email question
Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: email question

  1. #1
    Junior Member
    Join Date
    Mar 2004
    Posts
    3

    email question

    I have a question about emails. I believe someone is reading my email that I receive at work and opening it with their home computer. Is there anyway I can tell? We were told to give our passwords to the assistant (just in case our superiors needed to access our computers if we were out of the office) and I think that this person got my password.
    I know this is a strange question.
    Conversations that I have had with this person make me believe that he is reading my mail.
    Can someone help me out?

    Thanks

  2. #2
    There's no way to find out that I know of, from the user-end anyway. Your mail should be sitting on a mail server at your office, and this "assistant" must then have administrative access to that server. Since you won't have such access, you can't hop on the server and see who's reading it. Best thing to do in this case is just have no secrets to keep, unless some of your business mail is highly sensitive, in which case you need to consult someone else higher up the chain of command. If not, just make sure you keep all your personal mail/mail you don't want read run through another e-mail service.

    Best advice I can give. Can any of you more experienced AntiOnliners improve upon this?

  3. #3
    Senior Member
    Join Date
    Oct 2001
    Posts
    186
    You can take this issue up with your admin. He/she should be able to tell you what computer in the office that your mail is going to or if it is an outside network request. Most likely what he'll have you do is change your password and have you not give it out.
    Ben Franklin said it best. \"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.\"

  4. #4
    @ΜĮЙǐЅŦГǻţΩЯ D0pp139an93r's Avatar
    Join Date
    May 2003
    Location
    St. Petersburg, FL
    Posts
    1,689
    There are two things you can do, report it to an admin, and encrypt any personal email.

    http://<a rel="nofollow" href="http:...k/pgp.html</a>

    As far as end-user detection, there really isn't much that you are going to be able to do. You might try sending yourself something that you think he'd read, and then when you check your mail, see if it's marked as read.
    Real security doesn't come with an installer.

  5. #5
    Junior Member
    Join Date
    Oct 2003
    Posts
    14
    hi ,

    For official purpose report to u r adminmistrator(safety on u r side).
    change the password first.
    which mail server u r using.(pop3/smtp) or any free mail service
    such as yahoo,rediff,hotamil...
    The mail server is maintained in u r office.

  6. #6
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Lucy,

    There is a little trick involving creating an HTML email that tries to get a page or picture or anything from a website you control. The website logs every request sent to it. So if you send yourself an email with a nice "juicy" title that will attract the potential reader's eye and curiosity that has a link to the site then you will be able to see the IP address, date/time etc. that the email was opened from. From there it will probably be fairly easy to determine who is doing it because they are probably not really trying to hide their activity.

    This may sound all a little complicated but maybe you have a friend who is a bit "geeky" like us who can set this up for you.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  7. #7
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,403

    Re: email question

    Originally posted here by lucy
    We were told to give our passwords to the assistant (just in case our superiors needed to access our computers if we were out of the office) and I think that this person got my password.
    Ouch! Don't you have privacy laws that prohibits this?

    Just change your password and do NOT give your password to ANYONE.
    If they need to access your computer when you're not there they can ask any administrator to give them access. There's absolutely no need for anyone else to know your password.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  8. #8
    They call me the Hunted foxyloxley's Avatar
    Join Date
    Nov 2003
    Location
    3rd Rock from Sun
    Posts
    2,528
    the sneaky side of me sides with Tiger, but SirDice just shades it for practicality. When you gave the pass to the assistant, did they store it on the system, or write it down on a post-it &lt;LOL&gt; change pass NOW, admin can always access if required, as SirDice says, 'there is NO reason for anyone to know'
    55 - I'm fiftyfeckinfive and STILL no wiser,
    OLDER yes
    Beware of Geeks bearing GIF's
    come and waste the day :P at The Taz Zone

  9. #9
    Junior Member
    Join Date
    Mar 2004
    Posts
    3
    The passwords were written down and put in her file, somewhere. It's strange, I don't want to accuse anyone of anything unjustly if it truely is unjust.... I would love to know for sure before bringing it the administrator. This person could make my job very difficult if it is unfounded. Sticky situation. What is Tiger talking about? Is this something I could do on my own?
    Thanks for all the advice and help. You all are wonderful!

  10. #10
    The passwords were written down and put in her file, somewhere. It's strange, I don't want to accuse anyone of anything unjustly if it truely is unjust....
    How would you know this?

    I would love to know for sure before bringing it the administrator. This person could make my job very difficult if it is unfounded.
    That person could. But all you have to tell the administrator is that you think your current password hasn't been changed in a long time and for security purposes you want to change it. He/she will gladly explain you how to change the password for your system.
    Secondly I would ask for an alias, where business critical messaging should be sent to if you are not *available* instead of the direct e-mail adres. This way you can fetch internal e-mail in your own account and can use informal phrasing without jeopardizing the company you work at and maintaining your privacy.

    Sticky situation. What is Tiger talking about? Is this something I could do on my own?
    Thanks for all the advice and help. You all are wonderful!
    Depends how good your skills are. You could use HTML coding in a e-mail to your address which you think could be sniffed (term of east-dropping in wizard language) using simply in the plain-text with &lt;IMG SRC="www.some-domain-you-can-admin.com/nonexisting.jpg"&gt;&lt;/IMG&gt; and refer to an non-existing image on a webserver where you have access to the weblogs, then search for the GET action to the non-existing image. There are many ways, but you should (according to my opinion about your *programming* skills) contact *wizardly* friends who will help you with the technical concept.

    Hope this helps.
    ---

    1 line FAQ writing \"Don\'t do that, than!\"...
    [gloworange]Shaolin Munkwarrior[/gloworange]

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides