I e-mail my girlfriend at work from time to time. I know that companies can read their staff e-mails for legal reasons. However, are they allowed to read my e-mails to her...I have never given my permission, nor have I been warned this may take place (as in when you ring a number and they warn you that the call may be taped for training purposes, for example)? Does any one know?
e-mail privacy?
- Thread starter kev1-1
- Start date
Help Support Candle Power Flashlight Forum
Tomas
Banned
Is one of you using either a computer or bandwidth paid for by the company and intended for company use?
If the answer is yes, they have the right to limit the uses you may make of their property, and to examine the contents of messages transferred using their property.
If you are using property paid for by the company for non-company purposes there are a number of responses the company can make.
I've worked for companies that totally forbid non-work use of their tools and I've worked for one that didn't really care so long as it did not take anything away from the company (did not slow down or stop legit company use).
The company I owned considered the computers and bandwidth a simple 'benefit' that the employees could use so long as it did not in any way disrupt company business, and the use was made on their time (or their work was done). (But they damned well better not load any applications on the company machines that I personally did not pre-approve. I was CTO.)
Bottom line: How the company reacts is up to the company - the only way to know is ti check with them ...
If the answer is yes, they have the right to limit the uses you may make of their property, and to examine the contents of messages transferred using their property.
If you are using property paid for by the company for non-company purposes there are a number of responses the company can make.
I've worked for companies that totally forbid non-work use of their tools and I've worked for one that didn't really care so long as it did not take anything away from the company (did not slow down or stop legit company use).
The company I owned considered the computers and bandwidth a simple 'benefit' that the employees could use so long as it did not in any way disrupt company business, and the use was made on their time (or their work was done). (But they damned well better not load any applications on the company machines that I personally did not pre-approve. I was CTO.)
Bottom line: How the company reacts is up to the company - the only way to know is ti check with them ...
The company has a right to monitor any communications made using their equiptment, this will also include telephone calls.
She could offer the argument that she did not wish to recieve the e-mail as she would be 'busy in work' but be aware that if she replies to your e-mail she could end up getting the sack for misuse of company facilities should her boss wish to 'make an example' of somebody.
She could offer the argument that she did not wish to recieve the e-mail as she would be 'busy in work' but be aware that if she replies to your e-mail she could end up getting the sack for misuse of company facilities should her boss wish to 'make an example' of somebody.
DieselDave
Super Moderator,
Even if you have something snail mailed to you at work the company has the right to open it, at least here in Florida. So, e-mail is fair game as well. If you were wondering, the answer is Yes, my company does open all mail before distributing it and it bothers me.
KC2IXE
Flashaholic*
1)Yes, Bosses have the right to read her and your emails
2)SLIGHTLY OT - remember that ALL email is like a postcard - it's open to read to ANYONE along the path it takes - The andmistrators of any server it goes through, the guys who run the routers etc
There is a way around this - encryption. The "gold standard" is PGP or the Open Source equivilent GnuGPG. It's trong enough that unless there is an unknown flaw in the coding of PGP, or someone comes up with a fast way to factor large primes, there is no KNOWN way to crack a message is less than a few hundred million years
2)SLIGHTLY OT - remember that ALL email is like a postcard - it's open to read to ANYONE along the path it takes - The andmistrators of any server it goes through, the guys who run the routers etc
There is a way around this - encryption. The "gold standard" is PGP or the Open Source equivilent GnuGPG. It's trong enough that unless there is an unknown flaw in the coding of PGP, or someone comes up with a fast way to factor large primes, there is no KNOWN way to crack a message is less than a few hundred million years
IlluminatingBikr
Flashlight Enthusiast
- Joined
- Feb 26, 2003
- Messages
- 2,320
kev1-1,
What e-mails are you sending that you are concerned about your girlfriend's comany seeing? /ubbthreads/images/graemlins/wink.gif
What e-mails are you sending that you are concerned about your girlfriend's comany seeing? /ubbthreads/images/graemlins/wink.gif
CNC Dan
Enlightened
[ QUOTE ]
DieselDave said:
Even if you have something snail mailed to you at work the company has the right to open it, at least here in Florida. So, e-mail is fair game as well. If you were wondering, the answer is Yes, my company does open all mail before distributing it and it bothers me.
[/ QUOTE ]
That just bugs the hell out of me.
I would be tempted to send the person responsable for that policy some "scandelous" mail. Let the mail room folks spread the rumors.
DieselDave said:
Even if you have something snail mailed to you at work the company has the right to open it, at least here in Florida. So, e-mail is fair game as well. If you were wondering, the answer is Yes, my company does open all mail before distributing it and it bothers me.
[/ QUOTE ]
That just bugs the hell out of me.
I would be tempted to send the person responsable for that policy some "scandelous" mail. Let the mail room folks spread the rumors.
brightnorm
Flashaholic
- Joined
- Oct 13, 2001
- Messages
- 7,160
[ QUOTE ]
DieselDave said:
...If you were wondering, the answer is Yes, my company does open all mail before distributing it and it bothers me.
[/ QUOTE ]
Dave,
Has that always been policy or since 9/11?
Brightnorm
DieselDave said:
...If you were wondering, the answer is Yes, my company does open all mail before distributing it and it bothers me.
[/ QUOTE ]
Dave,
Has that always been policy or since 9/11?
Brightnorm
If it's a work computer, you can't rely on a program like PGP to keep the mail private. PGP stops people from intercepting email over a network, but does nothing to secure the endpoints. If the company has installed hardware or software in the computer to record your friend's keystrokes or screen images, encrypting the network traffic doesn't help at all.
Her best bet is probably just get a mobile phone, and you can send her text messages on it, or call her during her breaks.
Her best bet is probably just get a mobile phone, and you can send her text messages on it, or call her during her breaks.
Al_Havemann
Enlightened
Slightly off topic but you should all know that it's almost impossible to hide anything on a computer anyway. If the company really wants to find out, they can. If you own a home computer (and who doesn't) you should never sell or give it away with the hard disk still installed.
I perform computer forensics for a federal agency (law office). When the case requires it, I'll get a bit stream copy of a seized disk from the FBI, CIA, Secret Service, etc. Sometimes I have to look for Child porn, drug related e-mails or whatever. With the tools I have available I can peel a disk like an onion, recover things you wouldn't believe.
Everything that passes across your screen leaves a record on your hard disk, and I can probably find it. Had an nasty pop-up?, a naughty picture that you deleted, it's probably still there (or parts of it are)!. Consider carefully, the following information and remember it:
* If it was deleted I can get it back.
* If the disk was reformatted, I can get it back.
* If it was re-partitioned, I can get it back
* If it was re-partitioned and re-formatted, I can get it back.
* If it was overwritten with a wipe program that used three passes or less, I can probably get it back.
* If it was overwritten with a wipe program and the wipe program that didn't overwrite 7 times for shadow and seven times for boundary, and I can get the original disk , not a copy, I might still get it back.
When you dispose of a computer, remove the disk drive. Destroy it if you really want to be safe. Use a hammer, a BIG hammer. If a platter remains intact, it can give up information. Believe what I say.
Al
I perform computer forensics for a federal agency (law office). When the case requires it, I'll get a bit stream copy of a seized disk from the FBI, CIA, Secret Service, etc. Sometimes I have to look for Child porn, drug related e-mails or whatever. With the tools I have available I can peel a disk like an onion, recover things you wouldn't believe.
Everything that passes across your screen leaves a record on your hard disk, and I can probably find it. Had an nasty pop-up?, a naughty picture that you deleted, it's probably still there (or parts of it are)!. Consider carefully, the following information and remember it:
* If it was deleted I can get it back.
* If the disk was reformatted, I can get it back.
