Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > Surfing at Work

Reply
Thread Tools

Surfing at Work

 
 
Bill Unruh
Guest
Posts: n/a
 
      10-06-2004

]HB2 wrote:
]> Sometimes I write e-mails using a web based format (yahoo). When the e-mail
]> is of a personal issue I use megaproxy because it is SSL. Our PCs at work
]> have Windows 2000. Is it safe to assume that my e-mails are kept private
]> from my employer since they are sent using SSL? Does Winodws 2000 Server

No.

]> have monitoring tools built in or would our employer have to purchase such
]> monitoring tools seperately?
both.

]>
]> Also, its my understanding that using a keyboard log program is illegal.
]> Is this correct?

No, it is not AFAIK illegal. Employers can more or less do what they want
with their own computers. There may be some expectation of privacy, but it
is pretty weak WRT computers I believe.



 
Reply With Quote
 
 
 
 
Lawrence A Rodis
Guest
Posts: n/a
 
      10-07-2004
"Bill Unruh" <(E-Mail Removed)> wrote in message
news:ck17o1$l2e$(E-Mail Removed)...
>
> ]HB2 wrote:
> ]> Sometimes I write e-mails using a web based format (yahoo). When the
> e-mail
> ]> is of a personal issue I use megaproxy because it is SSL. Our PCs at
> work
> ]> have Windows 2000. Is it safe to assume that my e-mails are kept
> private
> ]> from my employer since they are sent using SSL? Does Winodws 2000
> Server
>
> No.
>
> ]> have monitoring tools built in or would our employer have to purchase
> such
> ]> monitoring tools seperately?
> both.
>
> ]>
> ]> Also, its my understanding that using a keyboard log program is
> illegal.
> ]> Is this correct?
>
> No, it is not AFAIK illegal. Employers can more or less do what they want
> with their own computers. There may be some expectation of privacy, but it
> is pretty weak WRT computers I believe.
>

It's a very legal thing to do. I have some clients doing it and it works
like a charm.



 
Reply With Quote
 
 
 
 
nemo outis
Guest
Posts: n/a
 
      10-16-2004
In article <Lll6d.275208$Fg5.251822@attbi_s53>, "HB2"
<(E-Mail Removed)> wrote:
>Sometimes I write e-mails using a web based format (yahoo). When the e-mail
>is of a personal issue I use megaproxy because it is SSL. Our PCs at work
>have Windows 2000. Is it safe to assume that my e-mails are kept private
>from my employer since they are sent using SSL? Does Winodws 2000 Server
>have monitoring tools built in or would our employer have to purchase such
>monitoring tools seperately?
>
>Also, its my understanding that using a keyboard log program is illegal.
>Is this correct?
>
>Thanks



Ignore the nascent Nazis who thrill to tell you you will be fired
for sending email from work, etc. ****, never mind your internet
habits, in the fascist US you can be fired for ANY reason or NO
reason - most contracts of employment are "at will." Most of
the rest of the world is more civilized.

But, in any case, don't let officious low-level functionaries
(e.g., sysadmins) with megalomaniacal dreams of power turn you
into one of the sheeple.

You are not a medieval serf. You are selling your services for
money. There is a reciprocal benefit. Your company should value
your services and it would cost them a lot of money to replace
you. You should not rip the company off by excessive use of
company facilities for personal matters, but the company should,
in turn, not try to run the company like a Dickensian sweatshop.

If they have so little regard for you as to disregard your
privacy then you are better off without them. They don't need to
continuously shine a flashlight up your ass to make sure you are
working - they can manage by results. (A dusty old book I once
read said: By their fruits ye shall know them.)

Yes, you will get rants here and elsewhere about how you owe
every second of your existence to the company and that if you so
much as go to the can they have the right to check if there is a
turd in the bowl in case you were just malingering. You decide
if you're willing to live like that - I'm not.

But before the inevitable flames begin from the net-nazis who
revel in the vicarious thrill of telling you that you will not
just be fired but burned at the stake in the company parking lot,
let's discuss mechanics.

Encrypted communications ove the company net is one way but while
they cannot check content they can know you are doing it. So let
me explain two alternatives:

1. Get an (ordinary analog) modem and surf out on the fax
line. There are prudential issues about being unobtrusive, not
hogging the line, etc. but any reasonable person will quickly
figure these out for himself.

2. Get a digital modem (not an ordinary analog one - you'll
fry it!) and surf out through the company PBX system. Yeah,
they're a bit pricey - life's a bitch! But it is very, very rare
for companies to monitor this.

For both 1 and 2 you'll need a dial-up ISP.

