Slashdot Mirror
Hotmail: Not Safe For Work?
silentknight writes "According to MSNBC, web-based e-mail providers such as Yahoo and Hotmail may not be a haven for your private e-mail anymore. At least not while you're at work. SpectorSoft is introducing eBlaster, which aims to "secretly forward all e-mail coming and going through such Web-based accounts to a spy's e-mail". Corporations will most likely argue that, because of sites like Internal Memos, companies need to keep a tighter grip on the information that flows in and out of their companies. But attempting to spying on private e-mail?? In the words of Homer J. Simpson: "Butt out, Buttinsky"."
That eBlaster software seems like a totally excellent way to increase the amount of spam you receive in your inbox per day.
Thanks, SpectorSoft.com! You've made my week!
- SMJ - (It's not just a name: it's a bad aftertaste.)
The time you spend at work, you ought to be working, not sending personal email, making personal calls, or anything besides work-related stuff.
Now this becomes a little tough because we aren't automatons and have lives outside of work that need tending to. However, to expect that what you do within the walls of your company is private is laughable.
Just assume that everything you do there is under surveillance. Heck, all your thoughts are already belong to them.
I have been pwned because my
After this was done, all virus problems on the network dropped from one incident per 2 weeks to maybe 1 incident per 4 months.
As to the privacy issue, the easy solution is to NOT SEND PRIVATE E-MAIL FROM WORK (or at least use GnuPG or PGP!)
http://www.hushmail.com
The best way to make people rise up against this is simply to encourage employers to try to apply the goals and reasoning of software like this against traditional communication services.
How many people you think would be cool with their employer listening in on their personal phone calls, and opening all their personal mail that gets sent to the office?
Apply it to everything, and people will understand that this is an encroachment on what we currently have, not a reasonable measure for dealing with a newish technology.
"Old man yells at systemd"
Not really anything new here; "The Man" can see what I'm doing right now, where I'm going, whether or not I'm logged in to a site (including my username and password), how long I've been on a certain page, etc etc etc - And he doesn't need a kiddie script to do it. That's just part of working for the DoD or any other institution that has full monitoring instilled in their computer use policy, I guess.
I mean, legally, I have to side with the companies. Their machines, their time, their liability. The can do what they want.
BUT...it does suck, and I'd hate to work for anyone that would think they needed to read my private mail. My only hope is that more and more people will leave companies that do that to work for smaller companies, or start their own, and that these smaller companies will begin to resist the temptation of corporate assimilation. I see it beginning to happen now, there are some fairly large, privately held consulting companies that foster a great atmosphere for their people. The more I see big companies doing things like this, the more hope I have that this renaissance of the small business will grow.
Their computers.
Their network.
Their time.
Their money.
'nuff said.
slashdot!=valid HTML
This isn't a direct answer to your question, but if you want to be secure in your email, you should be using HTTPS, (or some other secure protocol).
BOFHs everywhere have been doing this for ages using proxy servers and/or ethernet sniffers. POP3, SMTP, IMAP and all those aren't safe either.
... to read each and every one of the 300+ spam emails I get daily to my Hotmail account.
Of course this article is quite irrelevant for slashdotters. We should have our certificates, machines we can VNC to, encrypting proxy servers, etc.
But, ironically, it'll probably be the arrival of widespread wireless (be it 3G, a mesh network of 802.11, etc.) that provides a little privacy. Imagine, if you want to send a private email, just change your Wireless connection to be your public ISP-type network, send your mail, and voila. You use your ISP's network instead of the corporate one. Both parties are happier.
Likewise, the bandwidth I use is restricted to those activities necessary for me to carry out my duties.
I have specifically agreed to limit my use of thecomputer and network in this manner as a term of my
continued employment. Why would I expect any kind of privacy in this case?
Interested to know what people think about this.
Don't read this!
Use ssh or WinVNC (like I do) or somesuch to remotely access your home system, and run your personal stuff THERE. At work, the only non work-related software I run is WinAMP, WinVNC client and a web client. At home, I run an email client, IRC, ICQ, Kazaa, etcetera....
;-)
So long as the employer doesn't mind you connecting to your home machine (and you can encrypt that connection, somehow), then what you do with it is your own business.
Of course, you can still paste memos over VNC/ssh, so this just defers the problem somewhat.
.f00Dave
Hrm. Well the company doesn't go anywhere without my body and my mind. Does that mean I get to dictate the terms of use of these two things?
No. Remember you're the one who says because its their PC and their bandwidth (which they can only afford by virtue of the work I do for them, so really, they are mine) that it goes by they're rules. And who's they? Oh yeah, us.
I think you'll have to support your point a little more. There isn't any reason why your point is intrinsically true, especially given that the PC and bandwidth can only be purchased because of the work I do. I'm not going to roll over just because some people mistakeningly equates the ownership of property with absolute power of their use, and doubly so in a corperate envioronment where the equippment has only been purchased because of the employees.
"Old man yells at systemd"
If employees are spending that much undo time at personal email at work, I think this speaks far more about the poor quality of the managers and the low morale of the company itself, than of problems of the employees. As such, it might even be useful to have a tool to determine if managers should go based on the rise or fall of such email traffic :).
Far more often than having your boss actually read your personal email every day, companies snoop to archive this sort of information so that if they need to they can review and use it later. This possibility for abuse in this regard is endless.
My present client simply blocks all web based mail sites at the firewall. So I just send whatever I want through their corporate email system. Even mail relating to my other clients or negotiations for other contracts. If I really need security, I'll use encryption or simply give them a call. If they don't like what they'r reading or how I'm using their email system, they can either provide me with access to my yahoo email account or bite me.
