RE: Re: chat logs

From: Stephen Alford (stephena_at_sbspros.net)
Date: 05/17/05

  • Next message: Artiman: "Mobile Media Security" 
    To: "'Melissa Fischer'" <Melissa.Fischer@NorthMemorial.com>, <david@clicksee.net>, <ANTHONY.D.BUNDSCHUH@saic.com>, <security-basics@securityfocus.com>
Date: Tue, 17 May 2005 11:58:24 -0700

    Hello again to all,
    This thread has definitely run its course.

    Melissa, pleased don't confuse computer literacy with emotional involvement.
    We all should try to filter the technology from the legal & moral issues in
    a home-based scenario. Again, a balance needs to be struck when assessing
    the whole situation, but I'll always err on the side of being
    over-protective vs. invasion of privacy rights (better safe than sorry).

    Please let's put this chat to bed.

    Best wishes,

    Stephen Alford, MCT, MCSE+Security, CCNA, CCDA, ASE
    Director, Partner Practices & Solutions, SBS Pros
    Email: stephena@sbspros.net

    -----Original Message-----
    From: Melissa Fischer [mailto:Melissa.Fischer@NorthMemorial.com]
    Sent: Tuesday, May 17, 2005 10:42 AM
    To: david@clicksee.net; ANTHONY.D.BUNDSCHUH@saic.com; stephena@sbspros.net;
    security-basics@securityfocus.com
    Subject: RE: Re: chat logs

    Anthony, thank you for your response, obviously there are people monitoring
    this log who are not as computer literate as I and yourself.

    Not only is it allowed by law, it is done on a regular basis, I work in the
    Health Care industry which is heavily controlled by regulations as to what
    people can and cannot be viewing, and in my capacity of Database
    Administrator, I have the security rights to view anything about anyone,
    however, my employment responsibilities are different and I only view what
    is necessary for me to do my job. Employers not only can, they DO monitor
    your computers and day to day activities, including limiting the email you
    can and cannot "completely" delete.

    Thanks for speaking up.

    Melissa Fischer
    Database Administrator
    Data and System Engineering
    North Memorial Health Care
    763/520-1533
    melissa.fischer@northmemorial.com

    >>> "Bundschuh, Anthony D" <ANTHONY.D.BUNDSCHUH@saic.com> 5/17/2005 10:41:42
    AM >>>
    Hate to burst your bubble, but your boss is perfectly able and allowed by
    law to view your email and web browsing history.

    -----Original Message-----
    From: David [mailto:david@clicksee.net]
    Sent: Monday, May 16, 2005 8:22 PM
    To: 'Stephen Alford'; 'Melissa Fischer'; security-basics@securityfocus.com
    Subject: RE: Re: chat logs

    I must disagree with this line from Ms. Fischer- 'if they are doing nothing
    wrong, then there is nothing to hide and have "private".'

    How would you respond if your boss wanted to read your email and monitor the
    web sites you went to and read your IM's under the same philosophy?

    I love my wife and she loves me and we trust each other greatly and yet she
    still doesn't want to poop if I'm in the bathroom even though there is
    nothing 'wrong' going on. :) i.e. even children deserve some privacy.

    Choosing their friends and having relationships with those friends is part
    of growing up and learning to socialize and keeping total control over that
    will stagnate that process. Balance is the key word here I think and
    monitoring communications considered private is going to far just as having
    a child carry an electronic listening device would be going too far.

    I agree with Mihai's sentiment. How about the parents explain to the kids
    what the security situation is and go through the emails and chat logs
    together? Maybe even show the kids how to run searches using scripts and
    teach them some computer stuff?

    An interesting dilemma as to how far to go with things. I think it's a bit
    different with K-12 kids though. With a kindergartener, yeah, the parents
    should probably just go ahead and search through their files unasked. With a
    12 year old that could really touch off a fire-storm.
    "Dad, how could you just totally violate my privacy like that?"

    -----Original Message-----
    From: Stephen Alford [mailto:stephena@sbspros.net]
    Sent: Saturday, May 14, 2005 3:05 AM
    To: 'Melissa Fischer'; security-basics@securityfocus.com
    Subject: RE: Re: chat logs

    Melissa, Mihai, et al,
    I can see both sides, as a father of 3 teens and a sec pro. We all went
    thru our trials and tribulations as teens and I loved and related well with
    my parents. However, I certainly had moments I preferred keeping between me
    and my peers. I know there were experiences, real & virtual, that I didn't
    consider WRONG but still kept from my parents. Looking back on this with
    perspective, I can understand my kids need for privacy, and I also
    understand my parental need to ensure they are protected from inadvertently
    choosing BAD options. It is one of our greatest challenges to balance these
    needs appropriately.

