|
SEKCobra posted:Since it isn't a company email (or he wouldn't have to search the local PCs) it isn't a company resource. Doesn't matter if he might have used the PC (which you can't prove anyway, even if that email is stored anywhere) you still can't illegally search for it. Awesome, thanks for your wonderful insight. Now that I know my company can't fire me for watching porn on a company computer in my private office where I'm watching with headphones, completely clothed with my screen facing only me. I think you've completely missed the point here as you seem to be confusing session/credential jacking with checking to see if say.. a login cookie exists for that account on that employee's work computer. But I digress..
|
#
?
Jul 18, 2017 12:28
|
|
|
|
| # ? Jun 1, 2024 05:59 |
|
|
SeaborneClink posted:I think you've completely missed the point here as you seem to be confusing session/credential jacking with checking to see if say.. a login cookie exists for that account on that employee's work computer. But I digress.. No, actually my point is exactly that this is on an almost equal level of legality. Accessing a personal credential storage for another user without their consent is definitely far outside any arguably acceptable tolerance imo. Even if you are 'just' checking usernames.
|
|
#
?
Jul 18, 2017 13:23
|
|
|
That kind of poo poo is not the job of an IT employee anyway. Just because I have access to PCs and a knowledge of how chrome works doesn't mean I'm going to get involved in forensic HR investigations of other employees. That's absolutely not within IT responsibilities. I understand the desire to stop somebody from harassing a female employee but this poo poo is better left to contracted investigators or the police, under the instruction of HR.
|
|
#
?
Jul 18, 2017 13:51
|
|
|
Ursine Catastrophe posted:3. Tier 1 support searches Jira for tickets relating to $Application in an attempt to figure out who owns it, but our reporting software searches don't sort by "Last Updated" by default so Underlined the issue.
|
|
#
?
Jul 18, 2017 14:36
|
|
|
SEKCobra posted:No, actually my point is exactly that this is on an almost equal level of legality. Accessing a personal credential storage for another user without their consent is definitely far outside any arguably acceptable tolerance imo. Even if you are 'just' checking usernames. I think you'll find that in a corporate environment (in the United States at least) the computer and everything on it, including any personal login credentials that may or may not be there, is considered to be company property and no right to privacy exists. If the said harassment was sent from a work machine, company IT is well within it's rights, and possibly even obligated by law so search their own computers for evidence. Now if the machine is owned by the employee then you would probably be correct, but in most companies this is not the case. Edit: I do agree however that HR should be involved. The police on the other hand, unless the harassment is at a criminal level they really have no need to be involved in what is essentially a civil matter. PremiumSupport fucked around with this message at 15:01 on Jul 18, 2017 |
|
#
?
Jul 18, 2017 14:58
|
|
|
PremiumSupport posted:I think you'll find that in a corporate environment (in the United States at least) the computer and everything on it, including any personal login credentials that may or may not be there, is considered to be company property and no right to privacy exists. If the said harassment was sent from a work machine, company IT is well within it's rights, and possibly even obligated by law so search their own computers for evidence. I don't know where this belief comes from, but in what way can you possibly believe that ownership of personal accounts is transferred by logging in on a work machine? Most companies i've worked with even have personal use policies, and even if they don't, there isn't some magic clause that would stand up in a court that says "If you log in on this PC we own your facebook". I mean you guys gotta see how ridiculous that sounds. Basically everyone in this thread that is in the US would have to relinquish their SA account to their employer because obviously they own it.
|
|
#
?
Jul 18, 2017 15:11
|
|
|
SEKCobra posted:I don't know where this belief comes from, but in what way can you possibly believe that ownership of personal accounts is transferred by logging in on a work machine? Most companies i've worked with even have personal use policies, and even if they don't, there isn't some magic clause that would stand up in a court that says "If you log in on this PC we own your facebook". I mean you guys gotta see how ridiculous that sounds. Basically everyone in this thread that is in the US would have to relinquish their SA account to their employer because obviously they own it. Except no one is saying that they should be able to get on the person's account, just see if there is some file caching the username or something on their computer. Which, guess what, every single file on that computer is property of the company.
|
|
#
?