It's just like my house. Anyone can look through my windows. But I can't be responsible if they're horrified by what they see.
Disconnect your television. Do your own research. Draw your own conclusions. They're probably lying. Don't be a sheep.
Yet, when a doctor, or lawyer, or any other professional service performs "hours" (I put it in quote because everyone knows that they generally grossly overstate their hours), I don't have the right to monitor their PC during the hours that they are working for me. I find it an interesting paradox that so many people will proclaim the "Yeah, well if you're doing the hours for them!" when so many other examples show that to not be how it works.
If an employee isn't pulling their weight, warn them and then fire them. It's as simple as that. I understand corporations getting a little annoyed by weenies forwarding internal emails (which is reprehensible and they should be punished), but most justifications are for pathetic, over the shoulder monitoring.
While I understand that a computer is company resources, I believe that responsible use should be acceptable and big big brother should not be there listening.
Blocking or intercepting email is more or less the same as listening in on a phone conversation. Yes, I know this horse has been beaten to death here but it's still ridiculous.
If you're not allowed to make personal phone calls then I can understand them not allowing or even monitoring personal computing use but for communications, email should be a protected medium.
There is no such thing as a "right to privacy" in the United States. Check out the Constitution and the Bill of Rights. You won't find find it along with other "rights" people say they have like, 'right to free health care', 'right to Social Security' and the often touted, 'right to party!!!'.
Strange women lying in ponds distributing swords is no basis for a system of government.
Why are you doing your personal matters on their network, computers, bandwidth?
At one of the offices I Admin, I have two terminals set up in the breakroom with access to the public email sites (yahoo, hotmail, various popular ISP's), and only from those IP's (on their own subnet /30) can they get to those sites. Those workstations are also locked down, but have games and other break related software on them. All the users know that they are monitored on the "business" network for the sites they browse and the communications they make. Everyone is content with this. There is the option to use the break room computers, and if they want to do it on their machine (yahoo, hotmail, etc) they just plain can't. (unless you ssh/telnet(sniffed)/rdp/ica/pc-any to another computer off the network.)
www.oobersworld.com - For those that ride.
"Hotmail is phenomenal if you get there within the right time frame," said Kevin Mandia, a former Air Force investigator now working as a consultant with Foundstone Inc. "You can actually see people as they travel, checking messages from different computers. You can really track people effectively."
The owls are not what they seem
You!
Slashdot isn't safe for work.
Stop. You! In the cubacle - stop reading. You're being logged and will be delt with. Soon.
-Your Loving Managment
Moneyed corporations, non-working 'poor' and criminal prisoners are turning productive citizens into tax-slaves.
This isn't a direct answer to your question, but if you want to be secure in your email, you should be using HTTPS, (or some other secure protocol).
If you're using Apache, just set up mod_ssl, and your webmail package shouldn't care if the connection is encrypted or not. The Web server handles that.
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
You're leaving out one major point -
When we (meaning the IT department at my company) monitors what users are doing, either on the internet, or anything else, they're not just doing it on company time...
They're doing it with company computers.
I am an IT manager for a local government agency. We monitor all internet usage on a regular basis. for the most part it is rather boring. This also means that if sombody uses Hotmail or some such at work it gets logged. By state statute here all documents that are created on our equipment, i.e. you type an e-mail. It becomes public record. that means any Joe Blow off the street can send in a request for copies of any and all e-mails that we have on our system. This causes a few interesting problems. So I do a couple things. 1. I do not backup the e-mail system. All users are aware of this. 2. Zero retention on deleted e-mail. 3. A signed Acceptable Usage poilicy for each user. They are all aware of the possibility of being monitored. Does this stop people, no! We have had to take action on abuses several times. Like the guy that wouldn't stop surfing porn at work, he worked in the cube and there are several women that work in that office. Bad judgement. Last week things got worse. I noticed a user surfing a little porn so I checked the logs, I was a little surprised, he was accessing a Sex Offender Database. He was looking himself up! Turns out this guy is a registered sex offender in the neighboring state. I looked up what he was convicted of and it was RAPE. Also 90% of the workers in my building are female. We would have never known any of this without monitoring our system. Our lawyers are working on what to do with him now. People can bitch all they want about Big Brother, but ever consider sometimes this is bigger than one person feeling bad? Think about how you would feel if your sister or mother worked in that office and something happened. Wouldn't you have wanted us to do something about it? Take off the blinders and step off the soap box, because until you are the one responsible you don't know shit.
We have a very strict standard for e-mail. All e-mail that comes into our network belongs to the company, not the employee. If it's using our servers, it's ours. Granted, we don't allow managers to indiscriminately view an employee's mailbox without HR approval but we will do our best to protect our assets.
I block all web-based e-mail from our proxy - like another poster said, it prevents users from downloading viruses. I work in the medical field and we have to protect patient data so there's also the added risk of someone sending confidential material out of the company through a webmail account without our ability to take corrective action because of the lack of proof. Originally, I had to block hotmail because MS Proxy Server used to crash whenever someone accessed Hotmail so our company policy was actually born out of protecting our proxy server.
eBlocker, like so many other key logger programs, intercepts the email, web sites, etc before it reaches the network. So hushmail won't help.
So it's feudalism at work; democracy on your own time.
Your words could apply just as well to someone justifying plutocracy as the logical system of government for a nation -- the wealthy landowners get to make the decisions, because they literally own the country. Somehow, in these modern times, we've decided that that's just not acceptable anymore. Why do we still put up with it at work?
I have been getting a lot of spam lately on an address I only give out to my friends.
They all seem to keep it in their hotmail and yahoo address books.
Is that the spam leak?
Mouse powered Chips, Open source Processors and Lego
Err, excuse me, but since when have we had the expectation of privacy when using company resources?
You send email via Outlook and your company's Exchange server. It's logged (or at least monitored), for legal reasons.
You Web-browse on your company Workstation during lunch. It's logged (or at least monitored), for legal (and HR) reasons.
You send IM traffic across the company network to an external friend via ICQ. It's logged (or at least monitored), for legal reasons.
You send email via Hotmail using a company Workstation, out a company NIC, across the company Cat5, through the company switches and routers, out the company gateway and upstream to you company's service provider. It's logged (or at least monitored) for legal reasons.
Personal use of company assets on company time. Unless you have an absoultely rockin' Acceptable Usage Policy (from the employee's point of view), you're "up shit creek without a paddle".
You can bitch and moan about this kind of thing all you want, but it comes down to one thing. Is use of Web-based mail against the AUP policy you signed when you commenced work? If it is, and you do it anyway, you're screwed.
Sheesh, you'd think it was rocket science or something...
Janie took my gun...
CIA Operated.
The Spyware VS. Privacyware battle continues. I wonder if Pest Patrol will be able to tip us off that this crap is running, or even better, take it off our systems. I guess thespyware VS privacyware battle will continue to rage until both seem pointless.
The Uncoveror: It's the real news.
Man, that site is hilarious! You can't make stuff like this up :-)
Do you even know anything about perl? -- AC Replying to Tom Christiansen post.
Putty is an amazing little win32 ssh client (does telnet and a few other things as well). For me, if I am working on windows and need to check my mail, I ssh out to my linux box and fire up pine. No muss, no fuss. It is worth checking out the license link... Simon, you ROCK!
+++ UGUCAUCGUAUUUCU
I have a shell where I host my web pages and such... or at least theoretically where I would host them were I to have any.
I ssh into that and use pine while at work, and then when I am home I use pop3 to yank it down.
this has worked well for me and I'm gonna stick to it. it isn't free like hotmail, doesn't have a slick web interface... or at least a web interface - but I like it well enough.
(it is like free to me because I would have this account whether I were using the e-mail or not)
There are some odd things afoot now, in the Villa Straylight.
Who, is his right mind, ever thought Hotmail was a haven for commercial or otherwise private information, when not a month goes by without a new flaw in their security or a new loophole in their privacy policy comes to light?
Additionally, that e-Blaster software even traps and logs the keystrokes of the workstation: not even SSH or any other software that requires typing your password will help you here. If you're using your company's computer, and you are subject to their rules. ***END OF THE STORY***
¦ ©® ±
Wow, you're a confused reactionary. Congrats.
If you want to use the company PC, and the company bandwith, even forgetting company time to forward your friggin' chain e-mails around, I think the company has a right to know about it.
If you want to slack off so bad, open a frigging book. Or bring a Gameboy, if that's too intellectual for you.
I'm not going to roll over just because some people mistakeningly equates the ownership of property with absolute power of their use.
That's funny. Especially in this situation, how is that a mistake?
The last place I worked, I had to do something like this. We had a problem with an employee who was suspected of leaking company trade secrets to a competitor.
It turns out she was using a Yahoo e-mail account to send CAD files of complete circuits to her "ex" boyfriend at a competitor. She was doing this from computers at work, and yes she had authorization to access the CAD files in her job.
Because we were able to monitor the activity, the company knew what/when/where the files went. She was fired for cause and we contacted the competitor and waved the evidence. They had little choice but to fire the person on the other end and we watched them close to see if they introduced any "new" products over the next year or so that were based off of our designs.
* * *
Fast forward to my new company -- a once major telecom giant -- they now block all webmail sites they can find via their firewalls.
Simple fix? Squid proxy on your home computer running on port 443 (HTTPS) and requiring a username/password.
Learning HOW to think is more important than learning WHAT to think.
This software = keylogger on steroids.
Essentially, it doesn't matter if you're using 183903248099041-but SSLv329780132 encryption between your computer and the mail system, because the monitor is ON YOUR COMPUTER and logs the email before it's encrypted.
retrorocket.o not found, launch anyway?
I teach in the public schools in NY state and we have had all free email sites (yahoo, netscape, etc) blocked by the damn firewall. The reason given is that such things allow for malicious attacks on the network. Is there any truth to this? I imagine that there are better ways to attack out school system's network than My Yahoo (not that I'm looking for those ways). I just want to use my Yahoo account to read mail on my free period and communicate with students.
Can anyone give a compelling reason why this should be firewalled or, better for me, a compelling argument as to why it need not be?
Yeah, I'm as old as my UID would suggest.
I assume their product works by installing a global hook via SetWindowsHookEx(). They probably register to be notified of window messages pertaining to keyboard and drawing.
Sure enough, a google search of 'eblaster dll' turns up URLMKPL.DLL in the first hit. I'd like to dumpbin this DLL to see exactly what they call.
The point is that https: protects the links. It cannot protect the endpoints.
John
11. So, if eBlaster does not show up anywhere, how do I get into it?
So does anybody know what those four keys are?
I wonder if Adaware will be updated to kill it. It should be a simple matter to find the dir and delete it tho.
Anyone who is skilled will know how to encrypt their outgoing connections. Or even will know a few free e-mail services (hushmail anyone) that can encrypt their connection when they check e-mail.
Personally I try to SSH to my mail servers when I need to.
Just remember though. If you are going to rely on SSL to protect your e-mail. Don't use IE (since it would be easy for a company to put a Man in the Middle attack on your IE). Use Mozilla or Something that does SSL properly.
