TER General Board

Keep It simpleteeth_smile
Donner Party Animal 1429 reads
posted

Before sending emails to providers over the company's email, ask yourself this :  what i am about to write and send, if this was written on paper in clear English and seen by the wrong parties, how would that play out?  Your answer dictates your decision.  Wheter they actual message is red, or just the email address, you don't want to have to explain things like www.NAMBLA.org or www.BrazilianTwinSisterMILFS.net.

As a poster above said, when in doubt, dont.  Lug your laptop around with you.  A small inconvenience for a great peace of mind.

Cheers.

When sending a yahoo e-mail through my companies internet connection, is it possible for the IT folks to read the message?  I'd like to be able to send messages which aren't intercepted and read for obvious reasons.

Landem1131 reads

for a company's "IT folks" to intercept and read ANYTHING that is done on the company's network. Google the phrase "packet sniffer."

(Well, if it's encrypted -- which yahoo email isn't -- they can intercept it but not read it! But even then, there is always the possiblity of a "keystroke logger" which captures what you type before it is encrypted.)

Whether they will or not is another question. But when in doubt ... don't.



-- Modified on 6/9/2007 4:21:30 PM

I don't think they can directly read the actual submission to Yahoo; however, there's nothing in the world stopping them from installing a keystroke-logging program on your work PC and finding out from there what you've been sending.  You should look at your company's policy on Internet usage at work, and do your best to stay within those limits; most companies recognize that limited personal usage is unavoidable, but if you spend eight hours downloading porn, you're going to get canned.  Sending a few short emails through Yahoo, or spending five minutes checking your eBay auction and the baseball scores isn't likely to draw a lot of attention, but browsing to TER or some not-very-discreetly named escort sites is a bad idea.

In general, they only check things if something has been done to raise suspicions.  IT's got better things to do than read over everyone's letters to Mom that they send through Yahoo.  However, if your boss asks them to review your activity for suspicious or inappropriate behavior, all bets are off.

Pretty much wherever you go on the internet will leave a little file on your local machine saying that you have been there.  Called a cookie.
 One of the places I worked, the first thing they did when anyone quit or was let go was make a copy of their cookies so that if anything came up later they could look for unauthorised web sites (as above, read your companies' policy) to use against the former employee if necessary.
 If you can't surf/correspond from home then consider the public library.
B

Donner Party Animal1430 reads

Before sending emails to providers over the company's email, ask yourself this :  what i am about to write and send, if this was written on paper in clear English and seen by the wrong parties, how would that play out?  Your answer dictates your decision.  Wheter they actual message is red, or just the email address, you don't want to have to explain things like www.NAMBLA.org or www.BrazilianTwinSisterMILFS.net.

As a poster above said, when in doubt, dont.  Lug your laptop around with you.  A small inconvenience for a great peace of mind.

Cheers.

Landem945 reads

But remember, if you lug it to the office and plug it into the company's network (ethernet or WiFi - no matter), you're in the same place as if you used their computer sitting on your desk.

Donner Party Animal560 reads

You are quite correct, and thank you.

Let me amend this re the laptop : "I'm betting there is a Starbucks or similar establishment near your office where you can lug your laptop and cybercommunicate in privacy. On your lunchhour, so you don't feel rushed.  And it sure as hell beats the public library, with the noisy masses and curious librarians and others possibly looking over your shouldes."

No Woman No problem968 reads

For example you use [email protected] then they can read it, but if you use other email providers like yahoo, hotmail, etc they can not read the contents of your e-mail, only the e-mail addresses (yours and the recipient’s) I would not worry about IT techies. They do not have the time to dig in your history unless they have too much time in their hands and are nosey! It takes some extra work for them to get that information.

I could be wrong but I doubt it ;o)

Landem654 reads

I agree with you that they probably won't, simply because they have better and more important things to do.

But the original question was: CAN they?

And the correct answer is: Yes, they CAN.

if they have the correct software loaded.  And more and more companies are loading it.

Anything done on company property, grounds and computers can...and often is..recorded.  Once you walk into the lobby you have NO EXPECTATION OF PRIVACY. (that's an important phrase they kept yelling at me as I was shown the door :-)   )
Company provides the computer, or even the server they have the ABSOLUTE RIGHT to view/monitor anything coming or going over said service.
Again, they usually don't , but that does NOT mean they don't have the right to.
Peace,
Fishy

Landem924 reads

For those who don't have the time to google, a packet sniffer is a program which can "see" (and if configured to do so, log to a file) ALL, or any pre-defined part, of the traffic over a network.

Thus if you read a yahoo email on a network on which such a program is running on some computer on that network, it will "see" the incoming html code which creates the yahoo email page in your web browser. And if you send an email, it will "see" the outgoing traffic which contains the text of your email.

CAN they? Emphatically, YES.

WILL they? Depends on a lot of things. Probably not - but then, you never know . . .

