CRIME RE: CRIME postings/e-mail from Heidi Hnry -mcpsat_private

From: Ray Rober (RayR@private)
Date: Thu Jun 20 2002 - 17:38:08 PDT

  • Next message: Toby: "Re: CRIME postings/e-mail from Heidi Henry -mcps@private"

    Your boss had better be reading any “private e-mails” you get at work.  Or
    better, have in place a procedure for when and how the organization monitors
    e-mail routed through the organization’s servers.  Since the organization is
    liable for the use or mis-use of its e-mail systems, it should be protecting
    itself by appropriate monitoring.  
     
    More ambiguous is the issue of “private” Web e-mail accounts that employees
    access at work.  If it’s on company equipment on company time, I don’t think
    there’s much legitimate expectation of privacy.  Hotmail, for example, is
    plain HTTP.  So your login and password will show up in the organization’s
    firewall or proxy server logs.  Even for HTTPS sites accessed from a tightly
    configured W2K client, there are all sorts of proxies, cookies, caches,
    etc., lying around.  
     
    All in all, “private” e-mail at work probably doesn’t exist.  Send it from
    your own equipment.
    Raymond L. Robert 
    System Administrator 
    Oregon Board of Medical Examiners 
    Ray.Robert@private 
    (503) 229-5873 x. 229 
    http://www.bme.state.or.us 
    -----Original Message-----
    From: Andrew Plato [mailto:aplato@private] 
    Sent: Thursday, June 20, 2002 2:19 AM
    To: crime@private
    Subject: RE: CRIME postings/e-mail from Heidi Henry -mcps@private
     
    MSN and Hotmail are certainly not alone here. A lot of people check that
    "save password" feature for many of these online mail systems. Yahoo can do
    it as well. 
     
    One of the things I have seen is IT folks poking around people's machines
    and easily getting on their private email thanks to a cached password. Its
    once again a place where a convenience feature can cause a security problem.
    
     
    Which should serve as an FYI for anybody sending a recieving private mails
    at work - beware of those cached passwords. If the hackers don't get them,
    your boss might. Do you want your boss reading your private email? I sure
    don't. My boss is a real jerk. :-) 
     
    Andrew Plato
    President / Principal Consultant
    Anitian Corporation
    www.anitian.com 
     
    



    This archive was generated by hypermail 2b30 : Thu Jun 20 2002 - 18:58:11 PDT