matt.bowey

I am well aware that my boss could find out where I have surfed, but could he actually see the pages when i input my bank login passwords (hence gain them), then my account details. Can he see the content of my hotmail e-mails?????

Puff The Magic Wagon!

iTrader: (2)

If it is typed on your work server, then info to & from is possible to record.

Don't worry about your bank account 'cos they pay you (well sometimes ) & they have more money than you & its not worth the pennies to work out your financial affairs. Its when you try to set yourself up on your own or try & do an underhand management buyout that you are at risk.

Email/web from home & use a mobile if you are truly paranoid. Either that or become the Gatekeeper

matt.bowey

So the top IT man can grab the bank login information for all employees?????? Kinda puts a mockery on the "secure" sites advertised by the banking community!!

Any IT administrators out there and care to lay down some facts?

Puff The Magic Wagon!

iTrader: (2)

Well I for one can't be ar$ed

All our employees are made aware that we have the <I>ability</I> to do so and are encouraged to come to their own decisions regarding items of privacy.

I haven't yet had the inclination to go looking nor the need to nor been instructed by my boss to.

We also record all telephone calls in and out of the office and everyone knows that too. Most people have a mobile

matt.bowey

Glad to see your company makes its employees aware. Mine has left things rather vague!!

Recording calls, now thats a bit ruff!!! I know my firm cant do that, but i'm sure they will be able to when the system gets upgraded!

Puff The Magic Wagon!

iTrader: (2)

In theory yes

Whether they can be ar$ed to trawl through the lot to look for it is another matter...

Essentially, anything that you submit through your company servers is recordable & the replies you get. That includes webmail type accounts.

If you have smething to talk about that is private, don't do it at work.

KF

Surely SSL means that it isn't possible to get the info. If we are talking about online banking, all (to the best of my knowledge) use secure connections.
Or am I talking ****?
KF.

ChrisB

I've played with a product called Little Brother and it's most impressive. It packet snifs the traffic on the network and can give a real time display of what sites are being visited.

<BLOCKQUOTE><font size="1" face="Verdana, Arial">quote:<HR>Real-time Monitoring
Gain immediate insight into who 's surfing where NOW with the Real-Time Monitor window. Configured with multi-level views (including: page, category, allow/denied, client name, user, etc) and color coded categories for easy visibility and analysis. Hyperlink capabilities also allow you to simultaneously browse sites that are being monitored. <HR></BLOCKQUOTE>

ChrisB

In terms of cracking SSL traffic...

A special called computer called Deep Crack was built for over £100k for cracking keys. It can find and break a 40bit key in sub 10 seconds. A 128bit key would take it over million years.

To see what level of SSL is being used on Internet Explorer, hover your mouse over the yellow padlock in the status bar at the bottom of the screen.

ChrisB.

Robertio

iTrader: (1)

<BLOCKQUOTE><font size="1" face="Verdana, Arial">quote:<HR>Originally posted by matt.bowey:
<B>So the top IT man can grab the bank login information for all employees?????? Kinda puts a mockery on the "secure" sites advertised by the banking community!!

Any IT administrators out there and care to lay down some facts?[/quote]

As far as they are concerned they are secure, as from your connection out they are, it is up to you to ensure the part between your pc and your connection.

The same as a cashline machine is secure because you need your card and passcode to get money out, but if you give this to someone else so they can get money (essentially the same thing as connecting through your works server) they cannot guarantee this other person will only take out what you asked them to.

boomer

Matt,

it is not just the internet, your company could theoretically trace EVERYTHING that you do on your PC (Hotmail included). There was a hoax a year or so ago about the fact that they could even turn your microphone on and record your conversations. Although it was a(n old) hoax, it could be done

I would never submit bank account passwords, PINs or whatever through your company systems - both for security reasons, and the fact that it could be a misuse of company assets (depending on your Ts&Cs).

mb

mattski

It gets worse, there is some pretty nasty (if cool) software around they can use that means they don't even need to sniff or trace the data to/from your computer. They can literally see what you are typing as and when you do it. This also extends to what you click on, what you download and upload etc... you could be being watched and not even know it

logiclee

Not an IT man myself but the IT department is under my control.
We can remotely view any user of the network, around 120, just as if we were stood at their monitor. I believe the software is by Novelle.

We also log all web sites visited and e-mails sent.

Cheers
Lee

dsmith

128 SSL traffic is as safe as you can get. It is encrypted between your PC and the web-site.

Whilst the web-site you are using can be tracked the info on the pages can't.

There is software to record key strokes and mouse clicks which can be used to replay a seesion at a later date so that for example user names and passwords could be found.

NatWest on-line banking have recently changed to a system which asks for random letters from your password so that at no time do you type your entire password for just this reason

I personally consider this safer than using a touch tone phone to enter a passcode for you banking info.

Nothing is ever 100% secure

Dean

mattski

it gets worse version II !

don't forget that our government, not to mention the yanks, can look at *everything*.

Remember that film, Enemy of the State... some of it defo far-fetched but some not so.

I've got a friend who was a comms expert in the RAF and the stuff he has talked about is really scarey, the goverment record all international phone calls, can image process faxs on the fly as they go through the systems, can grab e-mails and website traffic, encrypted or not, and wireless comms makes it really easy for them...

The yanks are worse from all accounts.

If you want to see a really interesting system take a look at 'Carnivore',

IWatkins

Nice little program that might or might not have been used at a place I may or may not work:

camk

There are now new privacy laws that actually restrict what your company can look at, or risk a MAJOR fine.
Regardless of who's time or equipment or whatever it is there are specific rules they must follow regarding computer forensics, unless your some mad perv its more problematic(cost/time comsuming) for them to do something official.
Most companies also allow 'limited' personal usage and effectively opens the gates as what does limited or reasonable mean.
If there is NO policy then its even less restrictive, no policy = open door. Any good solicitor will beat them dead, most people who are on the pervy side of the net of course want to just walk if they get caught. I'd happily go to court for using scoobynet, well why not I could get a note from me Mum.

Cheers
Cammy

JackClark

My favorite toy looks like a keyboard connector/adaptor but records keypresses. There's a review here

Mike Burton

Reminds me of an incident a few years ago when I worked for another company. One of the company directors was always complaining about crap connectivity to the net. Eventually it got to the point where I was "told" to sort it out. Anyway, I turned on accounting on one of the Cisco WAN routers at his office, and left it for a day. Came back the next day, ran the output through a sort in "usage", and looked at the results. At the top of the list was one IP address which was using vast amounts of b/w compared to anyone else. Whats more, it was to one or two specific websites. You can probably guess by now.....
Pointed my browser at the IP's and found some very very hard core **** sites. So I put the results into a nice little report and mailed it back in the same high profile manor (i.e cc the everyman and his dog) of "your network is crap" by the director who complained in the first place.

Guess who's face turned bright red when the source IP address was published?

Strange, never heard a complaint after that.

Puff The Magic Wagon!

iTrader: (2)

camk

Hence why we tell our users that they can only use the work email/internet facility on the understanding that it may be monitored. If they have a problem with that, then they are restricted to what they can do to work related only.

Not watertight but it puts the onus back on the employee, so that he/she has a duty of care, not us.

From a management point of view, its almost scary what $hit an employee can get the company & directors into for something that may have no relation to work at all Especially scary is what potential damage someone can do a company who drives a motor-car

So rein them in before they can do that damage!



(PS - We're actually quite a chilled company to work for!)

camk

Puff,
I can see now why they made you a moderator LOL

DavidBrown

I tell every new employee that I can and <B>do</B> read their incoming/outgoing E-mails.

I argue that as they leave the building during lunch, everything done at their desks is paid work and should be professional.

As my Dad always said to me.. if you've done nothing wrong, you've got nothing to worry about..

I also have a monitor to my left hand side which shows me what sites are being accessed by the staff here. Again, that knowledge means they don't even try to slack.

KF

David
Are they a happy bunch though?
Just wondered..
KF.

DavidRB

Agreed. If my employer told me that they could and did read my E-mails, they'd soon be reading E-mails with CV attachments...

Puff The Magic Wagon!

iTrader: (2)

Camk



But I only moderator on the RS & Evo forums - mind you, they can be unruly

David

Email me the name of that software - I like that!

KF

I bet they are. The law is laid out for both sides to know. I bet Davids a relaxed and happy indevidual as long as no-one takes the P & rewards his people accordingly.

DavidBrown

<BLOCKQUOTE><font size="1" face="Verdana, Arial">quote:<HR>Originally posted by KF:
<B>David
Are they a happy bunch though?
Just wondered..
KF.[/quote]

They don't know any different; It's not like I've revoked a privilege they once had.

As for being happy, they seem so. I've not lost any staff. They've all had nice holidays and got great cars - The younger types in the office get paid far more than their mates do, so yes, they're happy I'd say.

They don't expect to work without pay and I don't expect them to be paid and not work.

Don't get me wrong, we do have a laugh and a joke in the office - but we're here for a reason.

[This message has been edited by DavidBrown (edited 30 July 2001).]

LanCat

It's all about balance... We monitor to protect not to spy or interfere.

Using company resources for personal reasons is not allowed and is part of their contract.

I monitor everything and the people here know I do. They also trust me to behave responsibly with that information, if they didn't then I wouldn't last 5 minutes.

Will they get fired for searching for a holiday during their lunchbreak? Probably not... but if they are "underperforming" then it's another bullet in HR's gun.

Whether we like it or not organisations have to protect themselves from being sued for slagging off the competition, allowing **** or other defamatory material or just paying people to p*ss around on the net all day.

DavidLewis

<BLOCKQUOTE><font size="1" face="Verdana, Arial">quote:<HR>Originally posted by DavidBrown:
<B>I also have a monitor to my left hand side which shows me what sites are being accessed by the staff here. Again, that knowledge means they don't even try to slack.[/quote]

Who monitors the monitor, Dave

KF

You are right. The upside to not being trusted would have to be good.

I would question why my boss / sys admin can post on Scoobynet during the day, but I can't check my bank balance

KF.

matt.bowey

Well all jobs have perks............