mail security-encryption?

Toggle sidebar Toggle sidebar
K

kraft

Junior Member
Mar 24, 2004
11
0
0
:confused:
we have a server at work we used to connect to the internet and we have e-mails using outlook express, question is, can the administrator see and read messages I send over the net? if I use other e-mail address,say, from yahoo or msn, can they still read it? how about the incoming messages? Is there a way where I can stop them from reading my mails?

thanks...
kraft...
 
N

n0cmonkey

Elite Member
Jun 10, 2001
42,936
1
0
The admin can read your email. If you are at work he may have every right to. Best solution is to not send personal emails while at work. Software solutions: pgp/gpg will solve the problem, but people you email will have to use it too. Or if you have an webmail account that has ssl access.
 
M

mboy

Diamond Member
Jul 29, 2001
3,309
0
0
Man, why do people think us admins do not have the ability to see every single thing they do while using computers at work THAT ARE UNDER OUR CONTROL.
I have a VP here who gets mad when he learns there is nothing he can do on his PC @ work that I won't know about.
I saw him keep some files locally on his PC when he should be storing them on the server and he says they are there so I can't read them. I laughed at him and told him I could wipe out his PC @ any time, do anything I want to it without him ever knowing. I said I can Read all the webmail emails to his wife, daughter and mistress and there wasn't a thing he could do about it. Keeps asking why I should be able to do that. I said, so who should, you? I said you don't like it, talk to the owner of the company and tell him you feel the Manager of IT shouldn't have access to everything he is in charge of. I said, see how far that gets you.

Amazing how people get soo mad while using something that isn't theres.
If you don't want the admins to see it, then DO NOT DO IT ON COMPANY OWNED PROPERTY.


RANT OFF!
 
S

stingygrrl

Golden Member
Jul 30, 2000
1,829
0
0
interesting..

does this also apply to chat software where there's no file saved to the HD?
 
M

mboy

Diamond Member
Jul 29, 2001
3,309
0
0
You mean like AIM, Yahoo messenger etc?
Absolutely. If it is not encrypted, it can be sniffed right off the wire and read in near real time.
I can assure you most admins don't have the time, or could care less for the most part. However, if working for a bank, financial Institution, Medical Co, etc, they do keep everything archived.

It has nothing do with stuff stored on your PC, ALL transmission that is not encrypted (and you would most likely get in trouble for encrypting it) can be sniffed as it travels acroos your network.
I am a small Co. with about 70 workstations/servers under my control and I can do all of that and relatively cheaply.
 
N

n0cmonkey

Elite Member
Jun 10, 2001
42,936
1
0
Originally posted by: stingygrrl
interesting..

does this also apply to chat software where there's no file saved to the HD?
Click to expand...

It was part of my job at the time, so that's my excuse (almost makes me feel ok with it). I used to read MSN, AIM, and IRC conversations at work all the time. Unless it is encrypted, it can be read.
 
K

kraft

Junior Member
Mar 24, 2004
11
0
0
Guess I'll try pgp\gpg. But I guess there's no way to find out if the admin can still read them unless he tell me so.

..........
 
N

n0cmonkey

Elite Member
Jun 10, 2001
42,936
1
0
Originally posted by: kraft
Guess I'll try pgp\gpg. But I guess there's no way to find out if the admin can still read them unless he tell me so.

..........
Click to expand...

If you are pgp or gpg encrypting the mail messages and the admin can still read them, he needs to contact whoever owns pgp now and get himself a better job. ;)

EDIT: Unless of course he gets your private key and uses a keylogger while you are typing in your passphrase (or while you type the message) of course. The moral of the story is: work while you are at work, goof off at home.
 
B

Boscoh

Senior member
Jan 23, 2002
501
0
0
Just keep in mind...if you're using your company's network they have every right to read anything you send. They might tell you to stop using pgp, and/or you could get in trouble for it. Especially if you're using the corporate email. I've seen it happen. Companies hate it when you try to circumvent the admins, makes it look like you're trying to hide something.

Best solution: dont do things at work that you dont want someone finding out about.
 
M

mboy

Diamond Member
Jul 29, 2001
3,309
0
0
Yep. I catch you using PGP @ work (altho I do for certain things, but I am the Mngr of IT/admin :) and only use it for work related encrypting), I will give you a warning to stop (u have violated 2 policies as I installing any software without approval is another violation). If it happens again, I will make a formal request you be shown the door.
 
B

buleyb

Golden Member
Aug 12, 2002
1,301
0
0
yeah, just because the email can't be read, doesn't mean he can't figure out you're hiding something from him. This is a bigger cause for investigation than forwarding dirty-joke emails...
 
Nothinman

Nothinman

Elite Member
Sep 14, 2001
30,672
0
0
does this also apply to chat software where there's no file saved to the HD?
Click to expand...

Of course, anything that goes to the Internet has to pass through their network so they can catch it and do whatever they want with it.

Guess I'll try pgp\gpg. But I guess there's no way to find out if the admin can still read them unless he tell me so.
Click to expand...

Ask him, most places probably have some form of Acceptable Use policy they can show you that will detail what you're allowed to use their hardware and network for.
 