There are more sophisticated methods of actually using the
company internet but I will not describe them here.

Regards,

 
Reply With Quote
 
Leythos
Guest
Posts: n/a
 
      10-16-2004
In article <XVfcd.117846$a41.79640@pd7tw2no>, nemo http://www.velocityreviews.com/forums/(E-Mail Removed)
(nemo outis) says...
> In article <Lll6d.275208$Fg5.251822@attbi_s53>, "HB2"
> <(E-Mail Removed)> wrote:
> >Sometimes I write e-mails using a web based format (yahoo). When the e-mail
> >is of a personal issue I use megaproxy because it is SSL. Our PCs at work
> >have Windows 2000. Is it safe to assume that my e-mails are kept private
> >from my employer since they are sent using SSL? Does Winodws 2000 Server
> >have monitoring tools built in or would our employer have to purchase such
> >monitoring tools seperately?
> >
> >Also, its my understanding that using a keyboard log program is illegal.
> >Is this correct?
> >
> >Thanks

>
>
> Ignore the nascent Nazis who thrill to tell you you will be fired
> for sending email from work, etc. ****, never mind your internet
> habits, in the fascist US you can be fired for ANY reason or NO
> reason - most contracts of employment are "at will." Most of
> the rest of the world is more civilized.


This is true, in most states you can be fired without reason. In the
other states, you can be fired for ANY reason.

> You are not a medieval serf. You are selling your services for
> money. There is a reciprocal benefit. Your company should value
> your services and it would cost them a lot of money to replace
> you. You should not rip the company off by excessive use of
> company facilities for personal matters, but the company should,
> in turn, not try to run the company like a Dickensian sweatshop.
>
> If they have so little regard for you as to disregard your
> privacy then you are better off without them. They don't need to
> continuously shine a flashlight up your ass to make sure you are
> working - they can manage by results. (A dusty old book I once
> read said: By their fruits ye shall know them.)


You have no privacy when using the company services or anything else
that belongs to the company - except the bathroom stall, if there is a
door on it. You should not expect any privacy except in the bathroom.
It's people that steal company services and materials that have cause
this level of monitoring in the workplace.

> Yes, you will get rants here and elsewhere about how you owe
> every second of your existence to the company and that if you so
> much as go to the can they have the right to check if there is a
> turd in the bowl in case you were just malingering. You decide
> if you're willing to live like that - I'm not.


You only OWE the company the time they pay you for, but they don't owe
you any relaxation time while you are at work (unless your contract
provides for it). You also can't use company resource for personal use
without their express permission, when it's against company policy. You
really need to understand that there is nothing that the company OWES
YOU, you get paid for working, that's the entire contract.

> But before the inevitable flames begin from the net-nazis who
> revel in the vicarious thrill of telling you that you will not
> just be fired but burned at the stake in the company parking lot,
> let's discuss mechanics.
>
> Encrypted communications ove the company net is one way but while
> they cannot check content they can know you are doing it. So let
> me explain two alternatives:
>
> 1. Get an (ordinary analog) modem and surf out on the fax
> line. There are prudential issues about being unobtrusive, not
> hogging the line, etc. but any reasonable person will quickly
> figure these out for himself.


Yea, good idea, tie up the FAX line why playing around at work, see what
happens when someone is missing a fax that was just sent, or when they
try to send a fax but the line is busy because the person connected in
between the fax and the outlet instead of to the daisychain port from
the fax.

See what happens when they see the 100' tel-co cable running from the
fax machine to your location.

> 2. Get a digital modem (not an ordinary analog one - you'll
> fry it!) and surf out through the company PBX system. Yeah,
> they're a bit pricey - life's a bitch! But it is very, very rare
> for companies to monitor this.


Since most PBX systems monitor lines and generate USE reports, you're
going to have to explain the time sooner or later.

> There are more sophisticated methods of actually using the
> company internet but I will not describe them here.


And everyone of them will get you caught red-handed and the reaction
from the company MAY including firing you.


--
--
(E-Mail Removed)
(Remove 999 to reply to me)
 
Reply With Quote
 
Jim Watt
Guest
Posts: n/a
 
      10-16-2004
On Sat, 16 Oct 2004 20:56:23 GMT, nemo (E-Mail Removed) (nemo outis)
wrote:

<bullshit sniped>

A) Buy your own computer, pay for an internet
connection and use the Internet at home in your own time

B) Rob a bank, its more profitable than stealing at work.

Option a) is legal but does not result in an extended stay
in all-in residential accomodation
--
Jim Watt
http://www.gibnet.com
 
Reply With Quote
 
Ant
Guest
Posts: n/a
 
      10-16-2004
"Leythos" wrote...
> In article <XVfcd.117846$a41.79640@pd7tw2no>, nemo (E-Mail Removed)
> (nemo outis) says...


