| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 08 Jun 2007 14:28:25 +0000 From: dcdave@....net To: "J. Oquendo" <sil@...iltrated.net>, Larry Seltzer <Larry@...ryseltzer.com>, full-disclosure <full-disclosure@...ts.grok.org.uk> Subject: Re: Shady bastards - CONFIDENTIAL (Terms of Services) As someone who has had to recommend policy in both government and private sectors, I would say that there IS a SOLUTION within the laws, both existing and proposed: Corporate or Business Entity networks belong to the entity, not to the employee. Network security personnel who are accountable and responsible for ALL security breaches must, necessarily, be able to monitor ALL traffic on their network. Most entities have the appropriate notification up that all network use is subject to monitoring, as is correct. Employees should not use corporate resources for personal business or personal emails. If one has personal business not appropriate to corporate monitoring, they should use personal email during personal time. That being said, most entities do not directly view all network traffic, all websites visited, or all emails, but usually have the capability to do so if a 'key word' type monitor is tripped. The concept is not difficult - look at the discussions of technology, ethics, and legalities behind the "Eche***" and "Carni****" monitoring programs... So it is *usually* not considered improper to log into your website email during breaks or lunch (if you are allowed internet access at all); nor is it considered improper to use your personal wireless laptop or iPhone on any public network as long as they are not connected to the entity network, or to check your email at home after work.... ...And then there are some places the employers just don't care to go unless there is extreme reason. For example, complete camera surveillance of entity property is allowable, but I have not yet seen camera coverage include bathroom stalls unless there is a specific need for it... Warm Regards, Dave Druitt -- CSO InfoSec Group 703-626-6516 "Using words to describe magic is like using a screwdriver to cut roast beef" -Tom Robbins "There is a big difference between kneeling down and bending over" -Bob Dylan (Zimmerman) -------------- Original message from "J. Oquendo" <sil@...iltrated.net>: -------------- > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists