Slashdot Mirror
Hotmail: Not Safe For Work?
silentknight writes "According to MSNBC, web-based e-mail providers such as Yahoo and Hotmail may not be a haven for your private e-mail anymore. At least not while you're at work. SpectorSoft is introducing eBlaster, which aims to "secretly forward all e-mail coming and going through such Web-based accounts to a spy's e-mail". Corporations will most likely argue that, because of sites like Internal Memos, companies need to keep a tighter grip on the information that flows in and out of their companies. But attempting to spying on private e-mail?? In the words of Homer J. Simpson: "Butt out, Buttinsky"."
That eBlaster software seems like a totally excellent way to increase the amount of spam you receive in your inbox per day.
Thanks, SpectorSoft.com! You've made my week!
- SMJ - (It's not just a name: it's a bad aftertaste.)
The time you spend at work, you ought to be working, not sending personal email, making personal calls, or anything besides work-related stuff.
Now this becomes a little tough because we aren't automatons and have lives outside of work that need tending to. However, to expect that what you do within the walls of your company is private is laughable.
Just assume that everything you do there is under surveillance. Heck, all your thoughts are already belong to them.
I have been pwned because my
After this was done, all virus problems on the network dropped from one incident per 2 weeks to maybe 1 incident per 4 months.
As to the privacy issue, the easy solution is to NOT SEND PRIVATE E-MAIL FROM WORK (or at least use GnuPG or PGP!)
http://www.hushmail.com
The best way to make people rise up against this is simply to encourage employers to try to apply the goals and reasoning of software like this against traditional communication services.
How many people you think would be cool with their employer listening in on their personal phone calls, and opening all their personal mail that gets sent to the office?
Apply it to everything, and people will understand that this is an encroachment on what we currently have, not a reasonable measure for dealing with a newish technology.
"Old man yells at systemd"
Not really anything new here; "The Man" can see what I'm doing right now, where I'm going, whether or not I'm logged in to a site (including my username and password), how long I've been on a certain page, etc etc etc - And he doesn't need a kiddie script to do it. That's just part of working for the DoD or any other institution that has full monitoring instilled in their computer use policy, I guess.
I mean, legally, I have to side with the companies. Their machines, their time, their liability. The can do what they want.
BUT...it does suck, and I'd hate to work for anyone that would think they needed to read my private mail. My only hope is that more and more people will leave companies that do that to work for smaller companies, or start their own, and that these smaller companies will begin to resist the temptation of corporate assimilation. I see it beginning to happen now, there are some fairly large, privately held consulting companies that foster a great atmosphere for their people. The more I see big companies doing things like this, the more hope I have that this renaissance of the small business will grow.
Their computers.
Their network.
Their time.
Their money.
'nuff said.
slashdot!=valid HTML
... to read each and every one of the 300+ spam emails I get daily to my Hotmail account.
Use ssh or WinVNC (like I do) or somesuch to remotely access your home system, and run your personal stuff THERE. At work, the only non work-related software I run is WinAMP, WinVNC client and a web client. At home, I run an email client, IRC, ICQ, Kazaa, etcetera....
;-)
So long as the employer doesn't mind you connecting to your home machine (and you can encrypt that connection, somehow), then what you do with it is your own business.
Of course, you can still paste memos over VNC/ssh, so this just defers the problem somewhat.
.f00Dave
Yet, when a doctor, or lawyer, or any other professional service performs "hours" (I put it in quote because everyone knows that they generally grossly overstate their hours), I don't have the right to monitor their PC during the hours that they are working for me. I find it an interesting paradox that so many people will proclaim the "Yeah, well if you're doing the hours for them!" when so many other examples show that to not be how it works.
If an employee isn't pulling their weight, warn them and then fire them. It's as simple as that. I understand corporations getting a little annoyed by weenies forwarding internal emails (which is reprehensible and they should be punished), but most justifications are for pathetic, over the shoulder monitoring.
While I understand that a computer is company resources, I believe that responsible use should be acceptable and big big brother should not be there listening.
