin to resist the temptation of corporate assimilation. I see it beginning to happen now, there are some fairly large, privately held consulting companies that foster a great atmosphere for their people. The more I see big companies doing things like this, the more hope I have that this renaissance of the small business will grow.
This is why VPN was created so we can all VPN into home and use that connecting to get to hotmail.
Their computers.
Their network.
Their time.
Their money.
'nuff said.
slashdot!=valid HTML
... to read each and every one of the 300+ spam emails I get daily to my Hotmail account.
Of course this article is quite irrelevant for slashdotters. We should have our certificates, machines we can VNC to, encrypting proxy servers, etc.
But, ironically, it'll probably be the arrival of widespread wireless (be it 3G, a mesh network of 802.11, etc.) that provides a little privacy. Imagine, if you want to send a private email, just change your Wireless connection to be your public ISP-type network, send your mail, and voila. You use your ISP's network instead of the corporate one. Both parties are happier.
Likewise, the bandwidth I use is restricted to those activities necessary for me to carry out my duties.
I have specifically agreed to limit my use of thecomputer and network in this manner as a term of my
continued employment. Why would I expect any kind of privacy in this case?
Interested to know what people think about this.
Don't read this!
Use ssh or WinVNC (like I do) or somesuch to remotely access your home system, and run your personal stuff THERE. At work, the only non work-related software I run is WinAMP, WinVNC client and a web client. At home, I run an email client, IRC, ICQ, Kazaa, etcetera....
;-)
So long as the employer doesn't mind you connecting to your home machine (and you can encrypt that connection, somehow), then what you do with it is your own business.
Of course, you can still paste memos over VNC/ssh, so this just defers the problem somewhat.
.f00Dave
Yeah just what kids need, their parents reading their e-mail. As if they didn't have enough to deal with.
Sure, in some cases this could actually be an asset (as in if you're afraid your kid is going to run off with some 40 year old child molester) but otherwise parents should let it be.
Besides, if they really knew their kids they'd be able to guess their password ;D
-- Scientist: You aren't going to leave me here, are you? Boagh! Thump...
This really isn't neccesary when you can get programs such as keygrabber for windows, and if somebody's sneaking around on linux, they're either easy to track, or they're too good.
"And we have seen and do testify that the Father sent the Son to be the Savior of the World"
1 John 4:14
If employees are spending that much undo time at personal email at work, I think this speaks far more about the poor quality of the managers and the low morale of the company itself, than of problems of the employees. As such, it might even be useful to have a tool to determine if managers should go based on the rise or fall of such email traffic :).
Far more often than having your boss actually read your personal email every day, companies snoop to archive this sort of information so that if they need to they can review and use it later. This possibility for abuse in this regard is endless.
Doesn't have a functional web browser? What do you call Mozilla? Galleon? Konquest? Netscape?
Opera? The only browser it doesn't run is IE (you call that functional?) and there are some reports of IE running on Linux under wine!
BTW I did set up a Linux box running Debian at one place I worked. The machine was made out of parts salvaged from several junked computers so it cost the company nothing. My excuse was I wanted to evaluate Linux as a platform for a future internal project.
It took a little while to figure out how to set up proxies so I could reach the internet over the company network (MS friendly firewall) but it worked fine. I doubt that any spy ware intended for windows machines would work on Linux (and I could have just set up an internal firewall to try and lock any out).
My present client simply blocks all web based mail sites at the firewall. So I just send whatever I want through their corporate email system. Even mail relating to my other clients or negotiations for other contracts. If I really need security, I'll use encryption or simply give them a call. If they don't like what they'r reading or how I'm using their email system, they can either provide me with access to my yahoo email account or bite me.
It's just like my house. Anyone can look through my windows. But I can't be responsible if they're horrified by what they see.
Disconnect your television. Do your own research. Draw your own conclusions. They're probably lying. Don't be a sheep.
All this does is add competition to already available solutions for spying on employees. Such as hardware filters for keyboards or perhaps firewalls that log this kind of activity.
What I would like to know is what kinds of companies perform this kind of spying on their employees. I'd like to quote from Office Space;
"When I make a mistake, I have 8 different people comin' by to tell me about it. That's my only real motivation is not to be hassled, that and the fear of loosing my job. But you know Bob that will only make someone work just hard enough not to get fired."
Wealth is the product of man's capacity to think. -Ayn Rand
Yet, when a doctor, or lawyer, or any other professional service performs "hours" (I put it in quote because everyone knows that they generally grossly overstate their hours), I don't have the right to monitor their PC during the hours that they are working for me. I find it an interesting paradox that so many people will proclaim the "Yeah, well if you're doing the hours for them!" when so many other examples show that to not be how it works.
If an employee isn't pulling their weight, warn them and then fire them. It's as simple as that. I understand corporations getting a little annoyed by weenies forwarding internal emails (which is reprehensible and they should be punished), but most justifications are for pathetic, over the shoulder monitoring.
While I understand that a computer is company resources, I believe that responsible use should be acceptable and big big brother should not be there listening.
Blocking or intercepting email is more or less the same as listening in on a phone conversation. Yes, I know this horse has been beaten to death here but it's still ridiculous.
If you're not allowed to make personal phone calls then I can understand them not allowing or even monitoring personal computing use but for communications, email should be a protected medium.
There is no such thing as a "right to privacy" in the United States. Check out the Constitution and the Bill of Rights. You won't find find it along with other "rights" people say they have like, 'right to free health care', 'right to Social Security' and the often touted, 'right to party!!!'.
Strange women lying in ponds distributing swords is no basis for a system of government.
I have heard (and seen) small companies use email as a means of transmitting credit card numbers for purchases they get over the web because they are either too lazy or to cheap to set up a PGP based email system.
... and sending coorporate information to hotmail is NOT the way to do it!
... this is the first step into forcing cheap companies into doing so.
Although it may take a very unfortunate incident to really make people listen to me on this issue, forcing companies that need to keep their information private is a GOOD THING!
Customers trust companies to keep their information confidential, so they should do just that
Although I do not agree with spying into people's email, I do like the idea of scaring companies into investing into a more secure method of transmitting their customer's PRIVATE information
To all cheap bastards trying to run an e-shop: If you can't afford to buy a linux box, a small ISDN line, and PGP software to keep private customer information secure, GET OFF THE WEB!
HallmarkOrnaments.Com
I block most web based email systems... I have to... not because I want to be a a$$hole to my users, Its because no matter how many memos, emails, yelling at them...
They are downloading virus' to the network and causing me grief. Because then everyone get involved, and it becomes a huge mess just because someone wants to send something that should be done from home anyway?
Adult users, corp users should know better.. but i've been doing this for many years now, they act and treat the systems just like children... There are a few good ones don't get me wrong, for the most part they got from 35 years old back to being a giddy teen with a crush on someone...
So yes as a matter of fact I do think companies and admins should know what is going on at a users desk, it will save a lot of time and money for the company... and folks that's what's its about...
If a user bitchs (Like the one last week did) well I dont' have a computer at home, point there cheap ass to ebay.... and keep your personal crap where is belongs at home.
"The word "genius" isn't applicable in football. A genius is a guy like Norman Einstein," - Joe Theisman
Why are you doing your personal matters on their network, computers, bandwidth?
At one of the offices I Admin, I have two terminals set up in the breakroom with access to the public email sites (yahoo, hotmail, various popular ISP's), and only from those IP's (on their own subnet /30) can they get to those sites. Those workstations are also locked down, but have games and other break related software on them. All the users know that they are monitored on the "business" network for the sites they browse and the communications they make. Everyone is content with this. There is the option to use the break room computers, and if they want to do it on their machine (yahoo, hotmail, etc) they just plain can't. (unless you ssh/telnet(sniffed)/rdp/ica/pc-any to another computer off the network.)
www.oobersworld.com - For those that ride.
"Hotmail is phenomenal if you get there within the right time frame," said Kevin Mandia, a former Air Force investigator now working as a consultant with Foundstone Inc. "You can actually see people as they travel, checking messages from different computers. You can really track people effectively."
The owls are not what they seem
You!
Slashdot isn't safe for work.
Stop. You! In the cubacle - stop reading. You're being logged and will be delt with. Soon.
-Your Loving Managment
Moneyed corporations, non-working 'poor' and criminal prisoners are turning productive citizens into tax-slaves.
You're leaving out one major point -
When we (meaning the IT department at my company) monitors what users are doing, either on the internet, or anything else, they're not just doing it on company time...
They're doing it with company computers.
Interesting how they do not go into details how this product works.. I wonder if it will work through a secure connection (SSL-encrypted)? It doesn't even seem to mention if the product is a trojan horse-like program on the client computer or a firewall-like intercepting device.
Anyway, if the boss wants to read all of your SPAM, maybe you should just sign him/her up for all the SPAM lists your hotmail account is on. This way you don't even have to purchase the software to view all correspondence.
A computer is a valuable tool, so use it and stop whining.
I am an IT manager for a local government agency. We monitor all internet usage on a regular basis. for the most part it is rather boring. This also means that if sombody uses Hotmail or some such at work it gets logged. By state statute here all documents that are created on our equipment, i.e. you type an e-mail. It becomes public record. that means any Joe Blow off the street can send in a request for copies of any and all e-mails that we have on our system. This causes a few interesting problems. So I do a couple things. 1. I do not backup the e-mail system. All users are aware of this. 2. Zero retention on deleted e-mail. 3. A signed Acceptable Usage poilicy for each user. They are all aware of the possibility of being monitored. Does this stop people, no! We have had to take action on abuses several times. Like the guy that wouldn't stop surfing porn at work, he worked in the cube and there are several women that work in that office. Bad judgement. Last week things got worse. I noticed a user surfing a little porn so I checked the logs, I was a little surprised, he was accessing a Sex Offender Database. He was looking himself up! Turns out this guy is a registered sex offender in the neighboring state. I looked up what he was convicted of and it was RAPE. Also 90% of the workers in my building are female. We would have never known any of this without monitoring our system. Our lawyers are working on what to do with him now. People can bitch all they want about Big Brother, but ever consider sometimes this is bigger than one person feeling bad? Think about how you would feel if your sister or mother worked in that office and something happened. Wouldn't you have wanted us to do something about it? Take off the blinders and step off the soap box, because until you are the one responsible you don't know shit.
We have a very strict standard for e-mail. All e-mail that comes into our network belongs to the company, not the employee. If it's using our servers, it's ours. Granted, we don't allow managers to indiscriminately view an employee's mailbox without HR approval but we will do our best to protect our assets.
I block all web-based e-mail from our proxy - like another poster said, it prevents users from downloading viruses. I work in the medical field and we have to protect patient data so there's also the added risk of someone sending confidential material out of the company through a webmail account without our ability to take corrective action because of the lack of proof. Originally, I had to block hotmail because MS Proxy Server used to crash whenever someone accessed Hotmail so our company policy was actually born out of protecting our proxy server.
If an employee isn't pulling their weight, warn them and then fire them. It's as simple as that.
I agree - there are people who can do two things at once.
/gleffler
eBlocker, like so many other key logger programs, intercepts the email, web sites, etc before it reaches the network. So hushmail won't help.
So it's feudalism at work; democracy on your own time.
Your words could apply just as well to someone justifying plutocracy as the logical system of government for a nation -- the wealthy landowners get to make the decisions, because they literally own the country. Somehow, in these modern times, we've decided that that's just not acceptable anymore. Why do we still put up with it at work?
I have been getting a lot of spam lately on an address I only give out to my friends.
They all seem to keep it in their hotmail and yahoo address books.
Is that the spam leak?
Mouse powered Chips, Open source Processors and Lego
Err, excuse me, but since when have we had the expectation of privacy when using company resources?
You send email via Outlook and your company's Exchange server. It's logged (or at least monitored), for legal reasons.
You Web-browse on your company Workstation during lunch. It's logged (or at least monitored), for legal (and HR) reasons.
You send IM traffic across the company network to an external friend via ICQ. It's logged (or at least monitored), for legal reasons.
You send email via Hotmail using a company Workstation, out a company NIC, across the company Cat5, through the company switches and routers, out the company gateway and upstream to you company's service provider. It's logged (or at least monitored) for legal reasons.
Personal use of company assets on company time. Unless you have an absoultely rockin' Acceptable Usage Policy (from the employee's point of view), you're "up shit creek without a paddle".
You can bitch and moan about this kind of thing all you want, but it comes down to one thing. Is use of Web-based mail against the AUP policy you signed when you commenced work? If it is, and you do it anyway, you're screwed.
Sheesh, you'd think it was rocket science or something...
Janie took my gun...
CIA Operated.
Why do all these webmail-users use plain HTTP, anyway? Use HTTPS and nobody can spy on you - it's that simple.
And if $Webmailer doesn't support HTTPS, switch to one that does, because Webmailers that don't use HTTPS don't give a damn about security anyway.
The Spyware VS. Privacyware battle continues. I wonder if Pest Patrol will be able to tip us off that this crap is running, or even better, take it off our systems. I guess thespyware VS privacyware battle will continue to rage until both seem pointless.
The Uncoveror: It's the real news.
Why are you using private email at work? This is more than liekly against company policy. Simple solution, do not use private email at work.
Great Linux Site
But the whole idea of salaried employees blur this. If I am a salaried employee, my private time and work time start to become blurred. I am expected to work at home at times, and so I should be able to do private things while at the office.
An hourly employee is being paid for everything they do at the company, and that time does explicitly belong to the employer.
A salaried employee gets paid for the work they do, more than their specific time at the office.
Man, that site is hilarious! You can't make stuff like this up :-)
Do you even know anything about perl? -- AC Replying to Tom Christiansen post.
Putty is an amazing little win32 ssh client (does telnet and a few other things as well). For me, if I am working on windows and need to check my mail, I ssh out to my linux box and fire up pine. No muss, no fuss. It is worth checking out the license link... Simon, you ROCK!
+++ UGUCAUCGUAUUUCU
I have a shell where I host my web pages and such... or at least theoretically where I would host them were I to have any.
I ssh into that and use pine while at work, and then when I am home I use pop3 to yank it down.
this has worked well for me and I'm gonna stick to it. it isn't free like hotmail, doesn't have a slick web interface... or at least a web interface - but I like it well enough.
(it is like free to me because I would have this account whether I were using the e-mail or not)
There are some odd things afoot now, in the Villa Straylight.
Who, is his right mind, ever thought Hotmail was a haven for commercial or otherwise private information, when not a month goes by without a new flaw in their security or a new loophole in their privacy policy comes to light?
Yes, bonded slavery has been replaced by wage slavery. Greedy businessmen think they own us. They would pay us nothing, and have taskmasters whipping us if they had their way. It is time organized labor got off its fat ass and protected the rights of all workers, not just dues paying members of their union. It seems that established unions have become just another business, and are no longer run by people who work in the industries they allegedly serve, or a lot more of us would join a union.
How ya like dat?
Additionally, that e-Blaster software even traps and logs the keystrokes of the workstation: not even SSH or any other software that requires typing your password will help you here. If you're using your company's computer, and you are subject to their rules. ***END OF THE STORY***
¦ ©® ±
The last place I worked, I had to do something like this. We had a problem with an employee who was suspected of leaking company trade secrets to a competitor.
It turns out she was using a Yahoo e-mail account to send CAD files of complete circuits to her "ex" boyfriend at a competitor. She was doing this from computers at work, and yes she had authorization to access the CAD files in her job.
Because we were able to monitor the activity, the company knew what/when/where the files went. She was fired for cause and we contacted the competitor and waved the evidence. They had little choice but to fire the person on the other end and we watched them close to see if they introduced any "new" products over the next year or so that were based off of our designs.
* * *
Fast forward to my new company -- a once major telecom giant -- they now block all webmail sites they can find via their firewalls.
Simple fix? Squid proxy on your home computer running on port 443 (HTTPS) and requiring a username/password.
Learning HOW to think is more important than learning WHAT to think.
This software = keylogger on steroids.
Essentially, it doesn't matter if you're using 183903248099041-but SSLv329780132 encryption between your computer and the mail system, because the monitor is ON YOUR COMPUTER and logs the email before it's encrypted.
retrorocket.o not found, launch anyway?
I rather enjoy:
Fowler wouldn't describe particulars about how the technology
worked,
In combination with:
a judge wouldn't be able to rule on the legality of the software
without knowing exact particulars about how the technology works
So, they seem to have written a TCP/IP sniffer with a set of filters
to catch email sent to/from web based email but they're not going
to admit it because they don't want to get arrested for potentially
making it easy to break wiretap laws without really meaning to.
I teach in the public schools in NY state and we have had all free email sites (yahoo, netscape, etc) blocked by the damn firewall. The reason given is that such things allow for malicious attacks on the network. Is there any truth to this? I imagine that there are better ways to attack out school system's network than My Yahoo (not that I'm looking for those ways). I just want to use my Yahoo account to read mail on my free period and communicate with students.
Can anyone give a compelling reason why this should be firewalled or, better for me, a compelling argument as to why it need not be?
Yeah, I'm as old as my UID would suggest.
Look at items like that lawsuit that an ex-employee lost about an idea he developed on his own time.
More and more companies are attempting to lay claim to any and all thoughts that you have while you're employed with them. If they feel that they have the right to invade your brain and harvest the fruits of your spare time then they can't exactly complain when you confuse work and personal time as well.
--- I wish I could hear the soundtrack to my life. That way I'd know when to duck.
