Please Scroll Down to See Forums Below
napsgear
genezapharmateuticals
domestic-supply
puritysourcelabs
UGL OZ
UGFREAK
napsgeargenezapharmateuticals domestic-supplypuritysourcelabsUGL OZUGFREAK

Ethics Question: IT Dept

  • Thread starter Thread starter Code
  • Start date Start date
C

Code

Guest
As I've mentioned in the past, we have a "Big Brother" approach to monitoring our network.

We have a proxy server to monitor where folks go, we really only block a few minor things. SO it's mostly for when/if a manager wants to see what her/his employees have been up to.

I was poking around the proxy and discovered that not only do cookies get cached on the end-user's machine, but also our proxy. Meaning, if a user goes to check their yahoo mail, we can open their inbox.

You can see where this is going. Now I trust my guys, and for the most part we don't give a shit where people browse. Should I invest time to prevent the caching of cookies on our proxy, do I send out an e-mail that warns people of this?

Or should I just let it go?
 
Code said:
As I've mentioned in the past, we have a "Big Brother" approach to monitoring our network.

We have a proxy server to monitor where folks go, we really only block a few minor things. SO it's mostly for when/if a manager wants to see what her/his employees have been up to.

I was poking around the proxy and discovered that not only do cookies get cached on the end-user's machine, but also our proxy. Meaning, if a user goes to check their yahoo mail, we can open their inbox.

You can see where this is going. Now I trust my guys, and for the most part we don't give a shit where people browse. Should I invest time to prevent the caching of cookies on our proxy, do I send out an e-mail that warns people of this?

Or should I just let it go?
Click to expand...

You should let people know.

I would prevent caching of cookies on the proxy, but it's really a company policy issue.
 
I would send out an e-mail and let them know at least. That'll really mess with them and make them paranoid to do anything that remotely even thinks about entering the yellow zone.
 
I would NOT send out the email. It's an unnecessary panic. Anytime a user has a problem with their private they're going to come hollering 'what did YOU do to their account?'. I'd try to stop it from happening.
 
Dial_tone said:
I would NOT send out the email. It's an unnecessary panic. Anytime a user has a problem with their private they're going to come hollering 'what did YOU do to their account?'. I'd try to stop it from happening.
Click to expand...

The employees need to be reminded or told that what they're doing is monitored and how visible it is. It has more to do with an expecation of privacy.

Most people in companies know their corporate email is open game and that the web sites they browse are open game. Few if any are aware of the issues with cookies...
 
I ALWAYS assume the employer can read all my emails, including web-based ones.

if i'm worried --- i'd get that EF secure email thing they sell. :)
 
Well, they sign an agreement every year. And I send out reminder e-mails regarding acceptable use (and that we monitor everything closely) at least once per quarter.

I wasn't aware that it allowed proxy admins to access their webmail, which as far as I'm concerned is private and exclusive of work.

I'll probably figure out a way to either remove the caching or something.

strongsmartsexy said:
The employees need to be reminded or told that what they're doing is monitored and how visible it is. It has more to do with an expecation of privacy.

Most people in companies know their corporate email is open game and that the web sites they browse are open game. Few if any are aware of the issues with cookies...
Click to expand...
 
Well, you know how saavy your user base is...if I were to send out an e-mail trying to explain that to my users, they'd either ignore it because they don't understand it, or panic.

You could add something to your policy that as part of internet usage monitoring, files containing usernames and passwords to third party sites may be retained, and that security of any information sent to third party sites cannot be guaranteed.

Really, I can't think of any reason you'd WANT that information, unless you were concerned about the company's intellectual property being sent outside the company. In that case, you'd then have a legitimate reason to track that information.
 
Razorguns said:
I ALWAYS assume the employer can read all my emails, including web-based ones.

if i'm worried --- i'd get that EF secure email thing they sell. :)
Click to expand...


Having spent years in desktop support, most people are lucky to find the Power button, much less be aware of cookies. All they're going to hear is "you're reading my personal email!!!!!!!!!!!!!"
 
Dial_tone said:
Having spent years in desktop support, most people are lucky to find the Power button, much less be aware of cookies. All they're going to hear is "you're reading my personal email!!!!!!!!!!!!!"
Click to expand...

Yes, but a company has to protect itself from a legal perspective. Whether they understand the issues or not...
 
If proxy cookies can open the users email accounts....
Can you also access their stock brokerage accounts , cash out their investments and mail the cash to an offshore bank account ?
If we're going to be unethical, we might as well make it worthwhile.
 
SSL and TLS sessions require not only a cookie but also a key, which the proxy does not cache.

But it does cache chat room and bulletin board usernames.



john937 said:
If proxy cookies can open the users email accounts....
Can you also access their stock brokerage accounts , cash out their investments and mail the cash to an offshore bank account ?
If we're going to be unethical, we might as well make it worthwhile.
Click to expand...
 
Of course you can read their email. If the data is coming through YOUR pipeline -- YOU own it.

Do you think the US Government allows FBI/NSA etc. folks to use hotmail w/o any controls. Imagine if they used that to send out personal national security information. They can and DO check *everything* that goes in/out. Corporations can do exactly the same. Otherwise someone could use that as a loophole to send out source code or credit card info.
 
I'm fully aware of what I *can* do.

But what I'm asking isn't related to my company's policy, but more or less how to implement that policy.

I don't think users need to know the extent of our monitoring. Simply that it is all monitored. I'll just patch the caching problems and hope it doesn't break something in the process.

:verygood:


Razorguns said:
Of course you can read their email. If the data is coming through YOUR pipeline -- YOU own it.

Do you think the US Government allows FBI/NSA etc. folks to use hotmail w/o any controls. Imagine if they used that to send out personal national security information. They can and DO check *everything* that goes in/out. Corporations can do exactly the same. Otherwise someone could use that as a loophole to send out source code or credit card info.
Click to expand...
 
I'll use X10 controllers hooked into a nice little java script, good enough for ya?

Y_Lifter said:
Web based robotic control of said cameras ?
Click to expand...
 
Code said:
Funny thing is, I was just looking up prices on some X10 based stuff for my house.
Click to expand...


Ebay is the best place to get X-10 stuff (but their cameras suck... crappy CMOS sensors)
 
You must log in or register to reply here.

Similar threads

Darren330
China supplies internationally: peptides, steroids (EU, UK, Singapore, Malaysia, Thailand, Taiwan)
Replies
5
Views
862
the_alcatraz
the_alcatraz
UGL OZ
Diamond Supplier TGA - Blocked Website Message
Replies
2
Views
433
pigsy
pigsy
UGL OZ
Platinum Supplier [UGL OZ] Back In Stock: Mast E, Mast P, Rip Blend
Replies
7
Views
1K
abolone
abolone
UGL OZ
TGA - Blocked Website Message
Replies
0
Views
543
UGL OZ
UGL OZ
Liquid Gold Labs
  • Sticky
Silver Supplier 💎 Liquid Gold Labs Updates + Announcements 💎
Replies
9
Views
2K
pigsy
pigsy
Top Bottom