Jul 18, 2017 15:20
|
|
|
You're misunderstanding what the guy is searching for. He wants to see if a Google account was logged in to from a PC. He doesn't want any of the content from that account, he doesn't want the password, he doesn't want to search sent items or anything. He just wants to see a cookie that says "account: harasserguy@gmail.com Timestamp: 7/17/17" There's nothing illegal about searching a corporate PC for data stored on that PC.
|
|
#
?
Jul 18, 2017 15:22
|
|
|
Does anyone know a good way to remove 900k+ deleted e-mails in Office 365? Our error tracking blew up my inbox last month and I was able to at least make my inbox usable with rules, but now I'm getting daily "you're on our quota poo poo list" e-mails from Microsoft for filling up the Deleted Items folder. Trying to empty the folder via the web interface makes it poo poo itself and do nothing. Running a permanently delete rule in the full client also dies after an hour or so with little progress. My O365 admin buddy doesn't have any ideas of anything he can do administratively. The most productive option I've found so far is to sort by oldest, scroll the scrollbar down about 5-10px to get a range of e-mails and then delete them by hand, repeating every few minutes. I'm down ~20-30k after starting that yesterday.
|
|
#
?
Jul 18, 2017 15:23
|
|
|
Surely your admin can use a powershell connector, target the folder, and blast it from the administrative side.
|
|
#
?
Jul 18, 2017 15:25
|
|
|
Judge Schnoopy posted:You're misunderstanding what the guy is searching for. He wants to see if a Google account was logged in to from a PC. He doesn't want any of the content from that account, he doesn't want the password, he doesn't want to search sent items or anything. this. They're not trying to hijack or take ownership of this person's account, just find a record that the account was used, which they absolutely are within their rights to do.
|
|
#
?
Jul 18, 2017 15:39
|
|
|
Which, again, I would treat exactly like a FOIA request. Upper management writes a request for exactly what they want and I, as the IT employee, will deliver exactly that information to the requestor. Joining witch hunts and leading investigative charges will not end well for you, I promise.
|
|
#
?
Jul 18, 2017 15:45
|
|
|
Nerdrock posted:this. I don't see where the distinction is, you are accessing data for a reason that is not justifiable (Since you are accessing everyones data to find a match) in a store that you have no business accessing (no matter if its the password store or cookies, these are both credential storage). I only know tidbits about the american federal computer hacking laws but I am fairly positive that this easily falls within their jurisdiction. Accessing these stores in order to diagnose a technical issue is a special case where a lot of privacy can be circumvented, doing so for forensic HR purposes certainly isn't. Don't forget that you are performing the same actions as if stealing a stored password/hijacking a cookie. I haven't read a law that cared if you stole 'just' a username or the actual password. It's as if you were handling medical records and looked at every employees records 'just to see if they have cancer' because you found a hint at such a thing. Like, do none of you guys use signing certificates? Impersonating someone by use of a personal certificate by signing with it is a crime, regardless of who provided that cert. The private key can't be property of the company, because the signature has to prove the identity of the user. Same goes for passwords IMO. Anyway, I'll shut up about this since apparently privacy/security isn't a concern for you guys. SEKCobra fucked around with this message at 15:56 on Jul 18, 2017 |
|
#
?
Jul 18, 2017 15:54
|
|
|
Nth Doctor posted:Does anyone know a good way to remove 900k+ deleted e-mails in Office 365? Our error tracking blew up my inbox last month and I was able to at least make my inbox usable with rules, but now I'm getting daily "you're on our quota poo poo list" e-mails from Microsoft for filling up the Deleted Items folder. There's a thing you can do in the discovery portal to run a search job targeting all the emails you want gone, then you can use PowerShell to delete all the results. Phone posting right now, but start there.
|
|
#
?