>> in the fascist US you can be fired for ANY reason or NO
>> reason - most contracts of employment are "at will." Most of
>> the rest of the world is more civilized.

>
> This is true, in most states you can be fired without reason. In the
> other states, you can be fired for ANY reason.


I'm glad I don't work in the US then. In the UK you could have them
for unfair dismissal if they couldn't come up with a valid reason.

[snip]

> You only OWE the company the time they pay you for, but they don't owe
> you any relaxation time while you are at work (unless your contract
> provides for it).


This is not true for the UK. You are entitled to regular comfort
breaks if your work involves staring at a computer screen for most of
the day, irrespective of any contract.

[snip]
> there is nothing that the company OWES YOU, you get paid for
> working, that's the entire contract.


Again this is not true in the UK. Various health and safety
regulations, and other laws, come into play. The company owes you a
comfortable, safe, and hassle-free working environment.


 
Reply With Quote
 
Leythos
Guest
Posts: n/a
 
      10-16-2004
In article <cks7am$phj$(E-Mail Removed)>, (E-Mail Removed)y says...
> "Leythos" wrote...
> > In article <XVfcd.117846$a41.79640@pd7tw2no>, nemo (E-Mail Removed)
> > (nemo outis) says...

>
> >> in the fascist US you can be fired for ANY reason or NO
> >> reason - most contracts of employment are "at will." Most of
> >> the rest of the world is more civilized.

> >
> > This is true, in most states you can be fired without reason. In the
> > other states, you can be fired for ANY reason.

>
> I'm glad I don't work in the US then. In the UK you could have them
> for unfair dismissal if they couldn't come up with a valid reason.


It would be nice if they had to give a reason, but they don't in most
cases. This is what makes it great for workers and employers alike -
people work hard they get to keep their job (most of the time), people
that are slackers get fired (most of the time).


> [snip]
>
> > You only OWE the company the time they pay you for, but they don't owe
> > you any relaxation time while you are at work (unless your contract
> > provides for it).

>
> This is not true for the UK. You are entitled to regular comfort
> breaks if your work involves staring at a computer screen for most of
> the day, irrespective of any contract.


You are entitled to breaks in the US also, but nothing says the company
has to provide you with internet access to non-company related sites.
Everyone is entitled to get up, walk outside, stretch their arms/legs,
but you can't just punch a hole in the firewall and expect them to say,
well - since you were on break it's ok.

> [snip]
> > there is nothing that the company OWES YOU, you get paid for
> > working, that's the entire contract.

>
> Again this is not true in the UK. Various health and safety
> regulations, and other laws, come into play. The company owes you a
> comfortable, safe, and hassle-free working environment.


And those are also the same in the US, but they have nothing to do with
stealing company resources or subverting company policy.

--
--
(E-Mail Removed)
(Remove 999 to reply to me)
 
Reply With Quote
 
nemo outis
Guest
Posts: n/a
 
      10-16-2004
In article <(E-Mail Removed)>, Jim Watt <(E-Mail Removed)_way> wrote:
>On Sat, 16 Oct 2004 20:56:23 GMT, nemo (E-Mail Removed) (nemo outis)
>wrote:
>
><bullshit sniped>
>
>A) Buy your own computer, pay for an internet
> connection and use the Internet at home in your own time
>
>B) Rob a bank, its more profitable than stealing at work.
>
>Option a) is legal but does not result in an extended stay
>in all-in residential accomodation



So tell me, Jim, where do you buy those nifty brown shirts of
yours? - you know, the ones with the epaulets and insignias and
all.

Regards

PS As I predicted, the vicarious enforcers of pettiness have
already come out of the woodwork.



 
Reply With Quote
 
nemo outis
Guest
Posts: n/a
 
      10-16-2004
In article <ztS8d.24$(E-Mail Removed)>, Wimbo <wimbo_online@_REMOVETHIS_hotmail.com> wrote:
...snip...
>
>[QUOTE FROM FINJAN WEBSITE]
>FinJan SSL 1Box™
>This solution enables threat analysis of encrypted SSL/HTTPS traffic and
>enforces SSL certification.
>SSL 1Box™ decrypts SSL/HTTPS traffic and reveals the original data,
>allowing Internet 1Box™ or another security proxy to perform security
>analysis and defend against hidden attacks. Furthermore, the device
>maintains role based policies to allow/block access of SSL traffic carrying
>an invalid certificate. SSL 1Box™ maintains confidentiality and preserves
>user privacy
>[/END_QUOTE]
>
>The only way to find out if your company has such a device is to examine
>the SSL certificate and find out who issued it.