* If it was re-partitioned, I can get it back
* If it was re-partitioned and re-formatted, I can get it back.
* If it was overwritten with a wipe program that used three passes or less, I can probably get it back.
* If it was overwritten with a wipe program and the wipe program that didn't overwrite 7 times for shadow and seven times for boundary, and I can get the original disk , not a copy, I might still get it back.
When you dispose of a computer, remove the disk drive. Destroy it if you really want to be safe. Use a hammer, a BIG hammer. If a platter remains intact, it can give up information. Believe what I say.
Al
KC2IXE
Flashaholic*
[ QUOTE ]
Al_Havemann said:
...snip... Use a hammer, a BIG hammer. If a platter remains intact, it can give up information. Believe what I say.
Al
[/ QUOTE ]
I've always believed in melting the platters! An Oxy-acetyline torch works wonders - but a charcoal BBQ will do -Tahke the platters out, toss them on the coals when the are burning hot - 10 minutes later, you have AlOx slag. I dare ANYONE to pull data from that <g>
For REALLY paranoid data protection, you carry your OWN laptop, which is NEVER, and I mean NEVER connected to the network. You use THAT PC to encrypt the data - PGP as a start, or if you have a secure channel to the party in question, you can setup a One Time pad. Then using a BLANK floppy, you take the encrypted message OFF the encrypting PC, bring the data to the transmitting PC, and send the file. Then you immediately reformat/bulk erase the floppy that moved the data, to prevent ANY possability of a trojan coming back onto your encrypting PC
It really comes down to this. How badly do you need to secure your data? Remember, sometimes it's just easier for the attacker to compromise your physical security. Can you afford trusted armed guards to watch you PC setup 24/7? You can be compromised. There is NO such thing as PERFECT security - just "good enough" - you have to look at the cost of, say, improving your security X% vs the potential loss. As in most things, there is an 80%-20% ratio of effort/perfomance. The first 80% of the results takes 20% of the effort. To got the last 20% costs 80%
Al_Havemann said:
...snip... Use a hammer, a BIG hammer. If a platter remains intact, it can give up information. Believe what I say.
Al
[/ QUOTE ]
I've always believed in melting the platters! An Oxy-acetyline torch works wonders - but a charcoal BBQ will do -Tahke the platters out, toss them on the coals when the are burning hot - 10 minutes later, you have AlOx slag. I dare ANYONE to pull data from that <g>
For REALLY paranoid data protection, you carry your OWN laptop, which is NEVER, and I mean NEVER connected to the network. You use THAT PC to encrypt the data - PGP as a start, or if you have a secure channel to the party in question, you can setup a One Time pad. Then using a BLANK floppy, you take the encrypted message OFF the encrypting PC, bring the data to the transmitting PC, and send the file. Then you immediately reformat/bulk erase the floppy that moved the data, to prevent ANY possability of a trojan coming back onto your encrypting PC
It really comes down to this. How badly do you need to secure your data? Remember, sometimes it's just easier for the attacker to compromise your physical security. Can you afford trusted armed guards to watch you PC setup 24/7? You can be compromised. There is NO such thing as PERFECT security - just "good enough" - you have to look at the cost of, say, improving your security X% vs the potential loss. As in most things, there is an 80%-20% ratio of effort/perfomance. The first 80% of the results takes 20% of the effort. To got the last 20% costs 80%
[ QUOTE ]
Al_Havemann said:
If you own a home computer (and who doesn't) you should never sell or give it away with the hard disk still installed...
[/ QUOTE ]
This might be one of the reasons I don't find hard drives in a lot of the junked PC's I find. (gotta save those LED's /ubbthreads/images/graemlins/wink.gif )
[ QUOTE ]
...If it was overwritten with a wipe program that used three passes or less, I can probably get it back.
* If it was overwritten with a wipe program and the wipe program that didn't overwrite 7 times for shadow and seven times for boundary, and I can get the original disk , not a copy, I might still get it back.
[/ QUOTE ]
With how much time and effort?
[ QUOTE ]
When you dispose of a computer, remove the disk drive. Destroy it if you really want to be safe. Use a hammer, a BIG hammer. If a platter remains intact, it can give up information. Believe what I say.
[/ QUOTE ]
How much does reading a platter nearly destoryed hard drive cost?
As long as it doesn't have my bank or CC#'s, is it really necessary?
Al_Havemann said:
If you own a home computer (and who doesn't) you should never sell or give it away with the hard disk still installed...
[/ QUOTE ]
This might be one of the reasons I don't find hard drives in a lot of the junked PC's I find. (gotta save those LED's /ubbthreads/images/graemlins/wink.gif )
[ QUOTE ]
...If it was overwritten with a wipe program that used three passes or less, I can probably get it back.
* If it was overwritten with a wipe program and the wipe program that didn't overwrite 7 times for shadow and seven times for boundary, and I can get the original disk , not a copy, I might still get it back.
[/ QUOTE ]
With how much time and effort?
[ QUOTE ]
When you dispose of a computer, remove the disk drive. Destroy it if you really want to be safe. Use a hammer, a BIG hammer. If a platter remains intact, it can give up information. Believe what I say.
[/ QUOTE ]
How much does reading a platter nearly destoryed hard drive cost?
As long as it doesn't have my bank or CC#'s, is it really necessary?
Al_Havemann
Enlightened
[ QUOTE ]
Ratus said:
With how much time and effort?
How much does reading a platter nearly destoryed hard drive cost?
As long as it doesn't have my bank or CC#'s, is it really necessary?
[/ QUOTE ]
Ratus;
If the info was deleted, the disk reformatted or re-partitioned and reformatted, no problem. Recovery time is a few hours or less, all machine time and pretty much automated. After that, it's up to the reviewer to look and report on the findings.
If the disk was wiped or a real time wipe program was used that conformed to government standards, I'll need the original disk, not a copy since the subtle magnetic variations would not be passed to a copy. The cost is high to very high depending on what needs to be done. It may be necessary only to run the disk through a system running the recovery programs or it may require removing the heads and replacing them with very fine heads that can read boundary data and have sufficient resolution to sense shadow data. Our forensics lab can't do this type of work, we'd need to send it to a speciality lab at terrific expense.
Recovery in these modes is never complete, fragments need to be put together by the technician and reviewer. This type of recovery is never done unless the need is extreme since the cost is also extreme. You wouldn't really need to worry about someone getting your CC#'s since the cost of recovery would exceed your credit limit.
This is true today, tomorrow who knows. But you should certainly wipe a disk with at least three passes before disposing of it. As an example, a tech was charged with cc fraud. He was doing free work for a charity organization to repair donated computers. With just over the counter tools he recovered information and CC#'s etc. A simple wipe program would have prevented that from happening.
I recently had quite a long conversation with a friend who has first hand knowledge of an industrial espionage incident. Information from either his company or an affiliate (he wouldn't say which) was sold to a competitor. An employee was charged and his home computer was seized for examination.
The machine was subjected to a standard forensic examination using a bit copy of the disk. Although nothing incriminating was found, the disk appeared to have been cleaned by a wipe utility. A wipe utility cleans deleted files, file slack, ram slack and unallocated space by over writing those spaces with specific data designed to eliminate prior information. Some utilities are more efficient than others but few rewrite more than 3 times due to the time involved unless specifically configured to do so. These utilities can either run stand alone or as a real time background task.
Wipe utilities also remove deleted entries from the file allocation table to destroy file back pointers. This disk had all the signs of being wiped since there were no indications of it having any deleted data although the OS and other information on it were several years old.
Since there was a lot of money at stake, next the original disk, not a copy, was then sent to a recovery lab where it was subjected to techniques called "Border and Shadow data" recovery. Although the lab determined that the disk had been "wiped" by a three pass real time cleaning program, the recovery techniques were successful in reconstructing sufficient data for a successful prosecution.
When a zero bit is written to a disk, it is weaker if the prior bit stored in that location was a one than if it was a zero. Equipment exists that can detect this difference and reconstruct the "Shadow Data" despite the wiping. A second technique causes the read head to "jiggle" around each bit looking for differences at the border or bit edges caused by the head not hitting exactly the same spot each time it writes the bit.
It takes a wipe program at least seven passes with specific data patterns being written to eliminate the "Shadow" data and seven more using a wipe program designed to "jiggle" the head during the write to eliminate "Border" data. On a 20gb disk, this would take many, many hours.
It is possible for these recovery techniques to recover multiple, valid data streams from the same locations on a disk.
It is interesting to note that these techniques cannot be used on a bit stream copy since they are totally dependent on very subtle differences in the magnetic structure of the original disk. Reconstructed data is written to a second disk to avoid damaging the original.
In my company, I instituted a policy when I began my employment to remove and dismantle or destroy the disk drives when disposing of equipment.
Paulr;
You asked what tools are used. I use the Forensics Toolkit (FTK) from Access Data, EnCase by Guidance Software, a hardware based bit stream copy tool and tons of other utilities. These are expensive packages ($2000.00 and up per user) and not easy to purchase anyway.
Data recovery in the legal world is useless unless the examiner is a certified professional. This isn't cheap at all, it can easily cost tens of thousands of dollars to acquire the necessary credentials and expertise to qualify the examiner to recover data and testify as an expert. Failure to qualify in any way would compromise the case, even get the examiner discredited.
There are other toolkits available to law enforcement only, the general population cannot purchase them. Copies won't function due to the hardware key (all kits use keys) and the individual examiners access codes.
Al
Ratus said:
With how much time and effort?
How much does reading a platter nearly destoryed hard drive cost?
As long as it doesn't have my bank or CC#'s, is it really necessary?
[/ QUOTE ]
Ratus;
If the info was deleted, the disk reformatted or re-partitioned and reformatted, no problem. Recovery time is a few hours or less, all machine time and pretty much automated. After that, it's up to the reviewer to look and report on the findings.
If the disk was wiped or a real time wipe program was used that conformed to government standards, I'll need the original disk, not a copy since the subtle magnetic variations would not be passed to a copy. The cost is high to very high depending on what needs to be done. It may be necessary only to run the disk through a system running the recovery programs or it may require removing the heads and replacing them with very fine heads that can read boundary data and have sufficient resolution to sense shadow data. Our forensics lab can't do this type of work, we'd need to send it to a speciality lab at terrific expense.
Recovery in these modes is never complete, fragments need to be put together by the technician and reviewer. This type of recovery is never done unless the need is extreme since the cost is also extreme. You wouldn't really need to worry about someone getting your CC#'s since the cost of recovery would exceed your credit limit.
This is true today, tomorrow who knows. But you should certainly wipe a disk with at least three passes before disposing of it. As an example, a tech was charged with cc fraud. He was doing free work for a charity organization to repair donated computers. With just over the counter tools he recovered information and CC#'s etc. A simple wipe program would have prevented that from happening.
I recently had quite a long conversation with a friend who has first hand knowledge of an industrial espionage incident. Information from either his company or an affiliate (he wouldn't say which) was sold to a competitor. An employee was charged and his home computer was seized for examination.
The machine was subjected to a standard forensic examination using a bit copy of the disk. Although nothing incriminating was found, the disk appeared to have been cleaned by a wipe utility. A wipe utility cleans deleted files, file slack, ram slack and unallocated space by over writing those spaces with specific data designed to eliminate prior information. Some utilities are more efficient than others but few rewrite more than 3 times due to the time involved unless specifically configured to do so. These utilities can either run stand alone or as a real time background task.