A

AFB

Lifer
Jan 10, 2004
10,718
3
0
There is nothing the IT people don't know if you do it on your work computer. :evil: Keep private stuff private and at home.
 
K

kraft

Junior Member
Mar 24, 2004
11
0
0
Guess you're right guys... Got to keep private stuffs at home...
But I'm no admin and I'm just curious what details in e-mail admins like you can see. Does it include the forwarding address? I mean can they see to what e-mail address I intend to send it?
 
A

AFB

Lifer
Jan 10, 2004
10,718
3
0
Originally posted by: kraft
Guess you're right guys... Got to keep private stuffs at home...
But I'm no admin and I'm just curious what details in e-mail admins like you can see. Does it include the forwarding address? I mean can they see to what e-mail address I intend to send it?
Click to expand...

Let me make it a little simpler, If you type it had any thing to do with your work computer, they can see it.
 
B

Boscoh

Senior member
Jan 23, 2002
501
0
0
Originally posted by: kraft
Guess you're right guys... Got to keep private stuffs at home...
But I'm no admin and I'm just curious what details in e-mail admins like you can see. Does it include the forwarding address? I mean can they see to what e-mail address I intend to send it?
Click to expand...

I can see your IP address on the network, what port your computer used to connect to the mail server, your mailbox name, who the email was addressed to, the date/time of when you sent it, the subject, the body, the email server that accepted your email, the IP address of that email server, and probably some other things if I choose to dig deep enough, including any attachments you had on the email.

Everything you can see, I can see too plus more.
 
M

mboy

Diamond Member
Jul 29, 2001
3,309
0
0
Originally posted by: Boscoh
Originally posted by: kraft
Guess you're right guys... Got to keep private stuffs at home...
But I'm no admin and I'm just curious what details in e-mail admins like you can see. Does it include the forwarding address? I mean can they see to what e-mail address I intend to send it?
Click to expand...

I can see your IP address on the network, what port your computer used to connect to the mail server, your mailbox name, who the email was addressed to, the date/time of when you sent it, the subject, the body, the email server that accepted your email, the IP address of that email server, and probably some other things if I choose to dig deep enough, including any attachments you had on the email.

Everything you can see, I can see too plus more.
Click to expand...

Don't forget your email password, whether it be the work email server, hotmail, yahoo or whatever :)

I have something that will recreate the email exactly and open it in outlook or OExpress if I choose, just like you sent it, atatchment and all!

 
B

buleyb

Golden Member
Aug 12, 2002
1,301
0
0
Originally posted by: mboy
Originally posted by: Boscoh
Originally posted by: kraft
Guess you're right guys... Got to keep private stuffs at home...
But I'm no admin and I'm just curious what details in e-mail admins like you can see. Does it include the forwarding address? I mean can they see to what e-mail address I intend to send it?
Click to expand...

I can see your IP address on the network, what port your computer used to connect to the mail server, your mailbox name, who the email was addressed to, the date/time of when you sent it, the subject, the body, the email server that accepted your email, the IP address of that email server, and probably some other things if I choose to dig deep enough, including any attachments you had on the email.

Everything you can see, I can see too plus more.
Click to expand...

Don't forget your email password, whether it be the work email server, hotmail, yahoo or whatever :)

I have something that will recreate the email exactly and open it in outlook or OExpress if I choose, just like you sent it, atatchment and all!
Click to expand...

Can you explain how you are reading passwords from SSL encrypted webmail sessions (hotmail/yahoo)? I'm thinking keyloggers, and that might be company policy there...
 
N

n0cmonkey

Elite Member
Jun 10, 2001
42,936
1
0
Originally posted by: buleyb
Originally posted by: mboy
Originally posted by: Boscoh
Originally posted by: kraft
Guess you're right guys... Got to keep private stuffs at home...
But I'm no admin and I'm just curious what details in e-mail admins like you can see. Does it include the forwarding address? I mean can they see to what e-mail address I intend to send it?
Click to expand...

I can see your IP address on the network, what port your computer used to connect to the mail server, your mailbox name, who the email was addressed to, the date/time of when you sent it, the subject, the body, the email server that accepted your email, the IP address of that email server, and probably some other things if I choose to dig deep enough, including any attachments you had on the email.

Everything you can see, I can see too plus more.
Click to expand...

Don't forget your email password, whether it be the work email server, hotmail, yahoo or whatever :)

I have something that will recreate the email exactly and open it in outlook or OExpress if I choose, just like you sent it, atatchment and all!
Click to expand...

Can you explain how you are reading passwords from SSL encrypted webmail sessions (hotmail/yahoo)? I'm thinking keyloggers, and that might be company policy there...
Click to expand...

I bet most people skip the https side of yahoo! and hotmail and just use the standard http. ;)
 
M

mboy

Diamond Member
Jul 29, 2001
3,309
0
0
About 99.99%. I haven't used either in a long time, but I didn't even know either one used SSL. Going to hotmail.com and loggin in sure doesn't use it.
 
B

buleyb

Golden Member
Aug 12, 2002
1,301
0
0
My bad, didn't realize hotmail/yahoo weren't on the sanity bandwagon, and were still operating non-secure websites....awesome...
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom