Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > Blocking Yahoo Messenger With Firewall??

Reply
Thread Tools

Blocking Yahoo Messenger With Firewall??

 
 
Jim Seavey
Guest
Posts: n/a
 
      12-04-2005
I am very disappointed in your replies.

You have yet to tell me how you would know what someone was doing if
they had an SSH connection running.

If it is NOT against company policy to use SSH then I do not see how
you could possibly say that someone had violated company policy while
using SSH - UNLESS you know for a FACT what they are doing with the SSH
stream it seems to me that there is no way for you do declare that a
person has violated company policy.

I thought perhaps that you knew something about SSH that I or others on
the list did not - specifically how to monitor what was going on in the
data stream. This is the only way you could possibly know what they are
doing.

If you choose to reply, please leave out all the extraneous comments
about other applications and what they do or do not do. This whole
thread was based on violation of company policies and the ability to
have an employee dismissed for the use of SSH in a way that violated
company policy.

I am not trying to give you a hard time, but I am interested in knowing
how you could know what someone is doing within the SSH data stream, as
I stated above.

I am not aware of anyone who has been able to "see" what is going on
inside an SSH data stream. Having someone dismissed from their job is
not a trivial issue and in so doing the "data" that you would provide
would have to be beyond reproach. To date you have not been able to
demonstrate that you can provide data of this nature in relation to SSH
data streams.

Curiously yours,

Jim


Moe Trin wrote:

> On 2 Dec 2005, in the Usenet newsgroup alt.computer.security, in
> article <(E-Mail Removed)>, Jim Seavey wrote:
>
> > So, what you are saying is that it is against your company policy to
> > use ssh.

>
> No
>
> > And, you never did respond about how you would know what someone was
> > doing? In my example, I did not even suggest the use of a tunnel but
> > that is what you chose to reply.

>
> Great - give an example. Include a brief description of the persons's
> job, what their normal contacts are, and why this new use of SSH (or
> any other encrypted traffic) is needed.
>
> > So, please tell me how you would know what I was doing with ssh? How
> > would you know if I was doing company business or something else?

>
> Please tell me how you know that the driver of that parked car ahead
> is going to open the door without seeing you in the mirror.
>
> > I did not see much of a response to this. I have never worked
> > anywhere that prevented people from working on company business at
> > home.

>
> Actually that is a very common requirement of government contracts.
> This is NOT relating to security, but paid hours and specifics
> relating to place of performance. There are also insurance and
> possibly tax issues.
>
> Working from home is one thing - and it may or may not be allowed by
> your company. Other SSH traffic may be controlled depending on why it
> might be needed. Talking to a vendor (or prospective vendor) site?
> That's one end of the spectrum - the other might be connecting to a
> proxy in a third country (How would that be know? Guess). It depends
> on what is "normal".
>
> > Yes, we can go into proprietary issue but for the sake of this
> > discussion lets just say that it is not an issue.

>
> At this facility - remember, we're R&D - that killed it right there. I
> know there are similar restrictions at several of the other facilities
> within the company that I've worked at/with.
>
> > As for my attorney, this case has already been won.

>
> Glad to hear it.
>
> > Until you can tell me that you can determine what I was doing with
> > ssh you have no way of knowing if I was violating one of the company
> > policies or not, unless the use of the application itself is a
> > violation - but if this were the case why would the company have it
> > on the computer in the first place?

>
> There used to be a MS-DOS game that had a hot-key arrangement that
> suspended the game, and popped up a shot of a Lotus 123 spread sheet
> - and damned if Lotus hadn't wedged - none of the "normal" keys
> worked, and you had to reboot to get the computer running. If the
> "intruder" went away, there was a hot-key combination that restored
> the game. I imagine it fooled a few bosses, until the boss ragged on
> the IT guy to fix this constant crashing. (We'll ignore the idiot
> who was using it at a place that didn't have 123 installed on that
> computer.)
>
> I won't say what would be going on here, but perhaps you shouldn't be
> waving that red flag trying to attract attention to the traffic from
> your computer. Remember, it belongs to the company, and is provided
> for company use, with company provided software. If that's different
> from where you work, well, good for you.
>
> Old guy




--
http://www.norseaodyssey.com
See the Contact Us page

NorSea Odyssey
Around The World by BMW Motorcycle
http://www.norseaodyssey.com
"Yeah, I have a hair stylist. His name's helmet."
"If Bill Gates had a nickel for every time Windows crashed....Oh, wait,
he does!"
 