Unfortunately, dasher (and any other nonstandard text-entry interface) will only work against keylogging alone, not against keylogging + screen dumps. The only way to safely transmit information via a company computer (untrusted) is to enter already encrypted data into it. So, the solution is to have some PGP-like software on your (trusted) palm, or to learn to do PGP in your head (trusted, if you wear a tinfoil hat) ;-)
11. So, if eBlaster does not show up anywhere, how do I get into it?
So does anybody know what those four keys are?
Corporations will most likely argue that, because of sites like Internal Memos, companies need to keep a tighter grip on the information that flows in and out of their companies.
It seems like they would have already figured out that ethical business practices are a good way to handle that.
I wonder if Adaware will be updated to kill it. It should be a simple matter to find the dir and delete it tho.
Anyone who is skilled will know how to encrypt their outgoing connections. Or even will know a few free e-mail services (hushmail anyone) that can encrypt their connection when they check e-mail.
Personally I try to SSH to my mail servers when I need to.
Just remember though. If you are going to rely on SSL to protect your e-mail. Don't use IE (since it would be easy for a company to put a Man in the Middle attack on your IE). Use Mozilla or Something that does SSL properly.
~ kjrose
meh, more resons not to use hotmail
running own server = good
The last time I signed up for a hotmail account, I was bombarded with spam (bombarded being operative) within 48 hours. The typical user either deletes or "unsubscribes" to the email, which possibly carries the standard penis-lengthening advertisement. Why would one want to venture into that territory at work in the first place?
This sig no verb.
I don't normally use the +1 bonus for 'mod this up' messages but in this case I will make an exception. Feel free to mod this down as long as you mod the parent up.
Who actually use hotmail anyway? Still haven't figured it out why people use it.
this is not my signature.
I don't know about anyone else, but I'm often under a lot of stress at work, and am often isolated from human contact. If I don't get to check my personal e-mails or chat occasionally with some friends, I get... twitchy.
:)
I work for a small non profit and happen to be the Sysadmin, so I get to WRITE the AUP if I wanted to.
I'm so glad I work in a less than formal environment!
--
Why didn't you tell the world, eh?!
Contrary to the large contingent of "company can do whatever it wants on its property" boosters, there in fact seem to be all kinds of legal protections and privacy expectations established for workers in corporate offices.
The fascist model that says otherwise is not only frightening, it's untrue.
The full quote from the lawyer in the article (in reference to the 1986 Electronic Communications Privacy Act):
Spyware like that produced by SpectorSoft and competitor WinWhatWhere Corp. has not yet faced a definitive courtroom test. But David Sobel, general counsel of the Electronic Privacy Information Center, equated private Web-based e-mail account with an employee receiving a personal letter through the company mailroom. The contents of such a letter are protected by U.S. mail regulations.
"The question is: Is there a reasonable expectation of privacy? I would argue that if a company.com account is provided to me for company business, I can assume it might be subject to monitoring
We know where leadership by an anti-intellectual "strongman" who scapegoats minorities and likes boisterous rallies goes
The difference between your statement and reality however is that you are free to either a) ask for more money so that you are content with your job or b) quit and go find another place of employment that does a better job of providing for your interests. Or i suppose if your just anti-capitalist in general you could do c) go buy a cabin in the mountains somewhere and live as a hermit for the rest of your life.
One day I'll drag the name of that webmail provider out of you!
Why do you need it?
Become your own webmail provider.
I use fetchmail to grab mail from remote sites. I also point the primary MX for my own domain to my home box. This consolidates most everything into one email address.
At that point, you can use imap(s) and horde/IMP to create your own webmail service... or just SSH in and start up your favorite mail program remotely. (I've even done it with Netscape/mozilla .. It's slow, but it works).
20MB max?? HA! how big is your /var partition?
The biggest problem I currently have is that, with Mozilla, the SSL Certs for my web server and imaps server collide. If I save the cert for one, the other claims that it's invalid.
Free Software: Like love, it grows best when given away.
The problem I have with this sort of monitoring is it requires interpretations on the part of the reviewer. What should matter is whether I am creating a hostile work environment and whether I am doing my job. End of story. Mess up on either of those and you should be out the door.
These sorts of issues are very similar to consensual crimes where the government wants to monitor what you do between consenting adults.
"Only one thing, is impossible for god: to find any sense in any copyright law on the planet." Mark Twain
What about a telecommunication and computer workers union? Not a trade union, but an industrial union?
http://www.iww.org/iu560/
There are two types of people; those who divide people into two types of people, and those who don't.
Who needs web-based email?
Toolkit for doing things that you aren't supposed to do at work:
SSH to Linux box at home and "screen -r -d".
The best thing is it's all text, so it's indistinguishable from actual work to most people. And it's all encrypted.
If you're not using corkscrew to tunnel through their web proxy to your unix box at home to read your email in mutt or pine over ssh, then maybe you shouldn't be reading personal email at work anyway.
Another way to say the same thing is: if you're not capable of bypassing the restrictions that are placed, then you're not qualified to bypass them and you should sit back and realize that the restriction is for your own good.
"Nothing was broken, and it's been fixed." -- Jon Carroll
I actually find that interesting. What *does* a URL in text count as, linguistically? Is it one word, or several? Or is it something entirely different?
Or more reasons to use public key encryption...
Does this scare anyone else that you know someone is probably going to use this on a school's LAN. Can you imagine how much info they can steal with probably 90% of everyone using AIM/AOL/Yahoo Mail/Hotmail?
I'm at school now and I can see how much that would suck if someone runs that program here.
Scary
Triforce66
Why use X-forwarding when you don't have to? Mutt and Pine do everything that Netscrape does, but at a fraction of the resource consumption.
Smoking pot is not be any means equivalent to smoking crack. Someone who smokes crack is called a crackhead/ Someone who smokes pot is called an almost-blind person, or in some cases, a person appetitie challenged.
That doesn't make any sense, what you just said. They found information proving that the man had lied on a job application. I work for the public sector; it seems pretty universal that you get asked whether you have been convicted of any crimes on your application. What other possible reason would they need for firing this guy?
Let me preface my comments. I am a staunch supporter of privacy rights.
However, before you get too far up in arms, most companies have some form of acceptable usage policies. Typically these policies state what you can and can not do while at work. Additionally, most companies have within either their acceptable use policies or security policies, a section explicitly stating that the company owns all files and information on their corporate network. You usually have to read and agree to these policies when you are hired.
I know that I have had to sign documents that stated that I have read and understand all of the companies security/privacy policies. If you don't like the companies policies, go get a new job.
18. I do not have physical access to the PC I wish to monitor. Does eBlaster support remote installation? eBlaster can be configured to send the program installation file to another email address. Assuming that the receiving email client will allow the receipt of a .EXE file attachment and that the user opening the email clicks on the file attachment, then eBlaster will automatically install itself on that computer. Once installed on the remote computer, eBlaster will send recordings from that computer to your email address.
VERY IMPORTANT: You MUST be the owner of the computer to which you are remotely installing eBlaster. If you are NOT the owner, or have not received permission from the owner to install eBlaster on that computer, you could be in violation of state or local law by monitoring the activities of property that does not belong to you.
A shell account at an ISP (or to home if practical) is like a Swiss army knife.
By using SSH and port forwarding you can encrypt and protect yourself from almost any corporate sniffer, access blocker, or packet logger (at least plain text).
Even if your not using it to "bypass" a restriction, its worth the effort simply for the encryption over the local network.
My last job used to block DejaNews and Google groups. I used it for quick fixes and support. If your ISP is not running a proxy you can run your own small proxy like cj.pl (cookie_jar) or junkbusters and bounce from that.
I guess my point is, if you need it, there is a way to get access to it. It may not be ethical and may raise suspicion and get you fired but it works.
Bad boys rape our young girls but Violet gives willingly.
In business, there are employers and employees
That's a pretty antiquated idea of business relationships nowadays. 30 years ago bosses (who very often were also the owner, and hence had more of a theoretical basis for it) could tyrannize their employees, almost like a parent-child relationship. In the modern era that sort of behaviour is relegated to sweatshops, and instead most "employees" are adults who deal with their bosses in a adult-adult relationship. A better representation of an employee nowadays is that they are businesses offering services to their "employer" (indeed, many companies have simply gone the contractor route, a movement which empowers workers more than most understand). There no longer is such a thing as long term stability or company loyalty (on the flip side there is very little employee loyalty), so classic, outdated notions of the relationship no longer hold true.
I should note that I am an employer, and indeed I've actually argued on BEHALF of employer rights in many discussions in the past: I have the right to block whatever websites that I want, or to bar people from installing whatever OS they want, or from having admin priviledges. These things I do when I feel that there is a credible, reasonable, quantifiable risk to my organization. I will say, though, that most monitoring tactics have nothing to do with that, but rather it has to do with "putting employees in line". It's the same out outdated in-your-face method of "ensuring" employee productivity that has failed for generations, but there remains a contingent of people who still believe that if they just capture weblogs and read people's email, somehow that'll make them more productive. I treat all of the people who do work for me as businesses, and the control that I have is that I can cease requiring their business when the net detriment to me outweighs the benefit.
"Mr. Wong, we've been monitoring your incoming hotmail and we can only assume you've spent hours of company time sending out hundreds of inquiries requesting information on how you can lengthen your penis by 3-4 inches with some kind of herbal supplement..."
Phallic Symbols in LOTR
Nothing ZoneAlarm and PGP can't solve.
My life is one big siesta in which I'm dreaming I wished my life was one big siesta.
Now you couldn't do it without his knowledge or consent, simply because the computer belongs to him, not you. In a company environment, the equipment belongs to the company. So they can install whatever they want on their machines, and monitor you on the computer,telephone,or even by camera.
The bathrooms belong to the company as well, but that wouldn't justify being secretly recorded while pissing with out your knowledge. The question here is "How much privacy do you have a right to in the workplace?" I wouldn't want people listening in on personal phone conversations for example.
If this bothers you, use one of many excellent web based email providers that support secure connections.
I can totally recommend FastMail.
Though of course, if you are using IE, you are shot anyway.
this, is why unions were formed.
employees are STILL just "labor" - and we as americans fail to realize this. there is a division between owners and labor, and the owners only look out for their own interests.
never forget that labor is considerred to be the same as the chair you are sitting on, or the building you are working in. it is an asset and nothing more.
this is why unions are formed, because labor eventurally demands to be recognized as greater than any of the other means of production.
... hi bingo
This kinda crap makes me sick. I remember walking off a job because someone asked me to violate some one elses email. This "it belongs to the corperation" bullshit has to go. If I typed it its mine, If I sent it to another person its also theres.
IMHO This is akin to the your mailman opening your personal email. Its really sad that idiots who subscribe to the corperate mentality of company first would do this.
Sysadmin ethics seem to be gone forever and people wonder why the computer industry fell apart? Next you'll be wearing a tie to work. Glad I am retired cause I couldnt work with the type of asshole that would install this form of spyware.
--- Always remember. 99.36% of all statistics are inaccurate.
At work, they "own" everything, they say when you can and cannot go to the bathroom. They tell you when to go and when to leave. They tell you what to wear. They may spy on anything you do. If they give you a computer to take home, they may spy on that as well. Same with a phone. They can tell you what to say or what not to say.
If you don't like it, you can go to another company that will do the same thing. We call that FREEDOM.
Remember your last paycheck, when they took all those taxes out? Some of those taxes probably went to your employer, if you work in fincance, airlines, manufacturing, advertizing, defense, technology, etc. The computers that those companies bought with your taxes, that's their property.
We call that CAPITALISM.
There are two types of people; those who divide people into two types of people, and those who don't.
Its a sad fact but if youre working in development you have to keep you code locked down (especially for internal billing applications)
Point is if this is used responsablly it will make sys admins jobs much easier.. When I accept payment from my company, I am confirming I submit to their policies, included in that (in my case) is that $employer has the right to every packet travelling over their network.
The doctor is not copying your medical files and emailing them to himself, which make you have to ask yourself: How would you feel if your doctor decided to start forwarding his patients medical history to his hotmail account.
And in some states 'just getting rid' of someone is pretty damn hard.
All mail is opened before being delivered to the recipient. I have NEVER received a sealed mail while working here.
Well, twice. They didn't bother opening some junk mail on a Novell training seminar.
At a call center job four years ago (Inbound only, I answered a warranty line) calls were randomly monitored. Same at the job I have now. I once heard a rumor that the company was looking into the cost of recording cell calls, but I think (hope) it was all talk.
IM logging and blocking is a priority for the network admin (Per orders from higher up). Yahoo and AIM are heavily abused.
There are a number of people in this company who would LOVE to get their hands on a copy of this software if they knew it existed.
"Live Free or Die." Don't like it? Then keep out of the USA
Meant to say, you will not be adversly affected if he uses *HIS* phone to make a call which would bring RICO charges while he is billing you...
I like the part about the mercenaries.
:)
My wife and I have 2 completely different views on work. I hold the mercenary philosophy, she thinks has to be a slave. I'm much less stressed.
Sean D.
"Hmm. I am to metaphor cheese as metaphor cheese is to transitive verb crackers!"
I'm no lawyer, but presumably a few people at Nolo are, like the person that wrote this article about your rights at work. Surprising you have very little.
_______
2B1ASK1
At least I can still {my} use slashdot to {boss} send {is} super sneaky {a} encrypted {bozo} posts.
I have consulted the oracles and they have spoken. The secret combination is Ctrl-Alt-Del and then 'T'. That will show the Task Manager (assuming you are in Windows), and there you can probably see the sucker running.
Rome taught me patience and assiduous application to detail. Virtues which temper the boldness of great, general views.
On a shortcut through the law department at my university, I noticed many of the Proffessors had posted there contact e-mail address on the doors of there offices.
Without fail, these were all hotmail accounts rather than the official university address they are given.
I can only assume this is because they don't know how to connect to the universities mail server from home (or more likely, assume it cant be done).
The solution to this was to print out the regester article entitled Hacking hotmail made easy and stick it on each door displaying a hotmail address.
Last time I went through the law dept, everyone had given up on hotmail!
Anyone quoted by a reporter knows how little they understand
Don't believe what you read is the truth.
Typing away in Emacs. "Damn, there's that blasted eBlaster again! Every time I try to run my HTML Tidy Lisp script...."
"Live Free or Die." Don't like it? Then keep out of the USA
Not really a good reason to use public key encryption at all. In fact it would be the worst reason. If they are monitoring your email and you start sending out encrypted messages they might think something funny is going on and call the fuzz. Next thing you know they are monitoring your key strokes, your house has been searched, and your undergoing a cavity search on suspsion of being a terrorist.
Best thing to do is get a wireless device of your own or a cell phone that sends SMS if you must send private messages from work. Hell, you can even use a pay phone if you have to.
On the note of public key encryption if they monitor your computer they would get your passkey. It would be best to set up some one time pads between your cohort. Then memorize the pad and eat the evidence. Of course the could alway pump your stomach...
Supporting World Peace Through Nuclear Pacification
This is such a common-sense thing, that it's hard to believe
people are hiring employees dumb enough to do this shit, then
subsequently hiring more "employees" to spy on them.
Network usage rule #1 in an office is to always assume there is some sort of spyware logging you, and even if there isn't.. ever hear of a
camera?
I personally have had to be in charge of confidential data before and
i'll tell you, hackers are nothing compared to your own stupid employees. Just block *msn.com, *hotmail.com in your firewall and remind people that company time is not for private email and be done with it. Then you can go back to the server room and browse porn
in peace.
Well, I over heard a technician arranging a date for lunch when he was supposed to be getting our server working. Wouldn't have minded if he had done it after the server was fixed, or if he had used his own phone. But the server is still down, and it was a company phone.
Monitoring is a good thing, but it can be abused. Just like security cameras in a department store or bank. There is normally no trouble, so nobody looks at the tapes. But when something happens, those tapes can help solve the problem.
Xaotik Designs
It wasn't that long ago that companies were claiming they should be able to spy on their employees after hours, in their own homes.
The only way to keep corporate scum in hand is have as much information as possible available to the public so we should be implementing systems to help more internal information to get leaked out.
This software is just a key logger and screen scraper that emails the log to someone at spcified intervals or when it sees keywords. It doesn't matter what encryption or email program you use.
Si vis pacem, para bellum
The only thing more annoying than a Libertarian is an (un|mis)informed Libertarian
We don't give up all our rights just to work for The Man. I get breaks at work, I use the bathroom, and I get some privacy. As long as I don't abuse the resources given me or take outrageously long breaks, I ought to be able to make a personal phone call, check my e-mail, or read part of the paper.
Having some personal time at work guarantees that I'll be sane enough to be productive the rest of the time. If I couldn't take a break and have a little privacy, I'd probably end up staring blankly at the screen drooling on my keyboard and I'm sure the IT folks would REALLY love that.
-Me
Under capitalism man exploits man. Under communism it's the other way around.
There is a difference between being aware/concerned and asking questions and rummaging through their stuff (diary, notebooks, etc). It's one thing if you have a specific reason to be suspicious (as I previously noted) but otherwise you're just putting yourself in a position for more harm than good.
If one can't see that then maybe they should be looking into the mirror when they say "you've got some growing up to do."
-- Scientist: You aren't going to leave me here, are you? Boagh! Thump...
Ideally people at work would do 100% work related things, but in reality it's not very democratic. People resent those type of environments, and it effects their work.
This reminds me of the AOL guy who said you cant go to the bathroom during commercials or you'd be breaking the contract you agreed to when you turned on a TV. Both Sort of Stupid. Yes, I know. If I don't like it I can turn off my TV and quit my job. But why should I have to?
"Built for Windows
eBlaster is fully compatible with Windows XP, Windows 95, Windows 98, Windows ME, Windows NT and Windows 2000."
Well, thank god for that.
[calum@womble calum]$ uname -a
Linux womble.umtstrial.co.uk 2.4.19 #1 Fri Aug 9 15:21:00 BST 2002 i686 unknown
Get your own free personal location tracker
You must work for the government, right?
That's pretty much exactly why I quit and went into IT. But, then again, it's not just the governments that do this; almost any large bureaucracy can tend toward this.
Isn't that what we're really talking about here? Dealing with employment that turns people into widgets?
----
Not to be confused with Col.
If I understand correctly, hotmail does encrypt the transmission of the password, but not the data session. I imagine the software is just reads the network traffic, but has not locally installed component. Maybe we should all get usb keychain hard drives on which to store our private PGP/GPG keys and use hotmail as the transport layer. Plus, there has to be a free webmail service out there that supports https (My old college account does: webmail.colostate.edu).
Instead of block, a good alternative is to install viralator
in a linux with squid.
Viralator calls the antivirus from the web proxy when a file is downloaded,
if it's clean the user can download it.
If i ssh, vnc, or just use the internet for ANYTHING that is not work related, it leads to instant termination. Apparently not even a warning.
Now, they had clearly laid out what is work related and what is not, but it's just the fact that if I do a google search it could lead to my termination.
Then again, I work with a VERY large database of people's private information. (Everything from names, phone #'s, social security #'s, credit card #'s... etc etc) I think the largest fear is that someone could start sending customer data back to their home PC. The other fear is infecting the network w/ a virus. (It's all Windows 98 - 600 machines...) That virus would spread like wild-fire through the company.
If I was in IT, I'd get them changing some things, but that's me. Possibly the reason why I'm NOt in IT. oh well.
So yeah - make sure you're allowed to remotely access your home PC, cause if not, you can be fired.
In theory, yes; in practice, rarely. When wealth and power are concentrated under the control of a few, the rest of us end up with little choice.
Why in the world do you associate opposition to a fundamentaly broken system with a desire to be a hermit?
Tom Swiss | the infamous tms | my blog
You cannot wash away blood with blood
Depending on how there software works - at my current work we use a program called "websense" (normally used to block mp3 and porn sites) but we also block external email sites like yahoo and hotmail - basically they don't want us surfing the net - anyway what I have been doing is basically VCN to my home computer and surf the sites from there. If i'm using SSH2 when I connect does anyone think they would still be able to grab that info since it is not local?
Other variables - I am on a mac connecting to box A (linux) and/or box B (windows)
Ave Molech Setting
Please excuse my ignorance, as I'm not 100% sure on all the mechanics behind PGP, GPG and other such encryption schemes. But if someone is using a program like eBlaster on your computer that captures not only outgoing e-mails but also keystrokes, would having access to both the encrypted message and the plaintext (via keystroke logging) make it any easier to deduce your private key? If this is the case, then eBlaster could severely undermine public-key encryption.
Again, sorry if this is stupid or alarmist. I'm not trolling, I'm asking out of curiousity.
Let me get this straight:
You use the company's computer and the company's bandwidth to read and send your private email. And, you do it during the time you agreed to be working for the company.
And you bitch if they are monitoring what is being done on company time with company equipment over company bandwidth?
Do you refund the company the money you wasted in salary while you sat around emailing your girlfriend or forwarding that latest idiotic joke email? I doubt it.
> Just like security cameras in a department store or bank. There is normally no trouble, so nobody looks at the tapes.
Here in the USA, there have been quite a few news reports of the fuss when people discover the hidden "security" cameras in rest rooms and dressing rooms.
If you believe those tapes are only used when there is some sort of trouble, you don't understand the real motive for installing them.
"Hey, there's trouble in dressing room 3." "What sort of trouble?" "This chick walked in carring several swimsuits." "Ooh! We've gotta make sure there's nothing illegal going on in there."
Those who do study history are doomed to stand helplessly by while everyone else repeats it.
As I type this, a nice man named Dennis is installing a furnace and new ductwork in my house. While he's at work, he is not checking his personal email or surfing the Web.
Why is that? Because he doesn't have access to a computer here, of course. And I don't plan on providing him that access, because he doesn't need it to do his job. He seems OK with that.
The phones, computers, etc. that we use are provided for your use by the company because they believe that you need them to get your work done, and for no other reason. If suddenly your job requirements changed and that computer was no longer necessary, do you really believe they'd shell out the IT dollars to keep in on your desk so you can check Slashdot for updates? Not a chance.
The next time you want to complain about a company exerting restrictions on personal use of their resources, just imagine how often you would be checking your email while you were running gas line or rooting out sewer pipes.
Now having said that, of course it's reasonable to expect a certain amount of flexibility in the office environment. But if they have a good reason to crack down (corporate espionage, virus transmission), tough noogies.
By the way, compared to many engineers, the money's better in plumbing, and the work is more recession-proof... something to consider...
So, they want to read my personal email but they don't want to read my ideas on how fix some corporate IT problems?
Perhaps I should put my suggestions in personal emails sent through Yahoo!, that way they might get some attention.
Speak truth to power.
I have literally no idea what my doctor is doing with my medical files: I don't control them, he does (even though they're about me). He is constrained by law (such as the corporate secrecy laws which are already in place when people are forwarding internal memos) and professional rules: I can't go and check out his PC to ensure that it is up to my satisfaction.
Yes but the doctor is not using *YOUR* phone, *YOUR* computer and will not be very adverly affected if you happen to use *YOUR* phone to make a call which would bring down the RICO act.
There's a paradox here: Judgements have shown countless times that the more you monitor and control, the more responsible you are. If you, for instance, monitor employee emails, then you'd better act on any sexually harrassing letters or you are instantly, because of policy, entirely culpable for them. This is a rather funny paradox of those who claim that they monitor to protect themselves in case of employee malfeasance, when in reality what they're doing is making themselves personally responsible for every email, web visit, Slashdot posting, etc.
When we (meaning the IT department at my company) monitors what users are doing, either on the internet, or anything else, they're not just doing it on company time... They're doing it with company computers.
You're right. By the way, when someone at the company is thinking about something that is non-work, they are doing it breathing company air, sitting at a company desk, being lit by company electricity and heated by company heat. I guess that means it's OK to develop a thought-monitoring device and use it against those ungrateful bastards...
So if you hire a contractor, and let him use one of your computers - that gives you the right to monitor every private communication he makes while on the job? No.
As the poster two up said - there are so many examples where company time/company computers/company whatever doesn't matter that it's ridiculous to make that argument. What next? Searching an employee on his way out to make sure he didn't write a private correspondances with company pens on a piece of company paper?
Last post!
I wish all the "cracks" of our e-mail systems were so easily fixable.
My observation is that people have become addicted to e-mail, whether personal or professional.
It amuses me to think that many of the people who slag the poor cigarette smokers for taking their productivity-siphoning nic breaks are themselves logging into their personal e-mail accounts, I-M services, or message boards constantly throughout the work day.
But because this can be done while staring at a monitor, as opposed to shivering in the parking lot, it is overlooked. Or, based upon the post that has sparked this conversation, was overlooked until now.
Interact with co-workers at work. Interact with your personal contacts off-hours. Full stop, end-of-story. It seems so incredibly simple to me, that any other angle just seems a rationalization for one's e-mail/Web addiction.
Not everyone has the resources or ability to do that. Even if we all did, as someone else pointed out your employer can block access to your server just as easily as they did Hotmail.
kevin zollinger - kevin@mailsoap.com Spam Free Email!
what part of "duh" dont you get?
but then companies using hotmail is no surprise and is more common than most of you think. why? because one reason or another; such as there are some 'old boys' high up that like easy stuff, cost cutting, etc OR the people are just not with technology...
yes, even in seattle with UncleBill looking over your shoulder this is more common than one would think. I could name names, but then someone would probably kill me.
Appended to the end of comments you post. 120 chars.
There are two types of workers, those who WLL get the work done regardless of distractions and those who will NOT get the workdone even if placed in a locked room. Hire and trust good people! Big brother tactics just makes the productive people less productive and won't fix the duds.
Read the article.
eBlaster is a fancy keystroke logger. Encrypted network connections are completely irrelevant.
SSH, Pine, VNC, anonymous web services--choose whatever gets through the firewall, and keep your mail yours.
If you are on your employers time and equipment expect this sort of thing. Too bad for them, that they cannot have it both ways. Either they allow open communication or not...
Blogging because I can...