Wipe utilities also remove deleted entries from the file allocation table to destroy file back pointers. This disk had all the signs of being wiped since there were no indications of it having any deleted data although the OS and other information on it were several years old.
Since there was a lot of money at stake, next the original disk, not a copy, was then sent to a recovery lab where it was subjected to techniques called "Border and Shadow data" recovery. Although the lab determined that the disk had been "wiped" by a three pass real time cleaning program, the recovery techniques were successful in reconstructing sufficient data for a successful prosecution.
When a zero bit is written to a disk, it is weaker if the prior bit stored in that location was a one than if it was a zero. Equipment exists that can detect this difference and reconstruct the "Shadow Data" despite the wiping. A second technique causes the read head to "jiggle" around each bit looking for differences at the border or bit edges caused by the head not hitting exactly the same spot each time it writes the bit.
It takes a wipe program at least seven passes with specific data patterns being written to eliminate the "Shadow" data and seven more using a wipe program designed to "jiggle" the head during the write to eliminate "Border" data. On a 20gb disk, this would take many, many hours.
It is possible for these recovery techniques to recover multiple, valid data streams from the same locations on a disk.
It is interesting to note that these techniques cannot be used on a bit stream copy since they are totally dependent on very subtle differences in the magnetic structure of the original disk. Reconstructed data is written to a second disk to avoid damaging the original.
In my company, I instituted a policy when I began my employment to remove and dismantle or destroy the disk drives when disposing of equipment.
Paulr;
You asked what tools are used. I use the Forensics Toolkit (FTK) from Access Data, EnCase by Guidance Software, a hardware based bit stream copy tool and tons of other utilities. These are expensive packages ($2000.00 and up per user) and not easy to purchase anyway.
Data recovery in the legal world is useless unless the examiner is a certified professional. This isn't cheap at all, it can easily cost tens of thousands of dollars to acquire the necessary credentials and expertise to qualify the examiner to recover data and testify as an expert. Failure to qualify in any way would compromise the case, even get the examiner discredited.
There are other toolkits available to law enforcement only, the general population cannot purchase them. Copies won't function due to the hardware key (all kits use keys) and the individual examiners access codes.
Al
PhotonBoy
Flashlight Enthusiast
Treat email like a postcard -- visible to anyone.
email privacy is an oxymoron.
email privacy is an oxymoron.
PhotonBoy
Flashlight Enthusiast
Cell Phones Reveal Love Affairs in Italy
'ROME - Italy's love affair with text messaging is having an unexpected consequence: Cell phones have become a leading giveaway of secret affairs.
Snooping spouses are finding amorous messages, as well as inexplicable phone numbers, stored in the memory of mobile phones.
Divorce lawyers are ecstatic, magazines are warning readers to watch out, and one private investigator has even issued "Five Golden Rules" on how to cheat with a cell phone and not get caught.'
'ROME - Italy's love affair with text messaging is having an unexpected consequence: Cell phones have become a leading giveaway of secret affairs.
Snooping spouses are finding amorous messages, as well as inexplicable phone numbers, stored in the memory of mobile phones.
Divorce lawyers are ecstatic, magazines are warning readers to watch out, and one private investigator has even issued "Five Golden Rules" on how to cheat with a cell phone and not get caught.'
LED-FX
Enlightened
Recovery:
http://www.usenix.org/publications/library/proceedings/sec96/full_papers/gutmann/
Prevention:
http://www.tolvanen.com/eraser/
Ive seen drives cut up with angle grinder, medical records, and run over with road roller, bank. Both times companys wanted photgraphic proof of destruction.
Adam
http://www.usenix.org/publications/library/proceedings/sec96/full_papers/gutmann/
Prevention:
http://www.tolvanen.com/eraser/
Ive seen drives cut up with angle grinder, medical records, and run over with road roller, bank. Both times companys wanted photgraphic proof of destruction.
Adam
