Re: FW: Re: chat logs

[Jeff Smith <evilwon12 () yahoo com>]

> -----Original Message-----
> From: David [mailto:david () clicksee net]
> Sent: Monday, May 16, 2005 9:22 PM
> To: 'Stephen Alford'; 'Melissa Fischer';
> security-basics () securityfocus com
> Subject: RE: Re: chat logs
>
>
> I must disagree with this line from Ms. Fischer- 'if
> they are doing nothing wrong, then there is nothing
> to hide and have "private".'
>
> How would you respond if your boss wanted to read
> your email and monitor the web sites you went to and
> read your IM's under the same philosophy?

Most companies have a policy that explicity states
that you have no right to privacy when you use their
computers & networks, this pertains to emails and web
use.  If you go through a proxy and think your company
does not know where you are surfing, you're crazy.  If
you send email through a server and do not think that
they can access your emails, you're fooling yourself. 
If the company has any banner when you sign on to the
network, I would be the house that your claim to
privacy just flew out the window.  Read it next time
you log on.

The same goes for a school.  I would EXPECT them to be
able to monitor activities.  It is their network and
equipment, why should you EXPECT privacy?

If/when I have kids and they surf the web, they will
know that I can monitor all of their activity and have
the right to.  If I suspect anything, I am surely
going to do some digging first, then ask questions. 
Note the word investigate.

You do not have to agree with it, but that's the real
world.  If you want privacy, unplug your modem or
network jack and talk to the person face to face.

People who expect and demand any publicly transported
medium to be private are ignorant.  You are highly
ignorant if you expect your company not to have the
ability or right to monitor all of your network
communications.



> I love my wife and she loves me and we trust each
> other greatly and yet she still doesn't want to poop
> if I'm in the bathroom even though there is nothing
> 'wrong' going on. :) i.e. even children deserve some
> privacy.
>
> Choosing their friends and having relationships with
> those friends is part of growing up and learning to
> socialize and keeping total control over that will
> stagnate that process. Balance is the key word here
> I think and monitoring communications considered
> private is going to far just as having a child carry
> an electronic listening device would be going too
> far.
>
> I agree with Mihai's sentiment. How about the
> parents explain to the kids what the security
> situation is and go through the emails and chat logs
> together? Maybe even show the kids how to run
> searches using scripts and teach them some computer
> stuff?
>
> An interesting dilemma as to how far to go with
> things. I think it's a bit different with K-12 kids
> though. With a kindergartener, yeah, the parents
> should probably just go ahead and search through
> their files unasked. With a 12 year old that could
> really touch off a fire-storm. "Dad, how could you
> just totally violate my privacy like that?"
>
>
> -----Original Message-----
> From: Stephen Alford [mailto:stephena () sbspros net]
> Sent: Saturday, May 14, 2005 3:05 AM
> To: 'Melissa Fischer';
> security-basics () securityfocus com
> Subject: RE: Re: chat logs
>
> Melissa, Mihai, et al,
> I can see both sides, as a father of 3 teens and a
> sec pro.  We all went thru our trials and
> tribulations as teens and I loved and related well
> with my parents.  However, I certainly had moments I
> preferred keeping between me and my peers.  I know
> there were experiences, real & virtual, that I
> didn't consider WRONG but still kept from my
> parents.  Looking back on this with perspective, I
> can understand my kids need for privacy, and I also
> understand my parental need to ensure they are
> protected from inadvertently choosing BAD options. 
> It is one of our greatest challenges to balance
> these needs appropriately.
>
> Thus, like any seasoned sec pro, make sure you
> assess the whole situation before applying your
> solution (and you DON'T NEED TO BE A PARENT TO
> FOLLOW THIS).
>
> My 2c worth.
>
> Stephen Alford, MCT, MCSE+Security, CCNA, CCDA, ASE
> Director, Partner Practices & Solutions, SBS Pros
> Email: stephena () sbspros net
>
>
> -----Original Message-----
> From: Melissa Fischer
> [mailto:Melissa.Fischer () NorthMemorial com]
> Sent: Friday, May 13, 2005 8:50 AM
> To: security-basics () securityfocus com
> Subject: Fwd: Re: chat logs
>
> FYI
>
> Melissa Fischer
> Database Administrator
> Data  and System Engineering
> North Memorial Health Care
> 763/520-1533
> melissa.fischer () northmemorial com
>
> > > > Melissa Fischer 5/13/2005 10:49:39 AM >>>
> I understand your concern, apparently you must not
> be a parent. I have raised 3 sons, 24, 20 and now an
> 8 year old.  Teenagers talk to EACH OTHER, not to
> their parents. Our parents HAVE personally talked to
> their children, looking at files on their computers
> is not taking away their privacy, if they are doing
> nothing wrong, then there is nothing to hide and
> have "private".
>
>
>
> Melissa Fischer
> Database Administrator
> Data  and System Engineering
> North Memorial Health Care
> 763/520-1533
> melissa.fischer () northmemorial com
>
> > > > Mihai Amarandei <mihai () xmcopartners com>
> 5/13/2005 9:45:28 AM >>>
> I'm glad too se everyone helping out to find the
> logs and giving advice
> on how to search those teen-agers web history.
> Just me(and this has nothing to do with security),
> but wouldn't it be
> better that each parent asked directly its children
> about such incidents
>
> instead of searching and digining through their logs
> and web history? I for one wouldn't like it that my
> parents knew all my browsing and
> chatting habbits, and I think this is the case for
> most of today's
> persons. Teens are as ,uch entitled to their privacy
> "apriori" as anyone
>
> else in my opinion.
> I know all I've said has not much to do with
> security (actually it has
> to do with privacy), but neither is searching for
> logs.
> I'm not trying to undermine the importance of the
> threat and the gravity
>
> of the situation, I just don't think such an
> intrusion of privacy would
> be a good answer.
>
>
> Mihai
> Blog: http://secinternship.blogspot.com
>
> Melissa Fischer wrote:
>
> > Our community, Waconia, Minnesota has recently been
> the victims of
> > threats against our children and schools.
> > http://www.startribune.com/stories/462/5399090.html
> >
> > The Emergency Response Task Force assigned to our
> case asked parents to
> > go home and check their kids computers for any
> chats or emails with
> > information.
> >
> > We are trying to find a document explaining where
> and what to look at
> > to find any information.  We would like to post
> this on our school main
> > page www.waconia.k12.mn.us for a resource for
> parents to use on how to
> > find any information.  Can you tell me where to
> find this information?
> > Thank you in advance,
> >
> >
> >
> > Melissa Fischer
> > Database Administrator
> > Data  and System Engineering
> > North Memorial Health Care
> > 763/520-1533
> > melissa.fischer () northmemorial com
>
>
> --
> Mihai Amarandei-Stavila - Xmco Partners
> Consultant Sécurité / Test d'intrusion
>
> tel  : 33 1 47 34 68 61
> web  : http://www.xmcopartners.com
> Villa Gabrielle 75015 PARIS
=== message truncated ===


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com