~ kjrose
meh, more resons not to use hotmail
running own server = good
Contrary to the large contingent of "company can do whatever it wants on its property" boosters, there in fact seem to be all kinds of legal protections and privacy expectations established for workers in corporate offices.
The fascist model that says otherwise is not only frightening, it's untrue.
The full quote from the lawyer in the article (in reference to the 1986 Electronic Communications Privacy Act):
Spyware like that produced by SpectorSoft and competitor WinWhatWhere Corp. has not yet faced a definitive courtroom test. But David Sobel, general counsel of the Electronic Privacy Information Center, equated private Web-based e-mail account with an employee receiving a personal letter through the company mailroom. The contents of such a letter are protected by U.S. mail regulations.
"The question is: Is there a reasonable expectation of privacy? I would argue that if a company.com account is provided to me for company business, I can assume it might be subject to monitoring
We know where leadership by an anti-intellectual "strongman" who scapegoats minorities and likes boisterous rallies goes
One day I'll drag the name of that webmail provider out of you!
Why do you need it?
Become your own webmail provider.
I use fetchmail to grab mail from remote sites. I also point the primary MX for my own domain to my home box. This consolidates most everything into one email address.
At that point, you can use imap(s) and horde/IMP to create your own webmail service... or just SSH in and start up your favorite mail program remotely. (I've even done it with Netscape/mozilla .. It's slow, but it works).
20MB max?? HA! how big is your /var partition?
The biggest problem I currently have is that, with Mozilla, the SSL Certs for my web server and imaps server collide. If I save the cert for one, the other claims that it's invalid.
Free Software: Like love, it grows best when given away.
The problem I have with this sort of monitoring is it requires interpretations on the part of the reviewer. What should matter is whether I am creating a hostile work environment and whether I am doing my job. End of story. Mess up on either of those and you should be out the door.
These sorts of issues are very similar to consensual crimes where the government wants to monitor what you do between consenting adults.
"Only one thing, is impossible for god: to find any sense in any copyright law on the planet." Mark Twain
These days, it's more likely that if the kids know the parents well enough, they will be able to guess the parent's password.
Chances are it's the name of the family's dog/cat, the word 'password' , the first letters of the kids' names concatenated together, the parents' initals + birthdate, the home address + last 4 digits of phone number and so on. Most PARENTS don't know how to use proper passwords and can never remember them so they use 1 password for everything from their bank account PIN to ISP logon.
(Now my dad on the other hand ... he has been a UNIX admin (real unix mind you, not linux) since the 70s ... he uses STRONG passwords.)
Smoking pot is not be any means equivalent to smoking crack. Someone who smokes crack is called a crackhead/ Someone who smokes pot is called an almost-blind person, or in some cases, a person appetitie challenged.
That doesn't make any sense, what you just said. They found information proving that the man had lied on a job application. I work for the public sector; it seems pretty universal that you get asked whether you have been convicted of any crimes on your application. What other possible reason would they need for firing this guy?
18. I do not have physical access to the PC I wish to monitor. Does eBlaster support remote installation? eBlaster can be configured to send the program installation file to another email address. Assuming that the receiving email client will allow the receipt of a .EXE file attachment and that the user opening the email clicks on the file attachment, then eBlaster will automatically install itself on that computer. Once installed on the remote computer, eBlaster will send recordings from that computer to your email address.
VERY IMPORTANT: You MUST be the owner of the computer to which you are remotely installing eBlaster. If you are NOT the owner, or have not received permission from the owner to install eBlaster on that computer, you could be in violation of state or local law by monitoring the activities of property that does not belong to you.
A shell account at an ISP (or to home if practical) is like a Swiss army knife.
By using SSH and port forwarding you can encrypt and protect yourself from almost any corporate sniffer, access blocker, or packet logger (at least plain text).
Even if your not using it to "bypass" a restriction, its worth the effort simply for the encryption over the local network.
My last job used to block DejaNews and Google groups. I used it for quick fixes and support. If your ISP is not running a proxy you can run your own small proxy like cj.pl (cookie_jar) or junkbusters and bounce from that.
I guess my point is, if you need it, there is a way to get access to it. It may not be ethical and may raise suspicion and get you fired but it works.
Bad boys rape our young girls but Violet gives willingly.
In business, there are employers and employees
That's a pretty antiquated idea of business relationships nowadays. 30 years ago bosses (who very often were also the owner, and hence had more of a theoretical basis for it) could tyrannize their employees, almost like a parent-child relationship. In the modern era that sort of behaviour is relegated to sweatshops, and instead most "employees" are adults who deal with their bosses in a adult-adult relationship. A better representation of an employee nowadays is that they are businesses offering services to their "employer" (indeed, many companies have simply gone the contractor route, a movement which empowers workers more than most understand). There no longer is such a thing as long term stability or company loyalty (on the flip side there is very little employee loyalty), so classic, outdated notions of the relationship no longer hold true.
I should note that I am an employer, and indeed I've actually argued on BEHALF of employer rights in many discussions in the past: I have the right to block whatever websites that I want, or to bar people from installing whatever OS they want, or from having admin priviledges. These things I do when I feel that there is a credible, reasonable, quantifiable risk to my organization. I will say, though, that most monitoring tactics have nothing to do with that, but rather it has to do with "putting employees in line". It's the same out outdated in-your-face method of "ensuring" employee productivity that has failed for generations, but there remains a contingent of people who still believe that if they just capture weblogs and read people's email, somehow that'll make them more productive. I treat all of the people who do work for me as businesses, and the control that I have is that I can cease requiring their business when the net detriment to me outweighs the benefit.
"Mr. Wong, we've been monitoring your incoming hotmail and we can only assume you've spent hours of company time sending out hundreds of inquiries requesting information on how you can lengthen your penis by 3-4 inches with some kind of herbal supplement..."
