Re: Surfing at Work

From: David Q F (dfosdike_at_elders.com.n!o!s!p!a!m.AU)
Date: 10/02/04


Date: Sat, 2 Oct 2004 10:14:40 +0930

Mark,

Thanks for your comments,

"Mark Landin" <mark.landin@tdwilliamson.com> wrote in message
news:l5bol0h4a1hsmqn1h7g9mooorq0c4deddq@4ax.com...
> On Thu, 30 Sep 2004 10:38:03 +0930, "David Q F"
> <dfosdike@elders.com.n!o!s!p!a!m.AU> wrote:
>
> >"HB2" <bgreer24@comcast.net> wrote in message
> >news:Lll6d.275208$Fg5.251822@attbi_s53...
> >> Sometimes I write e-mails using a web based format (yahoo). When the
> >e-mail
> >> is of a personal issue I use megaproxy because it is SSL. Our PCs at
work
> >> have Windows 2000. Is it safe to assume that my e-mails are kept
private
> >> from my employer since they are sent using SSL? Does Winodws 2000
Server
> >> have monitoring tools built in or would our employer have to purchase
such
> >> monitoring tools seperately?
> >>
> >> Also, its my understanding that using a keyboard log program is
illegal.
> >> Is this correct?
> >>
> >> Thanks
> >>
> >>
> >
> >My $.02 worth. I am in Australia. Our corporate security policy
disallows:
> >- Web based email. Reason: The mail and its attachments do not pass
through
> >our firewall (as email) or antivirus.
>
> You don't have desktop anti-virus protection?

Yes we do.
The main problem here is organisations that have a large number of desktop
clients. A new virus entering from the Internet via email has a window of
opportunity until it's signature is deployed to everyone of them - this can
take days, even weeks. Disallowing web-based email for SMTP blocking every
executable, or anything known to carry an executable including .zips and
'whitelist' what you want to get through also helps - users soon fall into
line.

>
> >- Unauthorised encryption of email including smime and pgp. Reason:
Again
> >the difficulty is with checking content for fraud, theft or malware.
>
> Very valid.
>
> >- Unauthorised inspection of email by IT admins. Reason: Its a people
> >problem and only HR can authorise inspection.
>
> Also very valid. IT should not abuse their authorized access.
>
> >It does allow reasonable personal use of email - this discourages (but
> >doesn't cut out) abuse.
>
> Similar to the phone on your desk.
>
> >One other thought I've had is that the use of Baysean Inference for Spam
> >filtering could be extended for other purposes like automated checking
for
> >commercial espionage, fraud and other abuses without human inspection.
>
> The problem is that a legitimate business email and a illicit one have
> basically the same content. What makes one legit and one illicit is
> mainly the recipient, not what it says. That would be hard to
> automate, I would think.
>
> Likely the best one could do is say "the following emails sent this
> week referenced the Secret Omega Project" and some person would have
> the vet that whole list, checking senders and recipients against a
> known-good-list, for possible improper activity. That would be pretty
> labor-intensive.
>
>

I think you underestimate the power of Bayesean inference. Time will tell -
at present I don't have time to test it.

David



Relevant Pages

  • Re: interesting use of NEXT SENTENCE vs. CONTINUE
    ... > My point is that calling a valid extension "abuse" because it is an EXTENSION ... No one called anything abuse for the reason of being an extension. ... it is "abuse" BECAUSE the standard disallows it ... NEXT SENTENCE in an END-IF lack of context. ...
    (comp.lang.cobol)
  • Re: interesting use of NEXT SENTENCE vs. CONTINUE
    ... My point is that calling a valid extension "abuse" because it is an EXTENSION ... Standard) and some negatively. ... Standard DISALLOWS. ...
    (comp.lang.cobol)
  • Re: interesting use of NEXT SENTENCE vs. CONTINUE
    ... > What I disagree with (while certainly NOT saying you can't say it) is ... > "A NEXT SENTENCE in the same IF as an END-IF is abuse because the ... > standard specifically disallows it" ...
    (comp.lang.cobol)
  • Re: Surfing at Work
    ... > You don't have desktop anti-virus protection? ... Only if one can get authorisation for mail encryption. ... IT should not abuse their authorized access. ... Many companies monitor private phone use and have you pay a reasonable ...
    (alt.computer.security)