My last comment was more tongue in cheek than anything. I just notice that alot of people out there bitching about "greedy business" and how "the man is holding them down" have some very communist ideas in the back of their mind. They don't understand that the primary goal of a business is to make money. The only reason business is willing to pay an employee money is because that employee supposedly generates revenue greater than said employees pay + benefits. People need to realize why they are being paid, and it isn't out of kindness from the CEO.
"eBlaster is fully compatible with Windows XP, Windows 95, Windows 98, Windows ME, Windows NT and Windows 2000."
Software that monitors what web pages you view... Wait until they see how much time you're spending at /.
Wait, what are you doing here now? GET BACK TO WORK!
Aren't other trojans like Back Orifice and NetBus marketed as 'network tools'? How long before anti-virus programs either add this to their lists or are somehow convinced (bought out, coerved) to intentionally keep this from their list like that did with the FBI's Carnivore program? If you purchase the software eblaster you would think it is yours ,
but that is not the
case.
Spector soft designed the software to periodicly register its serial number with there database. This way if the software is installed in one or more machines they disable your software. Sure a firewall would prevent this communication, but it should also prevent the program from working anyway. I also woant to know what level of trust would one place into a company that can then have total control of your system. Are all those emails marked 'confidential' being sent to the company president also being routed to some other location? In this case security is only as strong as this software company's security. Could someone not take over and then have instant access to hundreds of corporate zombies? Sorry, but I am not about to take that chance.
Cave, wreck, and deep diver.
From the HushMail FAQ:
Can HushMail protect against keystroke recording?
Hush cannot protect the user against this kind of security threat as our system is designed to ensure secure transmission of data between computers only. If a HushMail user's private computer has been compromised or if they are accessing their HushMail account from the workplace where keystroke recording software is installed, their HushMail passphrase may be accessed by a third party.
To combat keystroke recording software, we suggest you:
* Change your HushMail passphrase regularly
* Choose a secure passphrase
* Update your virus checking software regularly
* Send sensitive communications through your private/home computer
As much as it's evil... information privacy is a tricky business.
Forget the law, forget everything else, let's talk morals and common sense here.
I'm your boss. It's my network, outright. You work for me.
Should I be able to read all your emails and learn private details of your private life? Should I be able to learn which other poeple in the office you've been sleeping with? Of course not, that's personal.
But.. when information worth millions suddenly appears on the black market, and SOMEONE leaked it, should I be able to look through a log of ALL my network traffic and find out who sent it? DAMN STRAIGHT I should.
Yes, it's hard to draft a law that says this, as there is always room for abuse.. and that's the problem. It's a fuzzy thing.
Limiting access to information is one thing.. but controlling the USE of that information is far more critical.
This afternoons events in the restroom.
The events eluded to are funnier than an outright statement of what happened would be.
Maybe the state's highest function is to grind out insoluble problems. (Zelazny, Hall of Mirrors)
same here buddy. u must give trust to obtain it. i really believe people should realize that. who cares if it keeps your kid from e-mailing messages, its the parents job to watch their kids, not a computer programs! its still SPYING and its still WRONG. "Law enforcement agencies are also interested, he said -- Web-based e-mail like Hotmail was used extensively by the hijackers who planned the Sept. 11 attacks, sometimes in public libraries" Bullshit. and i'm tired of terrorism giving everyone the right to impose on my privacy. peace.
The arguement for businesses to read your private email is that they own the network (there is another arguement that they Must read your email.) Since they don't own the wireless network for your phone or your phone, then they couldn't legally tap into it. Don't get me wrong, I know some slimey HR types that might agree that it'd be good to tap cells and the payphones at my ex-employer, but it's still not legal.
"Tax preparation software eliminates errors your[SIC] may make...." From IRS home page.
Just like with every moral, ethical, and legal issue: if you feel guilty doing it, you probably shouldn't be doing it.
With all this spying at work, I feel guilty doing everything.
I guess that means it's OK to develop a thought-monitoring device and use it against those ungrateful bastards...
You can't just compare apples and apples, can you? You just sort of compare apples, and whatever-the-hell-you-want. That's a sure sign of someone who doesn't even know what point they're trying to make. That's your head, idiot. Even if I could read your thoughts, it's not appropriate. God knows why I'd want your thoughts, though, if they're all as good as the ones above.
In response to one of the other posts, that arguement is also flawed. Is it really appropriate to use office supplies that are not yours for personal correspondance? No. Not at all. Is it appropriate for you to write a letter to a friend on a break? Yes. But you'd better not use the company letterhead, and drop it in the slot, so they pay postage.
If you want to make an arguement that it's okay to use stuff that isn't yours for whatever means you want, go back to hippie land, okay? We're in the real world now. Grow up.
You're using a computer that isn't yours, bandwidth that isn't yours, and everything else. If you want to use it for personal shit, ask. Not many companies will tell you that it's okay. Most will tell you that it may be monitored. And it should be. If you want to bring in your laptop, cell phone, and fire off a private e-mail on a break, do it. But realize the difference between your stuff and not your stuff.
In all of the jobs I've worked at, access to web-based mail systems that don't directly relate to work are blocked. Which is really how it should be anyway....... I waste enough time as-is putzing around on the Internet without compulsively checking my personal mail accounts every 15 seconds.
When I'm using a Linux box away from home, and I absolutely don't want my web traffic to be able to be sniffed, I use this semi-quick solution.
I installed Squid (the proxy server) on my box at home (which has a cable connection) and then use this simple one-line SSH command to create a SSH tunnel, which forwards all my web browsing to my proxy server at home, across an encrypted channel.
ssh -o ProtocolKeepAlives=15 -q -f -N -C -g -L 45855:localhost:3128 myusername@MY.HOME.IP.ADDRESS
Then I just have a copy of Opera on my machine away from home, set to use a proxy server on localhost port 45855. Works beautifully for web browsing that a company can't sniff.
Note that I used the "-g" option of SSH, which allows other machines to connect to my locally forwarded ports (i.e. they can use the proxy server back at my home by connecting to the local port on my machine.) Take it out if you don't want this.
Um, do you think the poster knew that Homer's usage of the term "buttinsky" was a not-very-veiled derogatory term used toward a homosexual character? Not so sure that it works in this context...
If you're at work, you're supposed to be working, that's why you're being paid to be there. Most companies do allow you to access hotmail, etc as long as it's not affecting your productivity, but they don't have to and as long as you are doing it with their equipment while they are paying you, it is their business. Actually, most of you probably signed contracts stating that any information you put through the network at your place of employment may be monitored, read, deleted, and so on.
Just a quick FYI
https://mail.yahoo.com
This won't stop them from tracking you, but at least your content will be private.
Most webmail providers now have SSL access, not? If your employer snoops on that, it's hacking and it's most likely illegal. If your webmail provider doesn't offer SSL, then switch. If your employer blocks webmail providers, ask your boss to open it. If he doesn't do it, bad luck.
There is constitutional right to have your employer to kiss your ass and take care of you.
Strange women lying in ponds distributing swords is no basis for a system of government.
I check my email while I'm logged onto my box through webmin over SSL, which is WAY cooler than having to put up with the lack of filtering options, and other limitations of webmail. I also restrict the ips that connect to webmin, activate the service through an email trigger, and deactivate it thru the interface when I'm done. I don't have anything to hide. I just hate fscking webmail.
From Government intrusion not from corporate monitoring on corporate property. Big difference.
Strange women lying in ponds distributing swords is no basis for a system of government.
True... and we're unlikely to be able to monitor the e-mail communications of senators, representatives, governors, legislators, presidents, vice-presidents, attorneys general, etc., and anyone else who works in the "interest of the people.
-- The reason it's called the right wing? Irony.
...And it's the company bathroom, too, so cameras in there are just fine. And that's a company desk, so if an employee writes a note to themselves (especially if they use a company pen or company paper) then you have a right to sneak into their purse and make a copy. And it's the company cafeteria and the company health insurance plan, so monitoring and regulating what employees have for lunch is a perfectly reasonable activity...
Some companies need to realize that their employees aren't company property. As the workplace makes increasingly irrational demands upon employee's personal time, employees have no choice but to squeeze in necessary personal tasks wherever they can. Alleged "security concerns" are another convenient sham to justify increasingly intrusive tactics on the part of power-hungry execs and admins who have no faith in their employees and who lack the management ability to create a productivive workplace without resorting to intimidation and coercion.
Encrypted communications will not help here, as the software is a "trojan" installed on your PC, logs every keystroke, and intercepts content of email after it has been decrypted.
Basically, if you cannot trust the PC that you are running your HTTPS browser on, you should assume that the encryption is not giving you any protection against the owner of that PC, or anybody else who "0WNZ" that PC...
Personally, I bring my personal laptop to the office each day, run a local firewall on that laptop, connect it to the office LAN, and never install any company-provided binaries on that laptop.
