Your boss had better be reading any “private e-mails” you get at work. Or better, have in place a procedure for when and how the organization monitors e-mail routed through the organization’s servers. Since the organization is liable for the use or mis-use of its e-mail systems, it should be protecting itself by appropriate monitoring. More ambiguous is the issue of “private” Web e-mail accounts that employees access at work. If it’s on company equipment on company time, I don’t think there’s much legitimate expectation of privacy. Hotmail, for example, is plain HTTP. So your login and password will show up in the organization’s firewall or proxy server logs. Even for HTTPS sites accessed from a tightly configured W2K client, there are all sorts of proxies, cookies, caches, etc., lying around. All in all, “private” e-mail at work probably doesn’t exist. Send it from your own equipment. Raymond L. Robert System Administrator Oregon Board of Medical Examiners Ray.Robert@private (503) 229-5873 x. 229 http://www.bme.state.or.us -----Original Message----- From: Andrew Plato [mailto:aplato@private] Sent: Thursday, June 20, 2002 2:19 AM To: crime@private Subject: RE: CRIME postings/e-mail from Heidi Henry -mcps@private MSN and Hotmail are certainly not alone here. A lot of people check that "save password" feature for many of these online mail systems. Yahoo can do it as well. One of the things I have seen is IT folks poking around people's machines and easily getting on their private email thanks to a cached password. Its once again a place where a convenience feature can cause a security problem. Which should serve as an FYI for anybody sending a recieving private mails at work - beware of those cached passwords. If the hackers don't get them, your boss might. Do you want your boss reading your private email? I sure don't. My boss is a real jerk. :-) Andrew Plato President / Principal Consultant Anitian Corporation www.anitian.com
This archive was generated by hypermail 2b30 : Thu Jun 20 2002 - 18:58:11 PDT