Jul 18, 2017 15:58
|
|
|
SEKCobra posted:Anyway, I'll shut up about this since apparently privacy/security isn't a concern for you guys. You also don't understand US data law as it pertains to company resources. A US company, with very few restrictions can do whatever the gently caress they want with any data on the machines they own. You have no right to privacy on those machines, and you sign an agreement to that effect on hire for 95% of companies. If he used the session cookie to go snooping in someone's webmail, that would be a grey enough area that they could get into some poo poo over. Checking session cookies and saved password files on that local machine falls 100% within the rights of the company, especially if it's in response to harassment and hostile workplace complaints. That said, CYA CYA YCA, make sure HR and the execs have signed off on this before you see what you find, because if someone pitches a fit about it after the fact, it's always easier to placate them by firing you for 'overstepping' than it is to go to court and get the case dismissed.
|
|
#
?
Jul 18, 2017 16:05
|
|
|
SEKCobra posted:Anyway, I'll shut up about this since apparently privacy/security isn't a concern for you guys. I can't remember; are you US-based? For some reason it's in my head that you're in the UK, not US. If that's so, you're 100% correct, but for the US it's definitely different in that a company is within their rights to check browsing history on company machines. I wouldn't do it without a printed and signed copy of the order from my bosses though.
|
|
#
?
Jul 18, 2017 16:17
|
|
|
SEKCobra posted:Since it isn't a company email (or he wouldn't have to search the local PCs) it isn't a company resource. Doesn't matter if he might have used the PC (which you can't prove anyway, even if that email is stored anywhere) you still can't illegally search for it. If the company owns the computers, the users do not have an expectation of privacy and the company can search the computers. This is in the US. I'm think that's a little shady morally, but I don't think it's illegal.
|
|
#
?
Jul 18, 2017 16:20
|
|
|
Judge Schnoopy posted:You're misunderstanding what the guy is searching for. He wants to see if a Google account was logged in to from a PC. He doesn't want any of the content from that account, he doesn't want the password, he doesn't want to search sent items or anything. This is exactly it. HR (and our general counsel) asked me what proof would like like, I said that would prove it, and I had them email me the request to CYA. I'm checking our own PCs for logins which is within the scope of the access policy people sign when they start here.
|
|
#
?
Jul 18, 2017 16:36
|
|
|
SEKCobra posted:Anyway, I'll shut up about this since apparently privacy/security isn't a concern for you guys. That's needlessly passive aggressive. I live in the US. Every company I have ever worked for as part of the onboarding process has had me sign a document stating in no uncertain terms that they have the right to see everything on their hardware. If I shop on Amazon, check my personal email, or open up Facebook, they have a right to know if I used their hardware to do it. I solve this quandry by not loving doing these things on their hardware.
|
|
#
?
Jul 18, 2017 16:42
|
|
|
But no it doesn't prove anything. It proves the person is connected to the account, but not that they did anything malicious. You're better off finding a way to search with powershell (prove it works on a lab machine), write an export to a file in a secured location (turning on access auditing will be a good idea as well), run the command and tell HR where to find it. Looking at the results of every Google login cookie is a steaming pile of poo poo that you don't want to step in. Proving you didn't see the results is excellent CYA if a C-level knocks on your door asking if you snooped on their chrome activity. vvv also this, make absolutely certain you are searching for ONLY the email account in question. If the CEO learns you made a report tying his computer and time to a gmail account he's using to solicit mistresses, you're absolutely going to be fired regardless of who made the request. double edit; seriously, only do this if the company is making you do it. Don't take it upon yourself to get these results because you believe it's the right thing to do. If HR has a written request, make your boss sign off on it too. Judge Schnoopy fucked around with this message at 16:54 on Jul 18, 2017 |
|
#
?
Jul 18, 2017 16:43
|
|
|
He's not searching for any personal email itself, he is searching for evidence that the gmail account in question was accessed from any specific computer. Efb, because I didn't release there was another page worth of posts The Fool fucked around with this message at 16:45 on Jul 18, 2017 |
|
#
?
Jul 18, 2017 16:43
|
|
|
Companies here have a legal right to anything on their network e.g. personal emails sent from a personal phone on a company's wifi. If not SEKCobra would have found that one weird trick to committing SEC violations scott free. I hope my posts are never found in discovery.
|
|
#
?
Jul 18, 2017 16:56
|
|
|
Judge Schnoopy posted:But no it doesn't prove anything. It proves the person is connected to the account, but not that they did anything malicious. The account is basically "employeeIsAWhore@gmail.com" so I'd say that's pretty incriminating if I find a saved login for it on our company laptops.
|
|
#
?
Jul 18, 2017 16:56
|
|
|
Zero VGS posted:The account is basically "employeeIsAWhore@gmail.com" so I'd say that's pretty incriminating if I find a saved login for it on our company laptops. It's not, though. If you find the computer, the employee still has plausible deniability that they didn't do anything malicious with the account, or it wasn't them logging into it. It could be employee's spouse, friend, neighbor, or coworker who sat down while that employee was off in the bathroom. Are you going to tie the access time to security camera footage? You were right at the very start of this. It's a wild goose chase, and you're not going to be a hero at the end. At this point you're digging a grave.
|
|
#
?
Jul 18, 2017 17:01
|
|
|
Avenging_Mikon posted:I can't remember; are you US-based? For some reason it's in my head that you're in the UK, not US. If that's so, you're 100% correct, but for the US it's definitely different in that a company is within their rights to check browsing history on company machines. I wouldn't do it without a printed and signed copy of the order from my bosses though. I am indeed not based in the US, defacto you'd get into so much trouble in my country for even thinking about doing this aloud that you could probably shut your company down on the spot. But having touched bases with US companies, it just seems unlikely this extent of invasion can be legal even in the US. But obviously IDK, my main point still stands to CYA to hell and back.
|
|
#
?
Jul 18, 2017 17:04
|
|
|
Raerlynn posted:That's needlessly passive aggressive. It's not meant to be, the responses here just give me the feeling that not only are your laws weak (which I knew before) but you guys actually seem ok with it.
|
|
#
?
Jul 18, 2017 17:05
|
|
|
Judge Schnoopy posted:It's not, though. If you find the computer, the employee still has plausible deniability that they didn't do anything malicious with the account, or it wasn't them logging into it. It could be employee's spouse, friend, neighbor, or coworker who sat down while that employee was off in the bathroom. Are you going to tie the access time to security camera footage? You're responsible if you leave your laptop unsecured, and I can still wreck your day over it. Just like if you leave your Wi-Fi open at home and some stranger does something illegal on it... it's still going to become your problem. Plus the person has to be smart enough to pin it on someone else once approached which they might not be.
|
|
#
?
Jul 18, 2017 17:05
|
|
|
Zero VGS posted:You're responsible if you leave your laptop unsecured, and I can still wreck your day over it. I'm pretty sure it was the IT guy who just showed us that he has the means to remotely access everything, he probably planted the evidence! (This is joke, pls no hurt) Also, this is the sorta thing I would CMA with more than just an email.
|
|
#
?
Jul 18, 2017 17:08
|
|
|
SEKCobra posted:my main point still stands to CYA to hell and back. Definitely. SEKCobra posted:It's not meant to be, the responses here just give me the feeling that not only are your laws weak (which I knew before) but you guys actually seem ok with it. I'm certainly not okay with it, but I'd be willing to live with just finding if the account was used on a work computer, because it's specifically not illegal to do so, but the harassment could be illegal.
|
|
#
?
Jul 18, 2017 17:13
|
|
|
Shucks, I've had to sign an agreement at every place I've worked that says upon employer request: 1) If I have a locker or locked drawer, I'll open it for inspection; 2) I will turn over *any* passwords or keys. I'm in the US.
|
|
#
?
Jul 18, 2017 17:13
|
|
|
Zero VGS posted:You're responsible if you leave your laptop unsecured, and I can still wreck your day over it. This is a hosed up response, your head is not where it should be, you should probably take a step back and pay attention to what you're doing. Are you willing to get somebody fired because a coworker did something malicious on an accidentally unlocked laptop? Why are you really doing this? If it's not "Because upper management told me to" and perhaps "I want to prove how much control I have over this environment because I'm IT" or maybe "I want to avenge the harassed female employee", it's your job but there's no loving way I would type a single word into powershell if I were you. Judge Schnoopy fucked around with this message at 17:23 on Jul 18, 2017 |
|
#
?