Phallic Symbols in LOTR
Nothing ZoneAlarm and PGP can't solve.
My life is one big siesta in which I'm dreaming I wished my life was one big siesta.
this, is why unions were formed.
employees are STILL just "labor" - and we as americans fail to realize this. there is a division between owners and labor, and the owners only look out for their own interests.
never forget that labor is considerred to be the same as the chair you are sitting on, or the building you are working in. it is an asset and nothing more.
this is why unions are formed, because labor eventurally demands to be recognized as greater than any of the other means of production.
... hi bingo
All mail is opened before being delivered to the recipient. I have NEVER received a sealed mail while working here.
Well, twice. They didn't bother opening some junk mail on a Novell training seminar.
At a call center job four years ago (Inbound only, I answered a warranty line) calls were randomly monitored. Same at the job I have now. I once heard a rumor that the company was looking into the cost of recording cell calls, but I think (hope) it was all talk.
IM logging and blocking is a priority for the network admin (Per orders from higher up). Yahoo and AIM are heavily abused.
There are a number of people in this company who would LOVE to get their hands on a copy of this software if they knew it existed.
"Live Free or Die." Don't like it? Then keep out of the USA
I'm no lawyer, but presumably a few people at Nolo are, like the person that wrote this article about your rights at work. Surprising you have very little.
_______
2B1ASK1
I have consulted the oracles and they have spoken. The secret combination is Ctrl-Alt-Del and then 'T'. That will show the Task Manager (assuming you are in Windows), and there you can probably see the sucker running.
Rome taught me patience and assiduous application to detail. Virtues which temper the boldness of great, general views.
It's not really a word, but since it has no spaces in it, it would be usually be counted by word cout programs as a single word. I say usually because it contains punctuation. Some apps consider certain punctuation characters as a space. Consider "his/her" for example being 2 words, but 1234.45 is a single entity, so www.example.com would most likely be considered one entity, and http://www.example.com would be two, or four.
:-)
But we are getting a little off topic
Basically, keyloggers kill ALL privacy regardless of the use of transport level security, and SSL is no longer secure anyway if you use IE due to flaws in the SSL code in Windows.
The real answer is that if you expect ANY privacy at all, don't conduct your private business while at work. You may also want to consider working for a company that respects it's workers and their privacy instead of working for one that considers employees as "property".
Typing away in Emacs. "Damn, there's that blasted eBlaster again! Every time I try to run my HTML Tidy Lisp script...."
"Live Free or Die." Don't like it? Then keep out of the USA
Well, I over heard a technician arranging a date for lunch when he was supposed to be getting our server working. Wouldn't have minded if he had done it after the server was fixed, or if he had used his own phone. But the server is still down, and it was a company phone.
Monitoring is a good thing, but it can be abused. Just like security cameras in a department store or bank. There is normally no trouble, so nobody looks at the tapes. But when something happens, those tapes can help solve the problem.
Xaotik Designs
We don't give up all our rights just to work for The Man. I get breaks at work, I use the bathroom, and I get some privacy. As long as I don't abuse the resources given me or take outrageously long breaks, I ought to be able to make a personal phone call, check my e-mail, or read part of the paper.
Having some personal time at work guarantees that I'll be sane enough to be productive the rest of the time. If I couldn't take a break and have a little privacy, I'd probably end up staring blankly at the screen drooling on my keyboard and I'm sure the IT folks would REALLY love that.
-Me
Under capitalism man exploits man. Under communism it's the other way around.
If i ssh, vnc, or just use the internet for ANYTHING that is not work related, it leads to instant termination. Apparently not even a warning.
Now, they had clearly laid out what is work related and what is not, but it's just the fact that if I do a google search it could lead to my termination.
Then again, I work with a VERY large database of people's private information. (Everything from names, phone #'s, social security #'s, credit card #'s... etc etc) I think the largest fear is that someone could start sending customer data back to their home PC. The other fear is infecting the network w/ a virus. (It's all Windows 98 - 600 machines...) That virus would spread like wild-fire through the company.
If I was in IT, I'd get them changing some things, but that's me. Possibly the reason why I'm NOt in IT. oh well.
So yeah - make sure you're allowed to remotely access your home PC, cause if not, you can be fired.
In theory, yes; in practice, rarely. When wealth and power are concentrated under the control of a few, the rest of us end up with little choice.
Why in the world do you associate opposition to a fundamentaly broken system with a desire to be a hermit?
Tom Swiss | the infamous tms | my blog
You cannot wash away blood with blood
> Just like security cameras in a department store or bank. There is normally no trouble, so nobody looks at the tapes.
Here in the USA, there have been quite a few news reports of the fuss when people discover the hidden "security" cameras in rest rooms and dressing rooms.
If you believe those tapes are only used when there is some sort of trouble, you don't understand the real motive for installing them.
"Hey, there's trouble in dressing room 3." "What sort of trouble?" "This chick walked in carring several swimsuits." "Ooh! We've gotta make sure there's nothing illegal going on in there."
Those who do study history are doomed to stand helplessly by while everyone else repeats it.
So, they want to read my personal email but they don't want to read my ideas on how fix some corporate IT problems?
Perhaps I should put my suggestions in personal emails sent through Yahoo!, that way they might get some attention.
Speak truth to power.
When we (meaning the IT department at my company) monitors what users are doing, either on the internet, or anything else, they're not just doing it on company time... They're doing it with company computers.
You're right. By the way, when someone at the company is thinking about something that is non-work, they are doing it breathing company air, sitting at a company desk, being lit by company electricity and heated by company heat. I guess that means it's OK to develop a thought-monitoring device and use it against those ungrateful bastards...