Reply With Quote
 
 
 
 
NCN
Guest
Posts: n/a
 
      12-04-2005
On 4 Dec 2005 18:08:46 GMT, "Jim Seavey" <(E-Mail Removed)>
wrote:

>I am very disappointed in your replies.
>
>You have yet to tell me how you would know what someone was doing if
>they had an SSH connection running.
>
>If it is NOT against company policy to use SSH then I do not see how
>you could possibly say that someone had violated company policy while
>using SSH - UNLESS you know for a FACT what they are doing with the SSH
>stream it seems to me that there is no way for you do declare that a
>person has violated company policy.
>
>I thought perhaps that you knew something about SSH that I or others on
>the list did not - specifically how to monitor what was going on in the
>data stream. This is the only way you could possibly know what they are
>doing.
>
>If you choose to reply, please leave out all the extraneous comments
>about other applications and what they do or do not do. This whole
>thread was based on violation of company policies and the ability to
>have an employee dismissed for the use of SSH in a way that violated
>company policy.
>
>I am not trying to give you a hard time, but I am interested in knowing
>how you could know what someone is doing within the SSH data stream, as
>I stated above.
>
>I am not aware of anyone who has been able to "see" what is going on
>inside an SSH data stream. Having someone dismissed from their job is
>not a trivial issue and in so doing the "data" that you would provide
>would have to be beyond reproach. To date you have not been able to
>demonstrate that you can provide data of this nature in relation to SSH
>data streams.
>
>Curiously yours,
>
>Jim
>
>
>Moe Trin wrote:
>
>> On 2 Dec 2005, in the Usenet newsgroup alt.computer.security, in
>> article <(E-Mail Removed)>, Jim Seavey wrote:
>>
>> > So, what you are saying is that it is against your company policy to
>> > use ssh.

>>
>> No
>>
>> > And, you never did respond about how you would know what someone was
>> > doing? In my example, I did not even suggest the use of a tunnel but
>> > that is what you chose to reply.

>>
>> Great - give an example. Include a brief description of the persons's
>> job, what their normal contacts are, and why this new use of SSH (or
>> any other encrypted traffic) is needed.
>>
>> > So, please tell me how you would know what I was doing with ssh? How
>> > would you know if I was doing company business or something else?

>>
>> Please tell me how you know that the driver of that parked car ahead
>> is going to open the door without seeing you in the mirror.
>>
>> > I did not see much of a response to this. I have never worked
>> > anywhere that prevented people from working on company business at
>> > home.

>>
>> Actually that is a very common requirement of government contracts.
>> This is NOT relating to security, but paid hours and specifics
>> relating to place of performance. There are also insurance and
>> possibly tax issues.
>>
>> Working from home is one thing - and it may or may not be allowed by
>> your company. Other SSH traffic may be controlled depending on why it
>> might be needed. Talking to a vendor (or prospective vendor) site?
>> That's one end of the spectrum - the other might be connecting to a
>> proxy in a third country (How would that be know? Guess). It depends
>> on what is "normal".
>>
>> > Yes, we can go into proprietary issue but for the sake of this
>> > discussion lets just say that it is not an issue.

>>
>> At this facility - remember, we're R&D - that killed it right there. I
>> know there are similar restrictions at several of the other facilities
>> within the company that I've worked at/with.
>>
>> > As for my attorney, this case has already been won.

>>
>> Glad to hear it.
>>
>> > Until you can tell me that you can determine what I was doing with
>> > ssh you have no way of knowing if I was violating one of the company
>> > policies or not, unless the use of the application itself is a
>> > violation - but if this were the case why would the company have it
>> > on the computer in the first place?

>>
>> There used to be a MS-DOS game that had a hot-key arrangement that
>> suspended the game, and popped up a shot of a Lotus 123 spread sheet
>> - and damned if Lotus hadn't wedged - none of the "normal" keys
>> worked, and you had to reboot to get the computer running. If the
>> "intruder" went away, there was a hot-key combination that restored
>> the game. I imagine it fooled a few bosses, until the boss ragged on
>> the IT guy to fix this constant crashing. (We'll ignore the idiot
>> who was using it at a place that didn't have 123 installed on that
>> computer.)
>>
>> I won't say what would be going on here, but perhaps you shouldn't be
>> waving that red flag trying to attract attention to the traffic from
>> your computer. Remember, it belongs to the company, and is provided
>> for company use, with company provided software. If that's different
>> from where you work, well, good for you.
>>
>> Old guy

Ok, let me jump back in here. ' Winged' or anyone else wish to post up
their policies at their companies so I can get a feel for what they
should be like and maybe use parts of them.

I started the thread and had no idea it would go this long. I was
trying to block Yahoo Messenger with a firewall was the start, but
policy seemed to be the best way to control the problem and would
appreciate a look at some policies you guys use.

As for termination.... I guess it depends on which state you are in,
but olny a FEW states require a reason. Most don't. I saw on a show
like 60 Minutes that employees were being terminiated for smoking
cigerettes. Not at work... at home!!! And they have no recourse.
Gone!!

So if you are in one of those states, SHH or not you are gone!

NaCN
 
Reply With Quote
 
 
 
 
Ken Ward
Guest
Posts: n/a
 
      12-05-2005
On 4 Dec 2005 18:08:46 GMT, "Jim Seavey" <(E-Mail Removed)>
wrote:

>I am very disappointed in your replies.
>
>You have yet to tell me how you would know what someone was doing if
>they had an SSH connection running.
>
>If it is NOT against company policy to use SSH then I do not see how
>you could possibly say that someone had violated company policy while
>using SSH - UNLESS you know for a FACT what they are doing with the SSH
>stream it seems to me that there is no way for you do declare that a
>person has violated company policy.
>
>I thought perhaps that you knew something about SSH that I or others on
>the list did not - specifically how to monitor what was going on in the
>data stream. This is the only way you could possibly know what they are
>doing.
>
>If you choose to reply, please leave out all the extraneous comments
>about other applications and what they do or do not do. This whole
>thread was based on violation of company policies and the ability to
>have an employee dismissed for the use of SSH in a way that violated
>company policy.
>
>I am not trying to give you a hard time, but I am interested in knowing
>how you could know what someone is doing within the SSH data stream, as
>I stated above.
>
>I am not aware of anyone who has been able to "see" what is going on
>inside an SSH data stream. Having someone dismissed from their job is
>not a trivial issue and in so doing the "data" that you would provide
>would have to be beyond reproach. To date you have not been able to
>demonstrate that you can provide data of this nature in relation to SSH
>data streams.
>
>Curiously yours,
>
>Jim
>
>
>Moe Trin wrote:
>
>> On 2 Dec 2005, in the Usenet newsgroup alt.computer.security, in
>> article <(E-Mail Removed)>, Jim Seavey wrote:
>>
>> > So, what you are saying is that it is against your company policy to
>> > use ssh.

>>
>> No
>>
>> > And, you never did respond about how you would know what someone was
>> > doing? In my example, I did not even suggest the use of a tunnel but
>> > that is what you chose to reply.

>>
>> Great - give an example. Include a brief description of the persons's
>> job, what their normal contacts are, and why this new use of SSH (or
>> any other encrypted traffic) is needed.
>>
>> > So, please tell me how you would know what I was doing with ssh? How
>> > would you know if I was doing company business or something else?

>>
>> Please tell me how you know that the driver of that parked car ahead
>> is going to open the door without seeing you in the mirror.
>>
>> > I did not see much of a response to this. I have never worked
>> > anywhere that prevented people from working on company business at
>> > home.

>>
>> Actually that is a very common requirement of government contracts.
>> This is NOT relating to security, but paid hours and specifics
>> relating to place of performance. There are also insurance and
>> possibly tax issues.
>>
>> Working from home is one thing - and it may or may not be allowed by
>> your company. Other SSH traffic may be controlled depending on why it
>> might be needed. Talking to a vendor (or prospective vendor) site?
>> That's one end of the spectrum - the other might be connecting to a
>> proxy in a third country (How would that be know? Guess). It depends
>> on what is "normal".
>>
>> > Yes, we can go into proprietary issue but for the sake of this
>> > discussion lets just say that it is not an issue.

>>
>> At this facility - remember, we're R&D - that killed it right there. I
>> know there are similar restrictions at several of the other facilities
>> within the company that I've worked at/with.
>>
>> > As for my attorney, this case has already been won.

>>
>> Glad to hear it.
>>
>> > Until you can tell me that you can determine what I was doing with
>> > ssh you have no way of knowing if I was violating one of the company
>> > policies or not, unless the use of the application itself is a
>> > violation - but if this were the case why would the company have it
>> > on the computer in the first place?

>>
>> There used to be a MS-DOS game that had a hot-key arrangement that
>> suspended the game, and popped up a shot of a Lotus 123 spread sheet
>> - and damned if Lotus hadn't wedged - none of the "normal" keys
>> worked, and you had to reboot to get the computer running. If the
>> "intruder" went away, there was a hot-key combination that restored
>> the game. I imagine it fooled a few bosses, until the boss ragged on
>> the IT guy to fix this constant crashing. (We'll ignore the idiot
>> who was using it at a place that didn't have 123 installed on that
>> computer.)
>>
>> I won't say what would be going on here, but perhaps you shouldn't be
>> waving that red flag trying to attract attention to the traffic from
>> your computer. Remember, it belongs to the company, and is provided
>> for company use, with company provided software. If that's different
>> from where you work, well, good for you.
>>
>> Old guy

It is not the use of SSH, per se, that will get you fired (unless you
company has a policy statement along the lines of "unauthorised
establishment of an encrypted tunnel is prohibited"). It is the
implication that you are probably in breach of other corporate
policies, the investigation of which will lead to your dismissal. For
example, most companies have policies against unauthorised
installation of software. If the corporate image does not have the
software in it to establish a SSH tunnel, you would be in breach of
that policy because you would have had to load your own software to
establish the tunnel.
Since most users would not have SSH tunnels (or the knowledge of how
to set them up) the presence of one is a readily monitored flag
condition. The follow up is to start closely monitoring your computer
according to corporate guidelines, which almost certainly includes
mnonitoring your keyboard, downloading your log files (& making sure
everything gets logged), etc. Pretty soon, the security people will
know why you are using an SSH tunnel. If it appears to be legitimate
usage, your manager would be approached to authorise its use. If you
are p browsing, or doing other activities not permitted under
corporate policy, then that evidence will be used to dismiss you, not
the SSH usage.
Incidently, if it is legitimate for you to work from home, most
companies will supply laptops with standard corporate images on them.
These usually contain modified tunnelling software allowing encrypted
links only between your computer & a standard list of other IP
addresses; your home computer is unlikely to be on it.
 
Reply With Quote
 
Moe Trin
Guest
Posts: n/a
 
      12-05-2005
On 4 Dec 2005, in the Usenet newsgroup alt.computer.security, in article
<(E-Mail Removed)>, Jim Seavey wrote:

>I am very disappointed in your replies.


Then fire me.

>You have yet to tell me how you would know what someone was doing if
>they had an SSH connection running.


You seem determined to ignore some rather strong hints. Does your job
REQUIRE or even authorize you to be using SSH (or indeed, any encrypted
traffic) to this or that address? Yes? Then "this" may happen. No? Then
"something else" may happen. If your employer doesn't care, then good
for you. That "something else" might range from a casual question at
lunch, on up to film crews installing cameras to watch your keystrokes
and display, installation of (or activation of pre-installed) key loggers,
or any level in between. In case you haven't figured it out, this is highly
dependent on what your employer has deemed appropriate. What may or may
not happen at my company is totally irrelevant to you.

>I am not trying to give you a hard time, but I am interested in knowing
>how you could know what someone is doing within the SSH data stream, as
>I stated above.


You really don't get it. The computer you are using at work does not
belong to you any more than the network. Your employer can (provided
they have warned you in advance in a written policy) install any software
they want, and can take disciplinary action if you try to alter it, or
if you try to install extra software. They also _could_ install stuff
without prior warning of any kind - but that's outside the scope.

>I am not aware of anyone who has been able to "see" what is going on
>inside an SSH data stream.


The normal technique is to "see" it before it enters the stream, or
after it exits.

>Having someone dismissed from their job is not a trivial issue and in so
>doing the "data" that you would provide would have to be beyond reproach.


Discuss it with your lawyer. They don't have to show the _contents_ of
the data stream. If necessary, they might show film of you logging in
to a non-business site - or show that you are running an application
that was not installed by the company.

Old guy
 
Reply With Quote
 
Moe Trin
Guest
Posts: n/a
 
      12-05-2005
On Sun, 04 Dec 2005, in the Usenet newsgroup alt.computer.security, in article
<(E-Mail Removed)>, NCN wrote:

>Ok, let me jump back in here. ' Winged' or anyone else wish to post up
>their policies at their companies so I can get a feel for what they
>should be like and maybe use parts of them.


I can't do that for my company - NDA and all that - and anyway, what my
company may do may not be suitable for you. Really, the pointers to the
state labor relations site is a very good start. What ever you wind up
creating has to be reviewed by the company, starting with bosses, and
HR, and ending up with the company lawyers. They are the ones who have
to defend it, so they will have the final say.

>As for termination.... I guess it depends on which state you are in,
>but olny a FEW states require a reason. Most don't. I saw on a show
>like 60 Minutes that employees were being terminiated for smoking
>cigerettes. Not at work... at home!!! And they have no recourse.
>Gone!!


While my company does have several facilities in California, and some of
that law had an influence on the policy, my understanding is that the
policy for US facilities is the same everywhere, though I'm not the
authority on this obviously.

>So if you are in one of those states, SHH or not you are gone!


It would probably be more loosely defined as 'unauthorized use' or
some similar words. As long as it's not discriminatory (and you can
be sure the lawyers would scream about that), they don't have to
specify EXACTLY what set of keystrokes brought down the ax.

Old guy
 
Reply With Quote
 
Moe Trin
Guest
Posts: n/a
 
      12-05-2005
On Mon, 05 Dec 2005, in the Usenet newsgroup alt.computer.security, in article
<(E-Mail Removed)>, Ken Ward wrote:

>It is not the use of SSH, per se, that will get you fired (unless you
>company has a policy statement along the lines of "unauthorised
>establishment of an encrypted tunnel is prohibited").


Actually, it need not even mention a tunnel - encryption alone is
usually enough of a description. People seem to forget that SSH isn't
the only game in town.

>Since most users would not have SSH tunnels (or the knowledge of how
>to set them up) the presence of one is a readily monitored flag
>condition. The follow up is to start closely monitoring your computer
>according to corporate guidelines, which almost certainly includes
>mnonitoring your keyboard, downloading your log files (& making sure
>everything gets logged), etc. Pretty soon, the security people will
>know why you are using an SSH tunnel.


Depends on how paranoid the company may be - that "Pretty soon" could be
exceptionally short - meaning seconds.

>If it appears to be legitimate usage, your manager would be approached
>to authorise its use.


The authorization would NORMALLY occur before the actual use - again,
this is a function of the paranoia level. In any case, it's the old
"what is normal" verses "what is abnormal". Our kitchen staff have
internet access - but if I were to see an encrypted connection out
of that computer, I would have instant reason to question why, and
to look at it VERY closely.

>Incidently, if it is legitimate for you to work from home, most
>companies will supply laptops with standard corporate images on them.
>These usually contain modified tunnelling software allowing encrypted
>links only between your computer & a standard list of other IP
>addresses; your home computer is unlikely to be on it.


Working from home is usually under some pretty well defined rules of
what can and can not be done. For example, I can't store any company
document at home. If I need to consult a document, or create one, the
application doing so is on the system(s) at work, not at home. All I
am running is a remote terminal session. Further, I can only
establish the connection from home to work - not vice-versa. But then
if I'm not storing company data at home, why would I need to access
the home site from work? Finally, when you do connect from home, you
do NOT connect directly to your workstation, but into an access server.
We're using a networked file system to make backups easy, so there
shouldn't be any data on the workstations anyway. Fundamental concepts
of security, but some people don't understand that.

Old guy
 
Reply With Quote
 
Jim Seavey
Guest
Posts: n/a
 
      12-05-2005
WOW!