Blocking or intercepting email is more or less the same as listening in on a phone conversation. Yes, I know this horse has been beaten to death here but it's still ridiculous.
If you're not allowed to make personal phone calls then I can understand them not allowing or even monitoring personal computing use but for communications, email should be a protected medium.
You're leaving out one major point -
When we (meaning the IT department at my company) monitors what users are doing, either on the internet, or anything else, they're not just doing it on company time...
They're doing it with company computers.
I am an IT manager for a local government agency. We monitor all internet usage on a regular basis. for the most part it is rather boring. This also means that if sombody uses Hotmail or some such at work it gets logged. By state statute here all documents that are created on our equipment, i.e. you type an e-mail. It becomes public record. that means any Joe Blow off the street can send in a request for copies of any and all e-mails that we have on our system. This causes a few interesting problems. So I do a couple things. 1. I do not backup the e-mail system. All users are aware of this. 2. Zero retention on deleted e-mail. 3. A signed Acceptable Usage poilicy for each user. They are all aware of the possibility of being monitored. Does this stop people, no! We have had to take action on abuses several times. Like the guy that wouldn't stop surfing porn at work, he worked in the cube and there are several women that work in that office. Bad judgement. Last week things got worse. I noticed a user surfing a little porn so I checked the logs, I was a little surprised, he was accessing a Sex Offender Database. He was looking himself up! Turns out this guy is a registered sex offender in the neighboring state. I looked up what he was convicted of and it was RAPE. Also 90% of the workers in my building are female. We would have never known any of this without monitoring our system. Our lawyers are working on what to do with him now. People can bitch all they want about Big Brother, but ever consider sometimes this is bigger than one person feeling bad? Think about how you would feel if your sister or mother worked in that office and something happened. Wouldn't you have wanted us to do something about it? Take off the blinders and step off the soap box, because until you are the one responsible you don't know shit.
So it's feudalism at work; democracy on your own time.
Your words could apply just as well to someone justifying plutocracy as the logical system of government for a nation -- the wealthy landowners get to make the decisions, because they literally own the country. Somehow, in these modern times, we've decided that that's just not acceptable anymore. Why do we still put up with it at work?
CIA Operated.
Man, that site is hilarious! You can't make stuff like this up :-)
Do you even know anything about perl? -- AC Replying to Tom Christiansen post.
Who, is his right mind, ever thought Hotmail was a haven for commercial or otherwise private information, when not a month goes by without a new flaw in their security or a new loophole in their privacy policy comes to light?
The last place I worked, I had to do something like this. We had a problem with an employee who was suspected of leaking company trade secrets to a competitor.
It turns out she was using a Yahoo e-mail account to send CAD files of complete circuits to her "ex" boyfriend at a competitor. She was doing this from computers at work, and yes she had authorization to access the CAD files in her job.
Because we were able to monitor the activity, the company knew what/when/where the files went. She was fired for cause and we contacted the competitor and waved the evidence. They had little choice but to fire the person on the other end and we watched them close to see if they introduced any "new" products over the next year or so that were based off of our designs.
* * *
Fast forward to my new company -- a once major telecom giant -- they now block all webmail sites they can find via their firewalls.
Simple fix? Squid proxy on your home computer running on port 443 (HTTPS) and requiring a username/password.
Learning HOW to think is more important than learning WHAT to think.
11. So, if eBlaster does not show up anywhere, how do I get into it?
So does anybody know what those four keys are?
Contrary to the large contingent of "company can do whatever it wants on its property" boosters, there in fact seem to be all kinds of legal protections and privacy expectations established for workers in corporate offices.
The fascist model that says otherwise is not only frightening, it's untrue.
The full quote from the lawyer in the article (in reference to the 1986 Electronic Communications Privacy Act):
Spyware like that produced by SpectorSoft and competitor WinWhatWhere Corp. has not yet faced a definitive courtroom test. But David Sobel, general counsel of the Electronic Privacy Information Center, equated private Web-based e-mail account with an employee receiving a personal letter through the company mailroom. The contents of such a letter are protected by U.S. mail regulations.