There are two types of workers, those who WLL get the work done regardless of distractions and those who will NOT get the workdone even if placed in a locked room. Hire and trust good people! Big brother tactics just makes the productive people less productive and won't fix the duds.
Read the article.
eBlaster is a fancy keystroke logger. Encrypted network connections are completely irrelevant.
SSH, Pine, VNC, anonymous web services--choose whatever gets through the firewall, and keep your mail yours.
If you are on your employers time and equipment expect this sort of thing. Too bad for them, that they cannot have it both ways. Either they allow open communication or not...
Blogging because I can...
"eBlaster is fully compatible with Windows XP, Windows 95, Windows 98, Windows ME, Windows NT and Windows 2000."
Software that monitors what web pages you view... Wait until they see how much time you're spending at /.
Wait, what are you doing here now? GET BACK TO WORK!
Aren't other trojans like Back Orifice and NetBus marketed as 'network tools'? How long before anti-virus programs either add this to their lists or are somehow convinced (bought out, coerved) to intentionally keep this from their list like that did with the FBI's Carnivore program? If you purchase the software eblaster you would think it is yours ,
but that is not the
case.
Spector soft designed the software to periodicly register its serial number with there database. This way if the software is installed in one or more machines they disable your software. Sure a firewall would prevent this communication, but it should also prevent the program from working anyway. I also woant to know what level of trust would one place into a company that can then have total control of your system. Are all those emails marked 'confidential' being sent to the company president also being routed to some other location? In this case security is only as strong as this software company's security. Could someone not take over and then have instant access to hundreds of corporate zombies? Sorry, but I am not about to take that chance.
Cave, wreck, and deep diver.
From the HushMail FAQ:
Can HushMail protect against keystroke recording?
Hush cannot protect the user against this kind of security threat as our system is designed to ensure secure transmission of data between computers only. If a HushMail user's private computer has been compromised or if they are accessing their HushMail account from the workplace where keystroke recording software is installed, their HushMail passphrase may be accessed by a third party.
To combat keystroke recording software, we suggest you:
* Change your HushMail passphrase regularly
* Choose a secure passphrase
* Update your virus checking software regularly
* Send sensitive communications through your private/home computer
As much as it's evil... information privacy is a tricky business.
Forget the law, forget everything else, let's talk morals and common sense here.
I'm your boss. It's my network, outright. You work for me.
Should I be able to read all your emails and learn private details of your private life? Should I be able to learn which other poeple in the office you've been sleeping with? Of course not, that's personal.
But.. when information worth millions suddenly appears on the black market, and SOMEONE leaked it, should I be able to look through a log of ALL my network traffic and find out who sent it? DAMN STRAIGHT I should.
Yes, it's hard to draft a law that says this, as there is always room for abuse.. and that's the problem. It's a fuzzy thing.
Limiting access to information is one thing.. but controlling the USE of that information is far more critical.
This afternoons events in the restroom.
The events eluded to are funnier than an outright statement of what happened would be.
Maybe the state's highest function is to grind out insoluble problems. (Zelazny, Hall of Mirrors)
I guess that means it's OK to develop a thought-monitoring device and use it against those ungrateful bastards...
You can't just compare apples and apples, can you? You just sort of compare apples, and whatever-the-hell-you-want. That's a sure sign of someone who doesn't even know what point they're trying to make. That's your head, idiot. Even if I could read your thoughts, it's not appropriate. God knows why I'd want your thoughts, though, if they're all as good as the ones above.
In response to one of the other posts, that arguement is also flawed. Is it really appropriate to use office supplies that are not yours for personal correspondance? No. Not at all. Is it appropriate for you to write a letter to a friend on a break? Yes. But you'd better not use the company letterhead, and drop it in the slot, so they pay postage.
If you want to make an arguement that it's okay to use stuff that isn't yours for whatever means you want, go back to hippie land, okay? We're in the real world now. Grow up.
You're using a computer that isn't yours, bandwidth that isn't yours, and everything else. If you want to use it for personal shit, ask. Not many companies will tell you that it's okay. Most will tell you that it may be monitored. And it should be. If you want to bring in your laptop, cell phone, and fire off a private e-mail on a break, do it. But realize the difference between your stuff and not your stuff.
When I'm using a Linux box away from home, and I absolutely don't want my web traffic to be able to be sniffed, I use this semi-quick solution.
I installed Squid (the proxy server) on my box at home (which has a cable connection) and then use this simple one-line SSH command to create a SSH tunnel, which forwards all my web browsing to my proxy server at home, across an encrypted channel.
ssh -o ProtocolKeepAlives=15 -q -f -N -C -g -L 45855:localhost:3128 myusername@MY.HOME.IP.ADDRESS
Then I just have a copy of Opera on my machine away from home, set to use a proxy server on localhost port 45855. Works beautifully for web browsing that a company can't sniff.
Note that I used the "-g" option of SSH, which allows other machines to connect to my locally forwarded ports (i.e. they can use the proxy server back at my home by connecting to the local port on my machine.) Take it out if you don't want this.
Just a quick FYI
https://mail.yahoo.com
This won't stop them from tracking you, but at least your content will be private.
There is constitutional right to have your employer to kiss your ass and take care of you.
Strange women lying in ponds distributing swords is no basis for a system of government.
From Government intrusion not from corporate monitoring on corporate property. Big difference.
Strange women lying in ponds distributing swords is no basis for a system of government.
...And it's the company bathroom, too, so cameras in there are just fine. And that's a company desk, so if an employee writes a note to themselves (especially if they use a company pen or company paper) then you have a right to sneak into their purse and make a copy. And it's the company cafeteria and the company health insurance plan, so monitoring and regulating what employees have for lunch is a perfectly reasonable activity...