Jul 18, 2017 17:17
|
|
|
Why don't you just goof off for a bit and then come back and say you did a search but nothing came up, welp.
|
|
#
?
Jul 18, 2017 17:18
|
|
|
Board is wanting an executive summary for recent (and still ongoing) Rackspace email outage. I advised that we just send  and call it a day.
|
|
#
?
Jul 18, 2017 17:20
|
|
|
Re: e-mail goose chase Based on the original post, company equipment may have been used by an employee to harass another employee on company time. I would expect any company that I work for to do the due diligence in such an investigation. I would also expect such a request to be handled professionally with the appropriate authorization, and a search would be limited to company property unless the proper authorities were involved.
|
|
#
?
Jul 18, 2017 17:36
|
|
|
SEKCobra posted:I am indeed not based in the US, defacto you'd get into so much trouble in my country for even thinking about doing this aloud that you could probably shut your company down on the spot. But having touched bases with US companies, it just seems unlikely this extent of invasion can be legal even in the US. But obviously IDK, my main point still stands to CYA to hell and back. The laws in the US, with a few notable exceptions are very pro company - screw the employee. This is especially true in creative industries. A buddy of mine worked for a company as a video game developer, and was developing a small indy game on his own in his free time at home. If he so much as looked into a bug report for his personal project while on break at work the company could have legally laid claim to his personal project for being developed using company resources. I actually saw the contract where that was spelled out in black and white. There is absolutely no such thing as computer privacy in the US when using corporate resources. In the OP's particular case I doubt the information, if found, will ever be used to take legal action against the harasser. Instead what will likely happen is that HR will use the information to show a breach of signed computer policy and arrange for security to escort the harasser out of the building. This is enough to satisfy the company's responsibility for proper handling of workplace harassment, and perfectly acceptable practice under US law.
|
|
#
?
Jul 18, 2017 17:38
|
|
|
Zil posted:Board is wanting an executive summary for recent (and still ongoing) Rackspace email outage. I get this every time a cloud outage happens...  AS SOON AS THIS IS RESOLVED WE NEED A ROOT CAUSE ANALYSIS RIGHT AWAY ok*time passes* *nothing happens and management forgets about it* Oh and speaking of outages, I was busy and asked our support to look at a WSUS problem as clients couldn't see the update server plus I checked the services weren't on. Near the end of the day exchange goes off... I check and see all the exchange services are off someone's logged onto the server, so I call up the tech "Oh yeah I was looking at that issue you mentioned and run some updates since I'd assumed not much would be going on near the end of the day". Yeah dude, lots goes on the entire day and everyone loves sudden no access to their E-mail. Super Slash fucked around with this message at 18:36 on Jul 18, 2017 |
|
#
?
Jul 18, 2017 18:32
|
|
|
Super Slash posted:I get this every time a cloud outage happens... Its shocking how many people patch windows and don't realize that updating services brings that service offline in certain updates.
|
|
#
?
Jul 18, 2017 18:53
|
|
|
We have had an open ticket with a software vendor for 4 years without any replies I just discovered we have a web portal with all our open tickets with this company (I've never had to contact them and only had phone number, account info and PIN so seemed like I had everything). CEO has an account and this ticket was opened by him, there are replies saying the software does not support his request and there are no plans on implementing the requested functionality. He replies very angry that it was closed as the issue is not resolved. This ticket was first opened in 2006, it's over 11 years old, it was last closed in 2012, with an update a year later when the CEO called back to check on it. The 2012 reopen is after silence for over a year with the comment customer called and requested the ticket be remain open.
|
|
#
?
Jul 18, 2017 20:06
|
|
|
At this point don't you kind of just want to see how long it can stay open? See if it will last another 10 years so you can tell new hires you have a ticket older than them.
|
|
#
?
Jul 18, 2017 20:10
|
|
|
|
| # ? Jun 1, 2024 05:59 |
|
|
First thing I did when I started was close the oldest tickets no one could solve. Not sure how to fix that tho.
|
|
#
?
Jul 18, 2017 20:29
|
|