PaulDotCom mailing list archives
Re: Controversial (maybe) question
From: Frank McClain <frank.mc.42 () gmail com>
Date: Mon, 27 May 2013 11:17:22 -0500
Specter is probably one of the more common commercial keyloggers. One thing to keep in mind is - ironically- a legal issue regarding the user's right to privacy. I have heard about cases where email monitoring was performed, but not only was it thrown out, but the company got in trouble. Reason was, email monitoring was not part of the company's official, normal activity. As such, it was deemed to violate the user's right to privacy. Dead box forensic analysis from an image of the hard drive for historical activity may be easier to pull off legally, and give more justification for additional measures (such as logging). You mentioned blocking some cloud storage providers; any chance you're doing full packet capture as a normal business/security process? If so, that's another route to look into. Hope that helps, Frank Frank McClain Sent from Vic20 over 4G On May 27, 2013 10:48 AM, "Dan Baxter" <danthemanbaxter () gmail com> wrote:
Okay, yesterday at work, I was asked if I could deploy some spyware to a PC to determine what a particular user is doing. The requestor was one of our corporate attorneys, no less. The concern is that this individual is possibly accessing sensitive documents and getting them to a competitor. I'm not at this location, so I don't know the person, or the exact circumstances or requirements, yet. I have been told he's the "unofficial IT guy" for this location, so he may be wary. At present, we don't block access to USB drives. We do block access to cloud based storage (Dropbox, Copy, Skydrive, etc). Ironically, this is the same atty that helped shoot down a DLP project I was working on earlier this year. I took gratification in pissing her off by reminding her that this would be a perfect example of why we need one. Anyway, assuming I get signoff from HR and our Ethics department (still questionable), are there any suggestions of what I could deploy? Also, I realize some testing is going to need to be done to make sure it doesn't set off alarms on his A/V. Any other pitfalls I need to be aware of? Thanks in advance. Dan Baxter ------------------------------------------------- Quis custodiet ipsos custodes? "A sword never kills anybody; it is a tool in the killers hands."-Lucius Annaeus Seneca, c.4BC-65AD _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Controversial (maybe) question Dan Baxter (May 27)
- Re: Controversial (maybe) question Andrew Case (May 27)
- Re: Controversial (maybe) question Frank McClain (May 27)
- Re: Controversial (maybe) question David Kovar (May 27)
- Re: Controversial (maybe) question Brian Erdelyi (May 27)
- Re: Controversial (maybe) question Michael Dickey (May 27)