Some companies need to realize that their employees aren't company property. As the workplace makes increasingly irrational demands upon employee's personal time, employees have no choice but to squeeze in necessary personal tasks wherever they can. Alleged "security concerns" are another convenient sham to justify increasingly intrusive tactics on the part of power-hungry execs and admins who have no faith in their employees and who lack the management ability to create a productivive workplace without resorting to intimidation and coercion.
Encrypted communications will not help here, as the software is a "trojan" installed on your PC, logs every keystroke, and intercepts content of email after it has been decrypted.
Basically, if you cannot trust the PC that you are running your HTTPS browser on, you should assume that the encryption is not giving you any protection against the owner of that PC, or anybody else who "0WNZ" that PC...
Personally, I bring my personal laptop to the office each day, run a local firewall on that laptop, connect it to the office LAN, and never install any company-provided binaries on that laptop.
The company provides a corporate-owned business desktop, and I use that machine solely for messages and network traffic that I would not have any problem with the helpdesk people reading -- since the corporate standard is to install LanDesk, I have to assume that the HelpDesk people can and do have access to anything on that machine.
Keep your business life as distinct from your personal life as you possibly can.
I do not deploy Linux. Ever.
Let's get drunk and delete production data!
three words: tongue in cheek
if you don't know what that means, it's not frenching
It runs on my own server, not a commonly-blocked Hotmail server. It even lets me reply to messages. And because it's on my own server, and written in good-ol' PERL, I was able to completely customize it - to filter spam a dozen ways from Sunday, including naughty-word lists, friend lists, and blacklists. I can do much better filtering than common POP3 programs (Netscape, or Eudora, or Outlook Express) because I have absolute control - I can filter on any part of the message, strip out HTML, limit download size, you name it. In fact, I like it so much I have started using it FIRST to identify and delete spam before I run OE to download the mail onto my PC.
Don't grouse to me about server space; I'd bet 90% of /. readers have server space with cgi-bin access. If not, and you're getting blocked at work, this might be a good reason. Are you unwilling to pay $5-10/month for this?
Com'on, instead of whining about it, do something useful.
--Brandon / Split Infinity Music
Unless your workplace and network are used by experienced computer people (ie; those who are competent in their operation and know all the risks they might be open to in there use), then your fellow coworkers make computers not safe for work. Email. Surfing. Games. Programs. Sticking their tongues in electrical sockets. Sure, security helps, but you can only do so much for the gimp behind the keyboard.
You need a FREE iPod Nano
And when you've had the "screw it" attitude for the past 3 years, and either quit jobs or just generally been an ass, then how do you find another job when you have no good resume references from former employers.
Interview/Application Question: Previous employment
Ummm.... I've worked at many companies, but prefer not to name them as they now hate me. It's all their fault though, really!
I prefer to do a good job, enjoy my work and take pride in what I do. I do check my own emails, post to/read slashdot, etc.
However, I try to not tie up a lot of time I could be being productive. It also helps that when I ask for a day off, or a perk/raise, I often get it or at least get reasonable consideration. There's no reason to work like a slave, but a little honest dedication tends to have its rewards.
was hotmail ever considered a secure way to do anything?
-
Yes, yes. I want to read their minds, and photograph them in the bathroom.
;p
Let's play a game. Let's play the "Test to see if that's what I said game." It goes like this - I take the statements you say I made, and find out if I made them.
then you have a right to sneak into their purse
Nope.
And it's the company bathroom, too, so cameras in there are just fine.
Again, No.
And it's the company cafeteria and the company health insurance plan, so monitoring and regulating what employees have for lunch is a perfectly reasonable activity...
Wow. Again, not even close.
Are you having trouble staying on the same track? Maybe you have ADD? I recommend the advice of a health professional. In the meantime, let's talk about something even mildly related to what I said.
*COMPUTERS*
Of course, since you didn't actually argue against anything I said, I don't really have to elaborate my point! I guess you saved me some time, at least.
At that point, you can use imap(s) and horde/IMP [horde.org] to create your own webmail service...
Don't bother with horde. Get Squirrelmail and you won't regret it.
//m
This is the old statement that the moment something goes into computerland all laws change. It is being continuously abused to revoke various rights we have as consumers, customers and simply humans.
Sorry, but I find this argument completely fallacious. There is no frigging difference between a computer, a pen, a company watercooler (forgot those didn't you?), a company microwave in the company kitchen and the company toilet in the company bathroom.
All of those are company property. As an employee you are entitled to use every single one of them as long as you follow a certain set of rules. The company has no justifiable right whatsoever to violate your rights when formulating any of the rules dealing with these.
And more to it in most civilised countries these rights are unforfeightable. So even if the company has imagined that it has the right, the court will quickly teach them of the opposite. Even if you have signed a contract forfeighting them.
A typical example is one unnamed big american corporation in Germany. For whatever reasons it found out that employee X during the lunch break did his weekly shopping and had the boot of the car fool of beer on the premises. Fired on the spot of course. Two months later the court awarded the employee half a million DM and reinstated him. Because according to German law the company had no right to search the car, had no right to manifest any interest in what is in the car and the employee had a right to privacy.
Same stands for private email and private phone calls from work. Once again giving germany as an example. The employer is entitled to ask the employee to pay for private phone calls but cannot state in any document any details about them that disclose the exact destinations. Which usually means cannot question those destinations. Similar rules stand for snooping the network.
