privacy

John Chambers jc at trillian.mit.edu
Mon Dec 10 14:48:23 EST 2001


> | Many companies do look  closely  at  people's  Internet  usage.   During  a
> | previuous  contract  at a certain defense contractor, I know one Unix admin
> | who was fired based on his use of the Internet.  Even when one ran  telnet,
> | the  telnet  proxy  came  up  with  a  warning that this was to be used for
> | company business only.....
>
> | Additionally, I was supposed to be writing device drivers.   I  was  denied
> | root  privs  on the workstation I was using to write the device drivers (as
> | were employees).  After 6 weeks of haranguing the IT people, they relented,
> | but  then  went to security.  The rule was that I could have root priv, but
> | only when an emplyee was watching my keystrokes.  I left at the end  of  my
> | contract  eventhough  this  could have been a long term deal wich also paid
> | relatively well.  Too restrictive and too much crap.  Another company which
> | also  did  government  contracts complained about my email volumes, since I
> | did get a lot of bounces from majordomo.
>
>
> A couple years back, I was working at GTE labs (RIP), and in response
> to a message on this list, I looked at a web site that had a cute bit
> of satirical humor.  I showed it  to  a  couple  of  others;  we  all
> laughed; then we went about our business.
>
> After a couple of days, I realized that maybe I  had  done  something
> that  could  be a problem.  The site was primarily a porn site, and I
> had looked at it using an NT system, one of  several  workstations  I
> had for testing web pages.  Thereafter, every day at midnight it went
> back to the site and downloaded the main page.  When I came in in the
> morning, there was often a highly pornographic image on the display.
>
> We did have a bit of fun with this.  Part of the discussion  was  the
> fact  that,  to  anyone monitoring my web usage, it looked like I was
> sneaking in every night and, exactly at  midnight,  downloading  some
> pornography.
>
> We never did learn how this was done.  We  found  that  it  could  be
> stopped by disabling all "scripting".  But the machine was being used
> for testing web pages, to make sure they worked on various  browsers,
> so that wasn't an option.
>
> We visited the page on a number of other machines, and found that  it
> only  "worked"  with windows.  We had Sun, HP, AIX, and several linux
> machines, and none of them ever downloaded the pornography.   It  did
> cause  some  consternation  in the lab, after we tried it on machines
> with various releases of Windows installed, with  predictable  impact
> on people who were in the lab early in the morning.
>
> At GTE Labs, this sort of thing wasn't a problem (other than  in  the
> technical  sense  of  "What  the  hell's  going  on  here?") In other
> companies, it could easily get you fired.
>
> One thing that did come of it was that I and  a  few  others  learned
> some  interesting  things  about  what could be done with javascript.
> I've kept a demo for the edification of readers:
>     http://trillian.mit.edu/~jc/demo/ImgPreload.html
> I've found this a useful example in a number of discussions about how
> you should configure your browser.  One of the first things I do on a
> new machine is to turn off java and javascript.
>
> (I've forgotten what the site was, and don't know how to find it.   I
> wonder if anyone might know. The original pointer was to a picture of
> a young woman wearing not much  more  than  a  linux  t-shirt,  in  a
> machine  room.   They  probably don't have the image any more, but it
> could be interesting to see if their trick could be diagnosed.)
>




More information about the Discuss mailing list