Spying

[Pablo H]

I would like to ask this question because I dont know too much about PC's, e-mail accounts etc.

Is it possible, if someone had my e-mail address, to launch some kind of spy program that enables them to enter my mailbox or observe the contents without obtaining the password?

The reason I ask is that I think someone is lurking in my mailbox, I am not paranoid, really Im not! When trying to compose e-mail I sometimes get messages from the host saying I have to re-login etc.

Can anybody help me with this, is there software I can download to trace the person who is doing this?

Thanks in advance to anybody who may be able to answer my query.

[Explorer]

Are you using dial up? What type of email account do you use?

Explorer

[Pablo H]

As I say am not computer savvy but yes I think I am connected to a network, the admin uses a dial up connection.

[Wolfie]

Its highly unlikely that someone is "spying" on your email account.

If you use one of the web based email accounts, the "relogin" problem your facing is probably to do with the session timeing out. If the account is left idle for too long, the server will end your session automatically, which means the next time you try and do something you will have to log back into the system.

Its not really possible to access someones email account unless you have the password, if your really not sure about the integrity of your account make sure you change the password often, every 30 days or so, until your happy that your email account is secure.

It would be a good idea if you checked your system for viruses and spy-ware, you can find links by doing a google search. The one i would recomend for removeal of spyware/adware would be spybot - search and destroy - http://www.safer-networking.org/en/index.html.

Hope that helps

[Pablo H]

I use yahoo.co.uk

[Pablo H]

Explorer,

I know about the "timeout" and understand that if I leave the account idle for 20 mins or so this will happen, however, I logged in before, composed a message within 2 mins, then got a message to log in again.

[Explorer]

I use yahoo.co.uk

don't worry, no one is reading your email unless you are exchanging secret govt information with connections from iraq or any middle east countries.

Explorer

[h90]

I use yahoo.co.uk

<{POST_SNAPBACK}>

for yahoo I don't know. But I had once a customer who did not pay a nice amount of money and gave his email adress (it was hotmail) to a friend in East Germany and he mailed me back the log in data 30 min later, the hotmail account was hacked.

But he told me he can not do it with Yahoo, but maybe someone different can do.

As well there are lovely spyware programs which reports every key you press and send it to someone, also the passwords.

Of course also the Admin can trace what data are flowing arround.

So Spyware scanner first. Than login only over a secure page (SSL), than change your password in something really difficult.

Last but not least the pages you read also emails may remain in the Webbrowsers cache (I read one of my salesguys emails already from the cache of her computer and found out that she was cheating the company).

cheers

h90

[Pablo H]

Ok, now downloading that link for the Spy remover, thanks for your help chaps.

Cheers

Paul

[bkk_mike]

Explorer,

I know about the "timeout" and understand that if I leave the account idle for 20 mins or so this will happen, however, I logged in before, composed a message within 2 mins, then got a message to log in again.

<{POST_SNAPBACK}>

How are you attached to the Internet.

If it's through a company network, it is more than likely that it is a problem with the office proxy server. Especially if it's a large company and they employ multiple proxy servers, which would mean that you don't necessarily appear to have the same IP address to Yahoo that you had when you logged on.

The other fairly likely possibility is that you've left a cookie with your login on it on another PC, and when someone using that PC goes to Yahoo (or if using Yahoo Messenger, just logs in...), it's logging it in automatically. (This is not necessarily someone purposefully reading your email). - To clear that, you could try changing your password, or simply checking other machines you've logged in on recently to make sure they're not running Messenger.

[Darknight]

Of course we can see and change everything

How would you like to do the work otherwise ? the admin is the admin everywhere, and has full rights on everything.

Of course good admins refrain from unethical practices..

[Pablo H]

I have installed a firewall, know when I access my mail account there is a message saying a "kernel" has been blocked. What does this mean? Also, I got a message telling me there was "a problem accessing my account" when trying to delete messages I had sent.

Does anyone have any idea whats going on here?

[Crushdepth]

Of course good admins refrain from unethical practices..

A lot of employers don't though, its quite common for personal email to be read by your employer, particularly if they think you're up to something. I've seen this a couple of times - once when a a woman was harassing another one at work, and she'd put in a complaint so they were collecting 'evidence' that was later passed to the police. The other one was a couple of people got into a dispute over pay with their employer - a legal office - who decided they should go. Naturally they were bitching about people in the office and it was pretty easy for their employer to find some fairly horrible things in their email that were used to justify getting rid of them.

Government departments and larger or more paranoid companies may also sweep their employees email for keywords they consider interesting to try and catch people leaking sensitive info. A friend of mine does this for a living in Oz.

[Darknight]

Of course good admins refrain from unethical practices..

A lot of employers don't though, its quite common for personal email to be read by your employer, particularly if they think you're up to something. I've seen this a couple of times - once when a a woman was harassing another one at work, and she'd put in a complaint so they were collecting 'evidence' that was later passed to the police. The other one was a couple of people got into a dispute over pay with their employer - a legal office - who decided they should go. Naturally they were bitching about people in the office and it was pretty easy for their employer to find some fairly horrible things in their email that were used to justify getting rid of them.

Government departments and larger or more paranoid companies may also sweep their employees email for keywords they consider interesting to try and catch people leaking sensitive info. A friend of mine does this for a living in Oz.

<{POST_SNAPBACK}>

Verry true Crush, unless their are strict privacy laws it's nearly impossible to keep the employer or his assistants from viewing or recording something. It is in the end THEIR system. In Belgium here we have such laws but it doesn't stop a employer using this information, it merely stops them from using it in court. You just get sacked for another reason.

As a Network consultant myself i have access to a lot of customers and their info even remotely from the other side of the world. I regard this priviledge on equal status to Doctor/patient relationship and treat it like that.

Of course when you're asked to print reports on internet usage or mails you can't defend the users privacy against your customers right to know what's been happening on his system , i've got to make a living also.

I usually warn all users that everything they do is/can be logged. They should refrain from unauthorized usage, unless at their own risk.

We even found a child pornography user once who was immediatley reported to the authorities. he lost his job immediatly, his pension, went to court ect...

Up to you they say in thailand

A funny anekdote:

I blocked some pornographic words on the firewall once to stop people from opening sex related pages. one word i blocked was A-nal.

A week later the president of the company came to complain that he couldn't open a page called (example www.shell.com/analyze.htm )

we said oeps , had a good laugh and removed our block immediatly

This president surely freaked out when he saw a warning:

"You're viewing content not allowed in this company"

The trick is to have your admins sign confidentiality agreements in their contract.

[cojones]

you dont say where in the world you are so how can we know for sure?

however in LOS its likely .

they block posts to google newsgroups .

posting from a internet cafe i have never managed to make a successfull post to a google newsgroup when in LOS. and these were not in any way newsgroups of a dubious nature ;