Landem1239 reads

the packet sniffer is only one of many ways in which an IT department can "observe" its users' activities.

He focuses on the screen. It is also possible to install software which will allow another computer to view, in real time, the contents of your screen. This is less likely, though, than a network traffic analyzer (fancy phrase for packet sniffer!)

But it brings us back to the bottom line: when in doubt, don't.

They can monitor what websites you've hit, the size an any network traffic, the amount of time you've been on, what network services you've used [web, mail, ftp, gnutella, etc.,] but they CANNOT tell what you've written in yahoo or any internet-based mail.  The most they can do is say that you've been on yahoo.com for x minutes and x amount of data that has gone back and forth.

As mentioned above they only way for them to know your content is: 1] if you've used company e-mail which all gets logged, 2] they are directly observing your computer via Timbuktu, Remote Access, etc., or 3] a keystroke logger.

Landem1270 reads

I have - and believe me, you are wrong. You can use one to see EVERY byte of EVERY packet that traverses the network.

How do you think web-based email gets to your browser and messages are sent out? Answer: packets sent over the network containing ASCII text (and a whole lot more). If one views those packets on a "sniffing" computer, one can read their contents!

As I have been saying all along, whether an IT department WOULD actually capture and analyze the content of ALL network traffic is a highly dubious proposition - even on a very small corporate network, say 10 to 15 computers, the amount of data would be HUGE - and the ROI small.

But the capabilities of packet sniffers have nothing to do with Will Smith or science fiction - they absolutely CAN be used to capture every single byte of data that goes across the network - if one is so inclined!

And if your internet usage is being investigated -- watch out!




-- Modified on 6/10/2007 8:08:05 PM

6lover92030 reads

Unless there is a complaint about your browsing habits or IT stumbles across something - needle in a haystack - the odds are very very small that IT gives a hoot. Many corporations block access to many sites (including yahoo mail, gmail) and display a window about corporate policy if you attempt to gain access. With typos in addresses rather common the number of such hits is extremely high and not worth the effort of tracking each one down.
Still the best bet is to not use your company network for anything of this nature

loopy121332 reads

It depends on a lot of factors.

If Yahoo does not display mail over an SSL session, the data would be cached on your proxy for some period of time. If you are in a sensitive or strictly regulated industry or position within your organization, that cache may persist for 24 or more hours to be archived for as long as 7 years for federal compliance (SOX/HIPAA/FISMA/whatever). This is unlikely, however.

If the session is encrypted, it would depend on the type of proxy server. Older proxies allow the SSL tunnel to exist unmolested and therefore if any data persisted on the proxy, it would be unreadable. Some newer proxies function as men in the middle and create two separate tunnels, one between you and the proxy, and one between the proxy and the destination. In that scenario, data cached on the proxy would be readable.

Either way, the addresses would be logged, so even if the data isn't readable, they know you're spending time on Yahoo mail when you should be working.

There is also your local browser's cache which would store the data until it is overwritten.

On another front, remote control software likely exists on every workstation. First level support will probably not be able to connect and view your desktop without a confirmation on your part, but others above them will typically be exempt from such requirements. If you're working in a thin client environment (RDP/ICA/VDI/whatever), it would be even easier to connect unnoticed.

The last thing that may be a threat would be key loggers. It is highly unlikely that your IT is monitoring at that level, but it is possible. Such extreme measures are typically only employed if there is a pending investigation of a specific individual.

In any case, you should be working at work and playing at home.

I have read through most of the responses to this question and for the most part I agree with Hyabby.

I work in IT and it is possible to view anything that comes uip on your screen no matter if it is you r company e-mail, personal e-mail, or websites.  If your IT person has the correct software loaded they can see anything you look at.  Some programs even allow them to view your screen in real time, without your knowledge.  I have used one of these programs and they are great.

The issue is useually the large amount of logs an IT person would have to go through to find out what an particular employee was viewing.  

The best advice I can give is not to view any websites or send an messages from work computers that you would not want your employer to see.  Otherwise someone can find it if they want to.

Firefox has a gmail add-on which supports encrypted e-mail and it's much easier to cleanup temp files, cookies, etc with Firefox. You can also use MS Outlook Express with your gmail account to send/receive encrypted e-mails.

For encrypted e-mail, you would have to have the receiver's security certificate. If you also have a certificate and you digitally sign your e-mails, others can send you encrypted e-mails.

http://www.thawte.com/secure-email/personal-email-certificates/

gives free e-mail certificates.

To answer your original question: yes the IT guys can monitor the contents of your browsing unless you are communicating over https. Yahoo mail uses http  which is clear text. Above methods would provide you some privacy but they are not bullet-proof. The best is not to send e-mails from your company network.

dragonmage1097 reads

You could always get a PDA/smartphone, like a Treo or Blackberry, to access Hotmail, Yahoo mail and gmail and never have to worry about using your company's network.

Register Now!