Let's take another country to make the list full. Let's take the country with the second worst employment rights record after US - the UK. Every employee is entitled at any time to ask the company to hand him every bit of data being kept on them. Ask and make a reasonable scandal of the fact that IT or other people have read communication with your wife. After you have done it two or three times urge to snoop disappears very fast. Pity brits do not have the habit to behave this way.
So this problem is localised completely to a certain world region. And it is quite time for this region to start learning the value of human rights instead of trying to teach the rest of the world about them.
Baker's Law: Misery no longer loves company. Nowadays it insists on it
http://www.sigsegv.cx/
The person was trying to illustrate a point about privacy and the implications software such as this has on our right to privacy.
;p If you want to draw a parallel, how about this? You work for a company, and they give you a car, with the understanding that you're supposed to use it strictly for work purposes. In keeping with the slashdot story trend, this car has a GPS unit, that logs the cars position. Is this an invasion of privacy?
The person, if they're really trying to do that, should realize something about the implication software such as this has on our right to privacy. (If it's installed on your computer at work.)
*none*
Remember when you have an expectation of privacy. In your purse, or bag. In your home. In the bathroom.
*NOT* in public. If you're walking around on the street, everyone can see what you're doing! My, imagine what that does to your right to privacy! And you don't have it here, either. Especially since they warn you! It's monitored, doofus!
Try to put it in perspective, instead of jumping on the 'cry wolf' bandwagon, okay? Fifty years ago, if an employer wanted to look at your files, it was perfectly normal. Now, if an employer wants to know what you're doing with his computer, it's an invasion?
Bull. People like the guy you're defending draw all sorts of insane parallels with this. Mind reading. Spy cameras in the bathroom. People like the guy you're defending have uh... mental problems.
If you said no, then I wonder why you disagree with me so strongly. If you said yes, how about this: what if he just asks you where you've been? I find it hard to believe that you'd think that was an "invasion of privacy". And then what are you really saying? That it's okay for him to know what you do, so long as you can lie about it a little bit?
Har. Blinders indeed.
"Breathe on your own time, dammit!"
Had to be said.
-- Terry
And CEOs need to realize that the only reason they are making any money is because of the employees. It works both ways. Corporations ceaselessly take advantage of both employees and customers, and it seems to get worse every year.
I can't speak for the rest of the sheep, but I won't be a slave to a company that routinely treats me like shit. I've walked away from a very high paying job without a second thought because management took both their customers and their employees for granted.
Unfortunately, some people have families to feed and that's not an option for them, and all I can say is next presidential election, vote Green Party. They're on your side.
This message brought to you by the Council of People Who Are Sick of Seeing More People.
This is not an ideal solution. Basically you get a lot of spam, some personal email, and maybe the occasional company memo. Especailly if you monitor inbound mail, I think there are some issues not only with privacy but also with effective security and draning resources from places where they would be better spent.
LedgerSMB: Open source Accounting/ERP
Never fear, the law is here... Don't worry that your company is secretly copying all your emails, becuase you own the copyright on each and every one of them. And even if you have signed them away, your friends happen to own the copyright on all the emails comign into the system.
It will become very expensive very quickly for companies to keep copies of employee emails when people begin sueing for license fees ($4,000 per email, right?)...
"Your superior intellect is no match for our puny weapons!"
That these companies will simply lose competitive advantage from the waisted time and energy monitoring the emails.
Remember, though, where I work we have a site license for VMWare. This does NOT prevent me from installing GPG and incryping the memmo with a GPG key on a floppy disk and then attaching it to an outgoing email (or uploading it to my sftp server at home).
LedgerSMB: Open source Accounting/ERP
(Just don't go selling access to your home box to all the nubes that download and run viruses).
Free Software: Like love, it grows best when given away.
Not to encourage the concept, but there are times when it's necessary to know what's going on, if only to protect yourself.
I have a good friend who due to a nasty personal situation (not of her making), is in need of a keystroke logger with capabilities to match EBlaster (*must* be able to capture mail sent and received thru Hotmail and the like).
But my friend really can't afford EBlaster's price. So...
Does anyone know of a good free equivalent that runs on Win32? It must hide itself from the reasonably computer-literate (tho need not be geek-proof -- just staying out of Task Manager would be sufficient) and the ability to forward captured mail, a la EBlaster, is a major plus.
My friend thanks you in advance for your help.
(Email me if you don't want to be seen posting such stuff: rividh at earthlink dot net)
~REZ~ #43301. Who'd fake being me anyway?
And I bet you are writing this email on company time, using a company supplied computer, company supplied software, and company supplied bandwidth.
;p) that half the people that go ahead and read slashdot or whatever from their desk at work never even considered asking. Why? Probably because they're pretty sure they would be told 'no'. So they do it anyway. And what does that say?
That just goes to show you that you shouldn't make bets unless you actually *know* something about the thing you're betting about.
In other words, *Bzzzzt*! That's wrong, Chuck! Tell him about his lovely parting gifts!
As far as I'm concerned, they are lucky to have employees who are as talented and hard working as we are.
Their luck balances out with lazy, shiftless employees that rely on doing just enough to not get fired, believe me.
Letting us get a little down time here and there, while providing us with a little extra bandwidth for reading news sites, should be considered a part of our jobs.
I never argued with that. And if you've asked your employer if you can do that, and he said it was okay, then by all means! In my company, while we monitor, we warn that it's monitored. And as the IT department, we don't contact your supervisor if you're reading nytimes.com all day. We don't even say anything if you're using hotjobs.com for (like some people do) over an hour each day. We do if you're looking at pr0n, or if we get a complaint. *but* I'm willing to bet (though I probably shouldn't... what did we learn about betting!
Someone at the EPA is *spunking* on keyboards? How THAT is seriously SICK....
Polymorphism -- It's what you make of it.