Only the terminally stupid do not examine certificates and
independently verify them for the encrypted proxies they use.
Moreover, sensible folks do not keep them in their certificate
store at work (which might be tampered with) but use them only on
a "per session" basis (although even that is rather sloppy
practice - I prefer to boot from a Knoppix MiB CD).

Regards,

 
Reply With Quote
 
nemo outis
Guest
Posts: n/a
 
      10-17-2004
In article
<(E-Mail Removed)>, Leythos
<(E-Mail Removed)> wrote:
...snip...
>You have no privacy when using the company services or anything else
>that belongs to the company - except the bathroom stall, if there is a
>door on it. You should not expect any privacy except in the bathroom.
>It's people that steal company services and materials that have cause
>this level of monitoring in the workplace.


No, it has very little to do with folks stealing company services
and materials. For comparison, most companies shrug off
stationery shrinkage. A manager who made a fuss about any other
than a flagrant case would not just be regarded as a martinet but
laughed at as a bloody fool.

No, where it is not based on paranoia, suspicion, and a
pathological desire for micro-control (still uncommon but
unfortunately becoming more prevalent as the US slides ever
further to the right) corporate-net-nazism has far more to do
with company liability for harassment and so forth. Companies
have supinely acceded to the 20-year PC trend of vicarious
liability for everything their employees do. It's just part of a
larger trend of "blaming everyone else for everything that
happens in one's life" that has led to the the US being one of
the most lawyer-infested litigious societies on earth.

As for the rest of the world, it is more civilized. Not just as
a matter of customary usage but by legal right, employees have a
right to privacy except where there is a compelling need to the
contrary. And notice must be given of any monitoring.

The thought that you give up all human dignity, including all
right to privacy, when you are at work is mostly a US aberration.
The rest of us are not in bondage or serfdom: we sell our labour,
not our souls. The level of surveillance many USians are subject
to on the job is greater than that in some prisons! That USians
put up with such **** is amazing.


>> Yes, you will get rants here and elsewhere about how you owe
>> every second of your existence to the company and that if you so
>> much as go to the can they have the right to check if there is a
>> turd in the bowl in case you were just malingering. You decide
>> if you're willing to live like that - I'm not.

>
>You only OWE the company the time they pay you for, but they don't owe
>you any relaxation time while you are at work (unless your contract
>provides for it). You also can't use company resource for personal use
>without their express permission, when it's against company policy. You
>really need to understand that there is nothing that the company OWES
>YOU, you get paid for working, that's the entire contract.


You owe them a fair day's work for a fair day's pay. No amount
of lawyerly verbiage turns a man into a robot - unless he lets
it, of course, which is what you urge.

But here's my suggestion: Since you owe the company your full
unremitting energies while at work, they should have the right to
video-tape you ****ing the wife Sunday night, lest your
overenthusiastic exertions leave you not ready to put forth your
best efforts Monday morning. After all, you OWE it to the
company.

...snip...

>And everyone of them will get you caught red-handed and the reaction
>from the company MAY including firing you.


I love it when the dander of a sysadmin is raised and he goes
into his "spy versus spy" story of how you will certainly be
caught and flaying alive will be the minimum penalty.

No, that isn't how it works. I've been doing this for decades
(as an engineering consultant to dozens and dozens of firms from
large to small) without ever being caught. In all but a few
cases, security budgets are thin and shrinking, and the sysadmins
are ignorant, grossly overworked, and don't have time to scratch,
let alone detect and suppress folks who use a modicum of skill
and judgment in bypassing the rules.

Don't believe me? Well I've got an "existence proof" for you:
the gigantic number of corporate security failures that continue
to happen year after year.

Regards,

PS While it varies from company to company, for instance,
the PBX system is often not even part of the remit of the
computer sysadmins - it's often in some other department, such as
office services or the like. A modest effort in research and
preparation will quickly reveal such security holes and lapses in
a particular organization.

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Re: IE surfing OK on dialup doesn't work on wireless HELP! Jack \(MVP-Networking\). Wireless Networking 1 12-15-2006 11:20 AM
surfing other sites within a page Bill HTML 8 02-01-2005 09:40 PM
Amazing what one can learn whilst surfing Richard HTML 5 12-28-2004 10:57 PM
Pix logon page comes up when surfing to some sites Chris Gumm Cisco 1 12-05-2003 08:43 PM
Asp.net web application fails to Access db after surfing for awhile mark ASP .Net 2 10-30-2003 05:02 PM



Advertisments