Why are you insulting me?

I have done nothing to insult you.

I have asked some rather simple, straight forward questions that you
still have not answered.

AS for me, I "get it" (your words, not mine) just fine.

I have not seen anything in this thread that asked what you were doing
at your company. There was a rather general question asked in the
beginning that you replied to.

All I have done is ask you to provide information about the response
that you made.

I do not really care about your company and what you do or do not do
there. I am interested in the technical aspects of how you would know
what someone using SSH is doing.

I have enumerated the conditions associated with SSH use for this
conversation twice and see no need to repeat that.

I am still waiting for the answer to my questions.

Jim

Moe Trin wrote:

> On 4 Dec 2005, in the Usenet newsgroup alt.computer.security, in
> article <(E-Mail Removed)>, Jim Seavey wrote:
>
> > I am very disappointed in your replies.

>
> Then fire me.
>
> > You have yet to tell me how you would know what someone was doing if
> > they had an SSH connection running.

>
> You seem determined to ignore some rather strong hints. Does your job
> REQUIRE or even authorize you to be using SSH (or indeed, any
> encrypted traffic) to this or that address? Yes? Then "this" may
> happen. No? Then "something else" may happen. If your employer
> doesn't care, then good for you. That "something else" might range
> from a casual question at lunch, on up to film crews installing
> cameras to watch your keystrokes and display, installation of (or
> activation of pre-installed) key loggers, or any level in between. In
> case you haven't figured it out, this is highly dependent on what
> your employer has deemed appropriate. What may or may not happen at
> my company is totally irrelevant to you.
>
> > I am not trying to give you a hard time, but I am interested in
> > knowing how you could know what someone is doing within the SSH
> > data stream, as I stated above.

>
> You really don't get it. The computer you are using at work does not
> belong to you any more than the network. Your employer can (provided
> they have warned you in advance in a written policy) install any
> software they want, and can take disciplinary action if you try to
> alter it, or if you try to install extra software. They also could
> install stuff without prior warning of any kind - but that's outside
> the scope.
>
> > I am not aware of anyone who has been able to "see" what is going on
> > inside an SSH data stream.

>
> The normal technique is to "see" it before it enters the stream, or
> after it exits.
>
> > Having someone dismissed from their job is not a trivial issue and
> > in so doing the "data" that you would provide would have to be
> > beyond reproach.

>
> Discuss it with your lawyer. They don't have to show the contents of
> the data stream. If necessary, they might show film of you logging in
> to a non-business site - or show that you are running an application
> that was not installed by the company.
>
> Old guy




--
http://www.norseaodyssey.com
See the Contact Us page

NorSea Odyssey
Around The World by BMW Motorcycle
http://www.norseaodyssey.com
"Yeah, I have a hair stylist. His name's helmet."
"If Bill Gates had a nickel for every time Windows crashed....Oh, wait,
he does!"
 
Reply With Quote
 
Nick
Guest
Posts: n/a
 
      12-06-2005

"Jim Seavey" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> WOW!
>
> Why are you insulting me?
>
> I have done nothing to insult you.
>
> I have asked some rather simple, straight forward questions that you
> still have not answered.


I read all Old Guy's posts and I feel he is being way patient with you and
you should thank him for his time.

>
> AS for me, I "get it" (your words, not mine) just fine.
>
> I have not seen anything in this thread that asked what you were doing
> at your company. There was a rather general question asked in the
> beginning that you replied to.
>
> All I have done is ask you to provide information about the response
> that you made.


He already did although you are not asking politely!

>
> I do not really care about your company and what you do or do not do
> there. I am interested in the technical aspects of how you would know
> what someone using SSH is doing.


I think it is you insulting him!

>
> I have enumerated the conditions associated with SSH use for this
> conversation twice and see no need to repeat that.
>
> I am still waiting for the answer to my questions.


I personally think it will be totally out of topic, but the best person to
ask that question it will be yourself.
If someone gets caught breaking into a car, asking for details on how (s)he
did it, is irrelevant!

Nick




 
Reply With Quote
 
Moe Trin
Guest
Posts: n/a
 
      12-06-2005
On 5 Dec 2005, in the Usenet newsgroup alt.computer.security, in article
<(E-Mail Removed)>, Jim Seavey wrote:

>Why are you insulting me?