The company provides a corporate-owned business desktop, and I use that machine solely for messages and network traffic that I would not have any problem with the helpdesk people reading -- since the corporate standard is to install LanDesk, I have to assume that the HelpDesk people can and do have access to anything on that machine.
Keep your business life as distinct from your personal life as you possibly can.
I do not deploy Linux. Ever.
Let's get drunk and delete production data!
three words: tongue in cheek
if you don't know what that means, it's not frenching
It runs on my own server, not a commonly-blocked Hotmail server. It even lets me reply to messages. And because it's on my own server, and written in good-ol' PERL, I was able to completely customize it - to filter spam a dozen ways from Sunday, including naughty-word lists, friend lists, and blacklists. I can do much better filtering than common POP3 programs (Netscape, or Eudora, or Outlook Express) because I have absolute control - I can filter on any part of the message, strip out HTML, limit download size, you name it. In fact, I like it so much I have started using it FIRST to identify and delete spam before I run OE to download the mail onto my PC.
Don't grouse to me about server space; I'd bet 90% of /. readers have server space with cgi-bin access. If not, and you're getting blocked at work, this might be a good reason. Are you unwilling to pay $5-10/month for this?
Com'on, instead of whining about it, do something useful.
--Brandon / Split Infinity Music
Employeers are not allowed to record person phone calls made from company phones and/or on company time....this does NOT however cover for the fact that your are using company time for personal business.
"Simon Says, Fuck You" - George Carlin
Unless your workplace and network are used by experienced computer people (ie; those who are competent in their operation and know all the risks they might be open to in there use), then your fellow coworkers make computers not safe for work. Email. Surfing. Games. Programs. Sticking their tongues in electrical sockets. Sure, security helps, but you can only do so much for the gimp behind the keyboard.
You need a FREE iPod Nano
I confirmed that projects made on my own time, that don't use company resources (including work time) are my own. When you're starting a new job, it really doesn't hurt to ask about right-of-ownership. Most employers I know didn't find the question offensive, in fact many found it intelligent - and indicative that I enjoyed what I do (if I were also the type to code on my own time).
Just as a safeguard, you can also request an anmendment to your contract indicating that your work at home is your own, and what constitutes non-company owned work.
In my case, much of what I work personally I offer to the company free, but allowing that I may offer the non-proprietary stuff elsewhere, and use it personally, so long as it's clear that I will never charge my employer for the use of said code/knowledge (even should I be terminated or quit).
And when you've had the "screw it" attitude for the past 3 years, and either quit jobs or just generally been an ass, then how do you find another job when you have no good resume references from former employers.
Interview/Application Question: Previous employment
Ummm.... I've worked at many companies, but prefer not to name them as they now hate me. It's all their fault though, really!
I prefer to do a good job, enjoy my work and take pride in what I do. I do check my own emails, post to/read slashdot, etc.
However, I try to not tie up a lot of time I could be being productive. It also helps that when I ask for a day off, or a perk/raise, I often get it or at least get reasonable consideration. There's no reason to work like a slave, but a little honest dedication tends to have its rewards.
was hotmail ever considered a secure way to do anything?
-
Yes, yes. I want to read their minds, and photograph them in the bathroom.
;p
Let's play a game. Let's play the "Test to see if that's what I said game." It goes like this - I take the statements you say I made, and find out if I made them.
then you have a right to sneak into their purse
Nope.
And it's the company bathroom, too, so cameras in there are just fine.
Again, No.
And it's the company cafeteria and the company health insurance plan, so monitoring and regulating what employees have for lunch is a perfectly reasonable activity...
Wow. Again, not even close.
Are you having trouble staying on the same track? Maybe you have ADD? I recommend the advice of a health professional. In the meantime, let's talk about something even mildly related to what I said.
*COMPUTERS*
Of course, since you didn't actually argue against anything I said, I don't really have to elaborate my point! I guess you saved me some time, at least.
At that point, you can use imap(s) and horde/IMP [horde.org] to create your own webmail service...
Don't bother with horde. Get Squirrelmail and you won't regret it.
//m
This is the old statement that the moment something goes into computerland all laws change. It is being continuously abused to revoke various rights we have as consumers, customers and simply humans.
Sorry, but I find this argument completely fallacious. There is no frigging difference between a computer, a pen, a company watercooler (forgot those didn't you?), a company microwave in the company kitchen and the company toilet in the company bathroom.
All of those are company property. As an employee you are entitled to use every single one of them as long as you follow a certain set of rules. The company has no justifiable right whatsoever to violate your rights when formulating any of the rules dealing with these.
And more to it in most civilised countries these rights are unforfeightable. So even if the company has imagined that it has the right, the court will quickly teach them of the opposite. Even if you have signed a contract forfeighting them.
A typical example is one unnamed big american corporation in Germany. For whatever reasons it found out that employee X during the lunch break did his weekly shopping and had the boot of the car fool of beer on the premises. Fired on the spot of course. Two months later the court awarded the employee half a million DM and reinstated him. Because according to German law the company had no right to search the car, had no right to manifest any interest in what is in the car and the employee had a right to privacy.
Same stands for private email and private phone calls from work. Once again giving germany as an example. The employer is entitled to ask the employee to pay for private phone calls but cannot state in any document any details about them that disclose the exact destinations. Which usually means cannot question those destinations. Similar rules stand for snooping the network.
Let's take another country to make the list full. Let's take the country with the second worst employment rights record after US - the UK. Every employee is entitled at any time to ask the company to hand him every bit of data being kept on them. Ask and make a reasonable scandal of the fact that IT or other people have read communication with your wife. After you have done it two or three times urge to snoop disappears very fast. Pity brits do not have the habit to behave this way.
So this problem is localised completely to a certain world region. And it is quite time for this region to start learning the value of human rights instead of trying to teach the rest of the world about them.
Baker's Law: Misery no longer loves company. Nowadays it insists on it
http://www.sigsegv.cx/
The person was trying to illustrate a point about privacy and the implications software such as this has on our right to privacy.
;p If you want to draw a parallel, how about this? You work for a company, and they give you a car, with the understanding that you're supposed to use it strictly for work purposes. In keeping with the slashdot story trend, this car has a GPS unit, that logs the cars position. Is this an invasion of privacy?
The person, if they're really trying to do that, should realize something about the implication software such as this has on our right to privacy. (If it's installed on your computer at work.)
*none*
Remember when you have an expectation of privacy. In your purse, or bag. In your home. In the bathroom.
*NOT* in public. If you're walking around on the street, everyone can see what you're doing! My, imagine what that does to your right to privacy! And you don't have it here, either. Especially since they warn you! It's monitored, doofus!
Try to put it in perspective, instead of jumping on the 'cry wolf' bandwagon, okay? Fifty years ago, if an employer wanted to look at your files, it was perfectly normal. Now, if an employer wants to know what you're doing with his computer, it's an invasion?
Bull. People like the guy you're defending draw all sorts of insane parallels with this. Mind reading. Spy cameras in the bathroom. People like the guy you're defending have uh... mental problems.
If you said no, then I wonder why you disagree with me so strongly. If you said yes, how about this: what if he just asks you where you've been? I find it hard to believe that you'd think that was an "invasion of privacy". And then what are you really saying? That it's okay for him to know what you do, so long as you can lie about it a little bit?
Har. Blinders indeed.
... actually use hotmail for anything other than a spam folder when you need to sign up for a website that requires an e-mail address?
I wouldn't trust MS to hold on to any information I considered important.
"People will pay big bucks for the luxury of ignorance."
The possibility of a latex sphincter dance notwithstanding, I'd still rather run a private mail server with an https: based web frontend in that situation.
:D
Of course, I'm an administrator type. Most people who perch themselves in front of a box at work are just your standard data entry plebe with no clue about how email works aside from "I puts the name of the person I wants to mail here, and hits send after I babble for a while."
Hm. Not unlike slashdot, if you think about it.
"People will pay big bucks for the luxury of ignorance."
"Breathe on your own time, dammit!"
Had to be said.
-- Terry
InterHack reports that SpectorSoft sends all captured data (this includes the emails) through their own servers. Employers that monitor their employees with this software will also be giving Spectorsoft a clear view of what their employees are doing. Proprietary and otherwise sensitive data are certain to fall into Spectorsoft's hands. Who is Spectorsoft, and why should you trust them to keep your secrets? Read the report here.
Won't help you if your site uses an HTTP proxy and blocks everything else!
And CEOs need to realize that the only reason they are making any money is because of the employees. It works both ways. Corporations ceaselessly take advantage of both employees and customers, and it seems to get worse every year.
I can't speak for the rest of the sheep, but I won't be a slave to a company that routinely treats me like shit. I've walked away from a very high paying job without a second thought because management took both their customers and their employees for granted.
Unfortunately, some people have families to feed and that's not an option for them, and all I can say is next presidential election, vote Green Party. They're on your side.
This message brought to you by the Council of People Who Are Sick of Seeing More People.
