Security Basics mailing list archives
Re: FW: Re: chat logs
From: Jeff Smith <evilwon12 () yahoo com>
Date: Tue, 17 May 2005 08:56:38 -0700 (PDT)
-----Original Message----- From: David [mailto:david () clicksee net] Sent: Monday, May 16, 2005 9:22 PM To: 'Stephen Alford'; 'Melissa Fischer'; security-basics () securityfocus com Subject: RE: Re: chat logs I must disagree with this line from Ms. Fischer- 'if they are doing nothing wrong, then there is nothing to hide and have "private".' How would you respond if your boss wanted to read your email and monitor the web sites you went to and read your IM's under the same philosophy?
Most companies have a policy that explicity states that you have no right to privacy when you use their computers & networks, this pertains to emails and web use. If you go through a proxy and think your company does not know where you are surfing, you're crazy. If you send email through a server and do not think that they can access your emails, you're fooling yourself. If the company has any banner when you sign on to the network, I would be the house that your claim to privacy just flew out the window. Read it next time you log on. The same goes for a school. I would EXPECT them to be able to monitor activities. It is their network and equipment, why should you EXPECT privacy? If/when I have kids and they surf the web, they will know that I can monitor all of their activity and have the right to. If I suspect anything, I am surely going to do some digging first, then ask questions. Note the word investigate. You do not have to agree with it, but that's the real world. If you want privacy, unplug your modem or network jack and talk to the person face to face. People who expect and demand any publicly transported medium to be private are ignorant. You are highly ignorant if you expect your company not to have the ability or right to monitor all of your network communications.
I love my wife and she loves me and we trust each other greatly and yet she still doesn't want to poop if I'm in the bathroom even though there is nothing 'wrong' going on. :) i.e. even children deserve some privacy. Choosing their friends and having relationships with those friends is part of growing up and learning to socialize and keeping total control over that will stagnate that process. Balance is the key word here I think and monitoring communications considered private is going to far just as having a child carry an electronic listening device would be going too far. I agree with Mihai's sentiment. How about the parents explain to the kids what the security situation is and go through the emails and chat logs together? Maybe even show the kids how to run searches using scripts and teach them some computer stuff? An interesting dilemma as to how far to go with things. I think it's a bit different with K-12 kids though. With a kindergartener, yeah, the parents should probably just go ahead and search through their files unasked. With a 12 year old that could really touch off a fire-storm. "Dad, how could you just totally violate my privacy like that?" -----Original Message----- From: Stephen Alford [mailto:stephena () sbspros net] Sent: Saturday, May 14, 2005 3:05 AM To: 'Melissa Fischer'; security-basics () securityfocus com Subject: RE: Re: chat logs Melissa, Mihai, et al, I can see both sides, as a father of 3 teens and a sec pro. We all went thru our trials and tribulations as teens and I loved and related well with my parents. However, I certainly had moments I preferred keeping between me and my peers. I know there were experiences, real & virtual, that I didn't consider WRONG but still kept from my parents. Looking back on this with perspective, I can understand my kids need for privacy, and I also understand my parental need to ensure they are protected from inadvertently choosing BAD options. It is one of our greatest challenges to balance these needs appropriately. Thus, like any seasoned sec pro, make sure you assess the whole situation before applying your solution (and you DON'T NEED TO BE A PARENT TO FOLLOW THIS). My 2c worth. Stephen Alford, MCT, MCSE+Security, CCNA, CCDA, ASE Director, Partner Practices & Solutions, SBS Pros Email: stephena () sbspros net -----Original Message----- From: Melissa Fischer [mailto:Melissa.Fischer () NorthMemorial com] Sent: Friday, May 13, 2005 8:50 AM To: security-basics () securityfocus com Subject: Fwd: Re: chat logs FYI Melissa Fischer Database Administrator Data and System Engineering North Memorial Health Care 763/520-1533 melissa.fischer () northmemorial comMelissa Fischer 5/13/2005 10:49:39 AM >>>I understand your concern, apparently you must not be a parent. I have raised 3 sons, 24, 20 and now an 8 year old. Teenagers talk to EACH OTHER, not to their parents. Our parents HAVE personally talked to their children, looking at files on their computers is not taking away their privacy, if they are doing nothing wrong, then there is nothing to hide and have "private". Melissa Fischer Database Administrator Data and System Engineering North Memorial Health Care 763/520-1533 melissa.fischer () northmemorial comMihai Amarandei <mihai () xmcopartners com>5/13/2005 9:45:28 AM >>> I'm glad too se everyone helping out to find the logs and giving advice on how to search those teen-agers web history. Just me(and this has nothing to do with security), but wouldn't it be better that each parent asked directly its children about such incidents instead of searching and digining through their logs and web history? I for one wouldn't like it that my parents knew all my browsing and chatting habbits, and I think this is the case for most of today's persons. Teens are as ,uch entitled to their privacy "apriori" as anyone else in my opinion. I know all I've said has not much to do with security (actually it has to do with privacy), but neither is searching for logs. I'm not trying to undermine the importance of the threat and the gravity of the situation, I just don't think such an intrusion of privacy would be a good answer. Mihai Blog: http://secinternship.blogspot.com Melissa Fischer wrote:Our community, Waconia, Minnesota has recently beenthe victims ofthreats against our children and schools. http://www.startribune.com/stories/462/5399090.html The Emergency Response Task Force assigned to ourcase asked parents togo home and check their kids computers for anychats or emails withinformation. We are trying to find a document explaining whereand what to look atto find any information. We would like to postthis on our school mainpage www.waconia.k12.mn.us for a resource forparents to use on how tofind any information. Can you tell me where tofind this information?Thank you in advance, Melissa Fischer Database Administrator Data and System Engineering North Memorial Health Care 763/520-1533 melissa.fischer () northmemorial com-- Mihai Amarandei-Stavila - Xmco Partners Consultant Sécurité / Test d'intrusion tel : 33 1 47 34 68 61 web : http://www.xmcopartners.com Villa Gabrielle 75015 PARIS
=== message truncated === __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Current thread:
- Re: chat logs, (continued)
- Re: chat logs Zaven (May 16)
- Re: chat logs Times Enemy (May 16)
- Re: chat logs Zaven (May 16)
- RE: chat logs aixroot (May 16)
- RE: Re: chat logs Beauford, Jason (May 17)
- Re: chat logs Dave Aronson (May 18)
- Re: chat logs Alexander Klimov (May 18)
- RE: chat logs Steve Bostedor (May 17)
- Re: chat logs Stian Øvrevåge (May 18)
- RE: Re: chat logs Joshua Berry (May 18)
- RE: Re: chat logs Melissa Fischer (May 18)
- Re: FW: Re: chat logs Jeff Smith (May 18)
- RE: Re: chat logs Stephen Alford (May 18)
- Re: chat logs John Blackley (May 18)
- RE: chat logs Chapman, Carol (May 18)
- RE: Re: chat logs Bundschuh, Anthony D (May 18)