>>>I am very disappointed in your replies.


I'm very disappointed in yours. Read the first paragraph again, and
tell me why you fail to understand that if someone sees something
out of the ordinary, they may investigate it - perhaps quite extensively.

>I am interested in the technical aspects of how you would know
>what someone using SSH is doing.


Read the first paragraph again. Can't figure out how? Here:

>>That "something else" might range from a casual question at lunch, on
>>up to film crews installing cameras to watch your keystrokes and
>>display, installation of (or activation of pre-installed) key loggers,
>>or any level in between.


What part of that don't you understand?

>I am still waiting for the answer to my questions.


Re-read the above. It's really simple. If you do something to attract
attention, you should not be surprised when you get that attention. What
might attract that attention? Anything. Anything at all that is not cast
in concrete normal. And it might even be a random chance that it's your
turn to have your traffic analyzed, perhaps as a training session for a
new admin.

Also, please understand that you have no authority to demand an answer
from anyone on Usenet. If you think that the last statement of yours that
I quote is not a demand, then think further.

Old guy
 
Reply With Quote
 
Jim Seavey
Guest
Posts: n/a
 
      12-08-2005
Well, I guess I should not be suprised at your latest response.

To date all you have done is fire back with insults.

You continue to ignore the basic premise of my original questions and
do nothing but tell me that I don't get it.

You tell me to "read the first paragraph again, and
> tell me why you fail to understand that if someone sees something
> out of the ordinary, they may investigate it - perhaps quite
> extensively."


To bad this has absolutely nothing to do with the questions I have
asked.

Please don't reply with more insults. I'm worn out and have real work
to do. Bottom line is that you do NOT have any idea of what is going on
inside an SSH stream and if using SSH is not against the company policy
there is no way you can report someone for violating company policy.

Bye

Moe Trin wrote:

> On 5 Dec 2005, in the Usenet newsgroup alt.computer.security, in
> article <(E-Mail Removed)>, Jim Seavey wrote:
>
> > Why are you insulting me?

>
> > > > I am very disappointed in your replies.

>
> I'm very disappointed in yours. Read the first paragraph again, and
> tell me why you fail to understand that if someone sees something
> out of the ordinary, they may investigate it - perhaps quite
> extensively.
>
> > I am interested in the technical aspects of how you would know
> > what someone using SSH is doing.

>
> Read the first paragraph again. Can't figure out how? Here:
>
> > > That "something else" might range from a casual question at
> > > lunch, on up to film crews installing cameras to watch your
> > > keystrokes and display, installation of (or activation of
> > > pre-installed) key loggers, or any level in between.

>
> What part of that don't you understand?
>
> > I am still waiting for the answer to my questions.

>
> Re-read the above. It's really simple. If you do something to attract
> attention, you should not be surprised when you get that attention.
> What might attract that attention? Anything. Anything at all that is
> not cast in concrete normal. And it might even be a random chance
> that it's your turn to have your traffic analyzed, perhaps as a
> training session for a new admin.
>
> Also, please understand that you have no authority to demand an answer
> from anyone on Usenet. If you think that the last statement of yours
> that I quote is not a demand, then think further.
>
> Old guy




--
http://www.norseaodyssey.com
See the Contact Us page

NorSea Odyssey
Around The World by BMW Motorcycle
http://www.norseaodyssey.com
"Yeah, I have a hair stylist. His name's helmet."
"If Bill Gates had a nickel for every time Windows crashed....Oh, wait,
he does!"
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
need help while designing yahoo messenger like yahoo and msn , like on meebo.com checoo C++ 0 12-25-2006 02:33 PM
unable to restore or maximise msn messenger, windows messenger, orwindows live messenger. anthonyberet Computer Support 0 10-08-2006 01:01 PM
Yahoo Messenger/Yahoo Chat Rooms! Sseaott Computer Support 3 06-15-2004 05:36 PM
restricting MSN Messenger, Yahoo Messenger, and POP3 access Donald Oldag Cisco 0 03-07-2004 06:08 AM
MSN Messenger, Yahoo! Messenger and ....? Jones Computer Information 2 10-24-2003 01:23 AM



Advertisments