And I bet you are writing this email on company time, using a company supplied computer, company supplied software, and company supplied bandwidth. If reading slashdot on company time isn't wasting company resources, I don't know what is.
My point is, we're all guilty of doing personal "things" on company time, while using some company resources.
As far as I'm concerned, they are lucky to have employees who are as talented and hard working as we are. Letting us get a little down time here and there, while providing us with a little extra bandwidth for reading news sites, should be considered a part of our jobs.
"To make a mistake is only human; to persist in a mistake is idiotic." Cicero
This is not an ideal solution. Basically you get a lot of spam, some personal email, and maybe the occasional company memo. Especailly if you monitor inbound mail, I think there are some issues not only with privacy but also with effective security and draning resources from places where they would be better spent.
LedgerSMB: Open source Accounting/ERP
Never fear, the law is here... Don't worry that your company is secretly copying all your emails, becuase you own the copyright on each and every one of them. And even if you have signed them away, your friends happen to own the copyright on all the emails comign into the system.
It will become very expensive very quickly for companies to keep copies of employee emails when people begin sueing for license fees ($4,000 per email, right?)...
"Your superior intellect is no match for our puny weapons!"
That these companies will simply lose competitive advantage from the waisted time and energy monitoring the emails.
Remember, though, where I work we have a site license for VMWare. This does NOT prevent me from installing GPG and incryping the memmo with a GPG key on a floppy disk and then attaching it to an outgoing email (or uploading it to my sftp server at home).
LedgerSMB: Open source Accounting/ERP
I really don't agree with the software being offered here (as apparently much of you don't either). I have had internet access for just about as long as commercial ISPs have been offering it (for a cheap price, naturally), and to me it seems that if there are employees screwing off on the company's dime, it is just as much the fault of the manager of that employee as it is of the employee themselves. You motivate your people to take pride in thier work, and they have good output, despite the fact that they might check yahoomail or /. from time to time.
If the output is quality work, who really cares what happened between instruction of task and completetion? (barring of course, those fools who surf pr0n all day on work and subject themselves and the company to a fat sexual harrassment lawsuit, of course.)
Why do I M2 everything negatively?
(Just don't go selling access to your home box to all the nubes that download and run viruses).
Free Software: Like love, it grows best when given away.
Not to encourage the concept, but there are times when it's necessary to know what's going on, if only to protect yourself.
I have a good friend who due to a nasty personal situation (not of her making), is in need of a keystroke logger with capabilities to match EBlaster (*must* be able to capture mail sent and received thru Hotmail and the like).
But my friend really can't afford EBlaster's price. So...
Does anyone know of a good free equivalent that runs on Win32? It must hide itself from the reasonably computer-literate (tho need not be geek-proof -- just staying out of Task Manager would be sufficient) and the ability to forward captured mail, a la EBlaster, is a major plus.
My friend thanks you in advance for your help.
(Email me if you don't want to be seen posting such stuff: rividh at earthlink dot net)
~REZ~ #43301. Who'd fake being me anyway?
Even better IMHO, give OpenWebmail a try. Easier to install than IMP/Horde and Squirrelmail really only works well if you're running IMAP.
Write a little program that accepts SMTP or POP connections on localhost and then just loop some rediculously large garbage messages through those ports. If eBlaster grabs sent emails based on port activity and forwards them to the boss, you should know if your company is using it about the time your company's email server fills up and crashes. Of course you might have a little explaining to do...
The keystroke logger bothers me a bit. That is very invasive. Of course it wouldn't be too hard to have a program that sends "My boss is a tool" a few thousand times to notepad or Word while you're away at lunch either.
'Same speed C but faster'
For my job (I do off-shift engineering support in the semiconductor industry), I had to sign a conditions of employment agreement... It had all the usual intellectual property clauses I'd expect from a tech job -- but it also had stipulations that company resources (phones, faxes, data systems) were for business use only... For anyone who signs such an agreement, hey, there are no expectations of privacy in the areas controlled.
And, yep, I've seen people fired for violations of the "business use" guidelines. If you sign away a right to privacy in order to get a job, it's not really being violated if the company snoops on your email.
Friends help you move... Real friends help you move bodies...
Then companies have no right to call us out of hours or making us work overtime with no pay, no matter what the situation is.
:-P
Most sensible people know they have to be flexible to meet work requirements, I expect a sensible company to do likewise.
BTW all my posts are made mainly from my office during idle moments
IANAL but write like a drunk one.
And if you do act on them instantly you are clear, two issues that are covered are legal and buisness too many employees abuse internet privlidges..
And I bet you are writing this email on company time, using a company supplied computer, company supplied software, and company supplied bandwidth.
;p) that half the people that go ahead and read slashdot or whatever from their desk at work never even considered asking. Why? Probably because they're pretty sure they would be told 'no'. So they do it anyway. And what does that say?
That just goes to show you that you shouldn't make bets unless you actually *know* something about the thing you're betting about.
In other words, *Bzzzzt*! That's wrong, Chuck! Tell him about his lovely parting gifts!
As far as I'm concerned, they are lucky to have employees who are as talented and hard working as we are.
Their luck balances out with lazy, shiftless employees that rely on doing just enough to not get fired, believe me.
Letting us get a little down time here and there, while providing us with a little extra bandwidth for reading news sites, should be considered a part of our jobs.
I never argued with that. And if you've asked your employer if you can do that, and he said it was okay, then by all means! In my company, while we monitor, we warn that it's monitored. And as the IT department, we don't contact your supervisor if you're reading nytimes.com all day. We don't even say anything if you're using hotjobs.com for (like some people do) over an hour each day. We do if you're looking at pr0n, or if we get a complaint. *but* I'm willing to bet (though I probably shouldn't... what did we learn about betting!
Reasonable expectaion of privacy is established under the guidelines of our policy, which every employee signs. By signing the documents they testify and agree to this. Period thats it. The policy has went through several lawyers and is 100% enforcable in court. There is nothing to sue us about you moron. We haven't taken any action against the guy as of yet. That is a matter for our lawyers. And it sure as hell is not illegal. The whole point is he is a registered sex ofender. You may live in some liberal state but here we have laws. If you are a registered sex offender there are disclosure laws. You move into a new city, the residents of that city are to be notified about you, your address and your criminal history. It is the law, no exceptions! I didn't write them but I happen to work at a place that enforces them. As for backround checks, they are only completed on people working in certain areas. They are not cost effective to do for every employee at $1000 each.
Absolutely its a two way street. But I view this as more of a chicken-egg situation as to who is more dependant on the other. In today's society employees are becoming a disposable resource. A company can fire you for any reason and you can quit for any reason. Maybe its just me, but I still have a hard time understanding the argument that some people can't just quit their jobs because of family, etc. In my town I can quit my job right now and start flipping burgers for $8/hour. So I may have to work 2 shifts and give up some luxuries to pay the bills, but I always have that option as a worst case scenario.
>Corporations will most likely argue that, because
>of sites like Internal Memos, companies need to
>keep a tighter grip on the information that flows
>in and out of their companies. But attempting to
>spying on private e-mail??
Paprikash, I say!
I think you're logic is flawed here. You're assuming that
leaks occur predominantly via email.
But everyone knows that email is unsafe.
Maybe there are people stupid enough or that just don't care
if they are caught.
I bet most use their own
secure method to post.
ssh to your own box and then upload later from
home.
Maybe internalmemos will post a graph showing
percentage from real companies vs. ISPs.
(although that may not prove anything since
the net has become "blurred")
And as for spying on personal email,
it's no longer personal once the bits are traveling over
their "wire".
This is not new insight, right?
http://tinyurl.com/3t236
Someone at the EPA is *spunking* on keyboards? How THAT is seriously SICK....
Polymorphism -- It's what you make of it.
I used to work in IT, still do some what. Right now I not only work the IT, but I am the company manager. I could care less if my employee's are looking at pr0n or slashdot. As long as its on break, and they are not swamping the pipe. Now on the company computers, thats different. Company computers get audited now and then. Not just by us, but by the software manufactures, sometimes. Last thing I want as the company manager is to have a MS Piracy person come up to me and say.. "Nope, your systems are all legal. Except for this one picture we found." .. I really don't need that.
So as I told my employees. Bring your own machine. Use it on break.
And since the IP's are static. I can tell what machine is wich.
But alas, that is my company. Every company is different. If my company was Data Housing, it would be different. That pipe means a hell of a lot more, then in a furnace company.
sin
Merf
If you like your wife's supervisor, and feel like helping her, you can inform her that she has a case for 'Constructive Dismissal' in situations such as these. SJC
That's like saying that a company can't force you to take a company administered colonoscopy unless you fart. (Assuming farting is against company policy.)
...was Hotmail particularly secure to begin with?
Note to M1-ers: a curt but otherwise insightful message is not "Flamebait" or "Troll".