"The question is: Is there a reasonable expectation of privacy? I would argue that if a company.com account is provided to me for company business, I can assume it might be subject to monitoring
We know where leadership by an anti-intellectual "strongman" who scapegoats minorities and likes boisterous rallies goes
The problem I have with this sort of monitoring is it requires interpretations on the part of the reviewer. What should matter is whether I am creating a hostile work environment and whether I am doing my job. End of story. Mess up on either of those and you should be out the door.
These sorts of issues are very similar to consensual crimes where the government wants to monitor what you do between consenting adults.
"Only one thing, is impossible for god: to find any sense in any copyright law on the planet." Mark Twain
18. I do not have physical access to the PC I wish to monitor. Does eBlaster support remote installation? eBlaster can be configured to send the program installation file to another email address. Assuming that the receiving email client will allow the receipt of a .EXE file attachment and that the user opening the email clicks on the file attachment, then eBlaster will automatically install itself on that computer. Once installed on the remote computer, eBlaster will send recordings from that computer to your email address.
VERY IMPORTANT: You MUST be the owner of the computer to which you are remotely installing eBlaster. If you are NOT the owner, or have not received permission from the owner to install eBlaster on that computer, you could be in violation of state or local law by monitoring the activities of property that does not belong to you.
"Mr. Wong, we've been monitoring your incoming hotmail and we can only assume you've spent hours of company time sending out hundreds of inquiries requesting information on how you can lengthen your penis by 3-4 inches with some kind of herbal supplement..."
Phallic Symbols in LOTR
So, they want to read my personal email but they don't want to read my ideas on how fix some corporate IT problems?
Perhaps I should put my suggestions in personal emails sent through Yahoo!, that way they might get some attention.
Speak truth to power.
Many spammers just try random user names and hope they reach an inbox. And even if you open just one random spam with HTML 'phone come' code embedded in it, you are exposed and the spam starts rolling in.
There are two types of workers, those who WLL get the work done regardless of distractions and those who will NOT get the workdone even if placed in a locked room. Hire and trust good people! Big brother tactics just makes the productive people less productive and won't fix the duds.
Aren't other trojans like Back Orifice and NetBus marketed as 'network tools'? How long before anti-virus programs either add this to their lists or are somehow convinced (bought out, coerved) to intentionally keep this from their list like that did with the FBI's Carnivore program? If you purchase the software eblaster you would think it is yours ,
but that is not the
case.
Spector soft designed the software to periodicly register its serial number with there database. This way if the software is installed in one or more machines they disable your software. Sure a firewall would prevent this communication, but it should also prevent the program from working anyway. I also woant to know what level of trust would one place into a company that can then have total control of your system. Are all those emails marked 'confidential' being sent to the company president also being routed to some other location? In this case security is only as strong as this software company's security. Could someone not take over and then have instant access to hundreds of corporate zombies? Sorry, but I am not about to take that chance.
Cave, wreck, and deep diver.
Just a quick FYI
https://mail.yahoo.com
This won't stop them from tracking you, but at least your content will be private.
Encrypted communications will not help here, as the software is a "trojan" installed on your PC, logs every keystroke, and intercepts content of email after it has been decrypted.
Basically, if you cannot trust the PC that you are running your HTTPS browser on, you should assume that the encryption is not giving you any protection against the owner of that PC, or anybody else who "0WNZ" that PC...
Personally, I bring my personal laptop to the office each day, run a local firewall on that laptop, connect it to the office LAN, and never install any company-provided binaries on that laptop.
The company provides a corporate-owned business desktop, and I use that machine solely for messages and network traffic that I would not have any problem with the helpdesk people reading -- since the corporate standard is to install LanDesk, I have to assume that the HelpDesk people can and do have access to anything on that machine.
Keep your business life as distinct from your personal life as you possibly can.
I do not deploy Linux. Ever.