Announcement

Collapse
No announcement yet.

[keylogging at the office] le'sigh

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • [keylogging at the office] le'sigh

    \is dumb and shouldn't be done without notice to the IT team
    Last edited by bjaming; October 26, 2009, 08:48. Reason: fixing stuff
    Network Jesus died for your SYN

  • #2
    Re: [keylogging at the office] le'sigh

    There is no expectation of privacy in a work environment.

    Comment


    • #3
      Re: [keylogging at the office] le'sigh

      Time to find a new employer.
      AMFYOYO

      Comment


      • #4
        Re: [keylogging at the office] le'sigh

        I still say its dumb and shouldn't be done
        Last edited by bjaming; October 26, 2009, 08:48.
        Network Jesus died for your SYN

        Comment


        • #5
          Re: [keylogging at the office] le'sigh

          Originally posted by bjaming View Post

          As far as "no reasonable expectation" of privacy on company equipment, I understand and fully agree, however widespread monitoring without notification is at best unnerving, at worst devious.

          What will they do with the passwords for employees personal banking or credit card accounts or other private financial information that may be recorded?

          The company certainly has no right to that information....
          I really hate to sound callous on this because I understand your frustration, but from their viewpoint, none of that information should be on the network.

          At this point, unless you have another job that you're ready to jump into and you're guaranteed to get it 110%, then you should probably just keep your head down and not make any waves. The current job market doesn't look too good to be suddenly out of work.
          A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

          Comment


          • #6
            Re: [keylogging at the office] le'sigh

            Originally posted by bjaming View Post
            The company certainly has no right to that information....
            At one of my jobs I had to implement a monitoring system on all the terminals throughout the company. There was a pretty loud uproar about it, with everyone complaining that the company would have access to a lot of employees personal information.

            The response from the company was that while at work, employees shouldn't be checking personal email, social networks, bank accounts, etc.

            It's a difficult subject, and I can understand both sides of it. The company has a right to do this, and use it as a way to prohibit employees from wasting time on personal tasks while at work.
            Of course its fully cooked... we had it set on "linen".

            Comment


            • #7
              Re: [keylogging at the office] le'sigh

              this action has been taken without the consult of the system admin team
              Personally, I'm surprised sys admins weren't involved in the process because most Antivirus programs will detect keyloggers as a threat (unless they're hardware based) and quarantine/delete them unless you make an exclusion. If they did go to them to make the exclusion, a simple slaving of the drive and running a scan against it would change the path (depending on if variables were used) causing it to be removed from the system. Granted, that's not the best way to stay in your psycho managements good graces.

              Note to self: In case of keyloggers, remember Spider Solitaire doesn't require keystrokes and can be launched from FOB.

              Comment


              • #8
                Re: [keylogging at the office] le'sigh

                Originally posted by bjaming View Post
                just so you know the software they are using is "spectorsoft" I'm not sure which version it is, but I'm looking for fun things to do with their so called spy mission :-)
                It's not only logging keystrokes it's taking screen shots and has many other logging features. Fortunately for you it's a huge resource hog and in the end will hurt the productivity they are trying to enhance.

                That said, it's their network and they are allowed to do whatever they want with it. Look at it from their perspective. They are paying people to do work, not surf pr0n and update their myspace page.

                You shouldn't even be snooping around trying to find out what software they are using as this could be misinterpreted. If some one doesn't want me on their network, I don't want to be on their network. If I'm on their network and some thing happens whether it's my fault or not, guess who gets blamed. People need to be adult about it and respect their employers wishes. Especially if you aren't the popular type.


                xor
                Just because you can doesn't mean you should. This applies to making babies, hacking, and youtube videos.

                Comment


                • #9
                  Re: [keylogging at the office] le'sigh

                  for the cases i know courts have sided on the employers side, unless you can get your keyboard in a different state to the cpu ;)
                  - Null Space Labs

                  Comment


                  • #10
                    Re: [keylogging at the office] le'sigh

                    I use Kaspersky Internet Suite on my Vista systems which has a built in virtual keyboard to get around keystroke loggers. But that still doesn't stop screen shots or active remote viewing.

                    xor
                    Just because you can doesn't mean you should. This applies to making babies, hacking, and youtube videos.

                    Comment


                    • #11
                      Re: [keylogging at the office] le'sigh

                      You really don't have to do keyloggers to get this information. Most of it can be obtained using the network. A key differentiator which lead to our selection of BlueCoat was the fact that it can function as an SSL proxy. We proxy all Internet traffic, http and https, and have the ability to look at any/all of that traffic should the need arise.

                      Our "Acceptable Use" policy clearly states that employee's should have not expectation to privacy. We do not advertise when and what we are managing.

                      One thing I would like to be clear on is that in my opinion, and that of many of my peers, what an employee does on the network is a management issue and not an IT or IT Security issue. It's not our role to police employee and how they spend their time. That is a responsiblity of the employee's manager.
                      DaKahuna
                      ___________________
                      Will Hack for Bandwidth

                      Comment


                      • #12
                        Re: [keylogging at the office] le'sigh

                        Originally posted by xor View Post
                        It's not only logging keystrokes it's taking screen shots and has many other logging features. Fortunately for you it's a huge resource hog and in the end will hurt the productivity they are trying to enhance.

                        That said, it's their network and they are allowed to do whatever they want with it. Look at it from their perspective. They are paying people to do work, not surf pr0n and update their myspace page.

                        You shouldn't even be snooping around trying to find out what software they are using as this could be misinterpreted. If some one doesn't want me on their network, I don't want to be on their network. If I'm on their network and some thing happens whether it's my fault or not, guess who gets blamed. People need to be adult about it and respect their employers wishes. Especially if you aren't the popular type.


                        xor

                        I'm not the popular type and it got me fired

                        I discovered the service running on a non-production server. I started looking into what it was and why it was there thinking that maybe this company had been hacked. Once I saw email being generated to a couple of internal employees I went and looked at their mail boxes to try and figure out what it was doing. The key logger caught my opening the mail box, management freaked out and I was fired. So protip, keep your head down and dont make waves or you'll be fired (like streaker99 said)

                        nothing I can do about it now, except work on my tan for defcon.

                        live and learn right?

                        ps-anyone hiring?
                        Network Jesus died for your SYN

                        Comment


                        • #13
                          Re: [keylogging at the office] le'sigh

                          I'm commenting on this for the sake of others who will read this, down the road. I'm not trying to pick on bjaming; on the other hand, perhaps he'll take what I'm saying to heart.

                          Originally posted by bjaming View Post
                          I'm not the popular type and it got me fired
                          It had nothing to do with popularity. It had to do with insubordination, and with a serious lack of caution. Postings *here* are public, and archived in all sorts of places. Google caches them right away. I would bet that they (your former employers) know your alias here (or at least they should).

                          Originally posted by bjaming View Post
                          I discovered the service running on a non-production server. I started looking into what it was and why it was there thinking that maybe this company had been hacked. Once I saw email being generated to a couple of internal employees I went and looked at their mail boxes to try and figure out what it was doing. The key logger caught my opening the mail box, management freaked out and I was fired. So protip, keep your head down and dont make waves or you'll be fired (like streaker99 said)
                          You read other people's email with no business reason to do so. Unless you were expected to operate as a cowboy (and I bet you were not), you should have immediately reported this service running on a non-production server, and asked for a team member to assist you in the investigation. Right then, someone would have stepped up and told you to never mind, and that would have ended it.

                          One lesson learned here is not just to keep your head down, but to consider that you are an *EMPLOYEE* and that other people, at the end of the day, make the decisions. Another lesson is that you should not, *EVER*, discuss your professional life in such a way that it will later come back to haunt you. To point you to one of your original statements:

                          just so you know the software they are using is "spectorsoft" I'm not sure which version it is, but I'm looking for fun things to do with their so called spy mission :-)
                          That statement makes my stomach hurt.

                          Originally posted by bjaming View Post
                          nothing I can do about it now, except work on my tan for defcon.

                          live and learn right?

                          ps-anyone hiring?
                          There's plenty you can do. Right out of the gate, you should be examining what you did, and trying to understand my point of view (and Streaker99's and Dakahuna's). You need to consider what you say in public, and how it will be seen today, tomorrow, and five years from now. If it's at all possible, get in touch with your former employer, tell them you realize how stupid you were. Do NOT offer any excuses about how you thought they were being hacked; it won't fly. Ask if you can be allowed to resign instead.

                          Work on your resume. When you get to defcon, find other things to talk about than this. It can only hurt you.

                          Glad I'm retired. I just don't have the stomach for firing people any more.

                          Comment


                          • #14
                            Re: [keylogging at the office] le'sigh

                            Oh well. You asked for advice, people gave it, and you chose not to follow it.

                            I was going to say earlier that chances are, they implemented such a policy and they already had their targets in mind, but they needed to do it company wide so as to appear to be fair.

                            If you have a firearm, I suggest you put it away for a while, I hate to hear you shot yourself in the foot, again.
                            A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

                            Comment


                            • #15
                              Re: [keylogging at the office] le'sigh

                              to clarify, the results of this encounter have nothing to do with anything that has been posted on this or any other site.

                              in addition, I don't think you're attacking me, and I'm not too concerned about the outcome of this event. I was not a happy person at this place. I'm not trying to excuse my activity on their network, nor am I trying to lay blame at their feet.

                              I think it has less to do with "insubordination" than it has to do with other issues related to personality conflicts.


                              it's just given me an opportunity to work on my tan :)

                              edit-streaker I'll buy you a beer at defcon this year check your pm's
                              Network Jesus died for your SYN

                              Comment

                              Working...
                              X