    Thus, like any seasoned sec pro, make sure you assess the whole situation
    before applying your solution (and you DON'T NEED TO BE A PARENT TO FOLLOW
    THIS).

    My 2c worth.

    Stephen Alford, MCT, MCSE+Security, CCNA, CCDA, ASE Director, Partner
    Practices & Solutions, SBS Pros
    Email: stephena@sbspros.net

    -----Original Message-----
    From: Melissa Fischer [mailto:Melissa.Fischer@NorthMemorial.com]
    Sent: Friday, May 13, 2005 8:50 AM
    To: security-basics@securityfocus.com
    Subject: Fwd: Re: chat logs

    FYI

    Melissa Fischer
    Database Administrator
    Data and System Engineering
    North Memorial Health Care
    763/520-1533
    melissa.fischer@northmemorial.com

    >>> Melissa Fischer 5/13/2005 10:49:39 AM >>>
    I understand your concern, apparently you must not be a parent.
    I have raised 3 sons, 24, 20 and now an 8 year old. Teenagers talk to EACH
    OTHER, not to their parents.
    Our parents HAVE personally talked to their children, looking at files on
    their computers is not taking away their privacy, if they are doing nothing
    wrong, then there is nothing to hide and have "private".

    Melissa Fischer
    Database Administrator
    Data and System Engineering
    North Memorial Health Care
    763/520-1533
    melissa.fischer@northmemorial.com

    >>> Mihai Amarandei <mihai@xmcopartners.com> 5/13/2005 9:45:28 AM >>>
    I'm glad too se everyone helping out to find the logs and giving advice on
    how to search those teen-agers web history.
    Just me(and this has nothing to do with security), but wouldn't it be better
    that each parent asked directly its children about such incidents

    instead of searching and digining through their logs and web history?
    I for one wouldn't like it that my parents knew all my browsing and chatting
    habbits, and I think this is the case for most of today's persons. Teens are
    as ,uch entitled to their privacy "apriori" as anyone

    else in my opinion.
    I know all I've said has not much to do with security (actually it has to do
    with privacy), but neither is searching for logs.
    I'm not trying to undermine the importance of the threat and the gravity

    of the situation, I just don't think such an intrusion of privacy would be a
    good answer.

    Mihai
    Blog: http://secinternship.blogspot.com

    Melissa Fischer wrote:

    >Our community, Waconia, Minnesota has recently been the victims of
    >threats against our children and schools.
    >http://www.startribune.com/stories/462/5399090.html
    >
    >The Emergency Response Task Force assigned to our case asked parents to
    >go home and check their kids computers for any chats or emails with
    >information.
    >
    >We are trying to find a document explaining where and what to look at
    >to find any information. We would like to post this on our school main
    >page www.waconia.k12.mn.us for a resource for parents to use on how to
    >find any information. Can you tell me where to find this information?
    >
    >Thank you in advance,
    >
    >
    >
    >Melissa Fischer
    >Database Administrator
    >Data and System Engineering
    >North Memorial Health Care
    >763/520-1533
    >melissa.fischer@northmemorial.com
    >
    >
    > 

    -- 
Mihai Amarandei-Stavila - Xmco Partners
Consultant Sécurité / Test d'intrusion
tel  : 33 1 47 34 68 61
web  : http://www.xmcopartners.com 
Villa Gabrielle 75015 PARIS
  • Next message: Artiman: "Mobile Media Security"

    Relevant Pages

    • Re: Re: chat logs
      ... In my home, I am the corporation, my kids have a right to privacy but I am ... Most things private are best left private for ... OTHER, not to their parents. ...
      (Security-Basics)
    • RE: Re: chat logs
      ... "The kids who did made the threats did it for attention, ... Safety of the children is the priority here, not the privacy of the ... OTHER, not to their parents. ...
      (Security-Basics)
    • Re: FW: Re: chat logs
      ... they can access your emails, ... privacy just flew out the window. ... With a kindergartener, yeah, the parents ... > From: Melissa Fischer ...
      (Security-Basics)
    • RE: Re: chat logs
      ... Subject: chat logs ... How about the parents explain to the ... how could you just totally violate my privacy like that?" ...
      (Security-Basics)
    • RE: Re: chat logs
      ... Subject: chat logs ... How about the parents explain to the kids ... how could you just totally violate my privacy like that?" ...
      (Security-Basics)