THANKS....not suspended for internet/email misuse

Nilrem

When you access a website it can leave dozens of cookies - if for example the website has a banner ad that can leave a cookie (every banner ad/pic could leave a different one), doublick.net for example is a common advertising company who provide the banner ads for thousands of different sites.
You can even gain a cookie from an image you may not see - one method of tracking visitors to a site (by a third party) involves a 1x1 pixel image, small enough most people will never see it but it still requires the computer to load it up, and thus get a cookie.
There is no real limit on how many cookies a single site might generate, as if you visit a site with a lot of adverts/images it could end up with a cookie for every image, plus the site itself.

The [3] or whatever number indicates there is more than one cookie related to that site (Windows basically goes cookieA, cookieA[1], cookieA[2] etc).

I'm not sure how the hits work, but suspect that is the case, everytime you see whatever content/site created the cookie it counts it up (which in the case of advertising cookies could very rapidly mount up).

I would ask for more details, as a list of cookies doesn't (in my opinion) prove anything on a machine that may be shared, unless they can tie them down to times when you were the only person at the machine or depending on how locked down the machine is, your user account (although by the sounds of it user accounts were probably not strictly enforced so are probably not tied to a single person as well as they should be).
It's worth noting for example that Ebay.co.uk uk cookie hasn't been accessed since December, whilst the doubleclick one has been in the past few days (as it's advertising it could come from anywhere, literally).

I however am no expert in this field, most of what i've learned has been picked up in fixing machines that various people have bust

peter999

the_prophet wrote:

I have been charged with accessing my managers email which I have not. The computer terminal I use can be used by other people and my managers also use it.

the_prophet wrote:

Dear all, have some knew information I wonder if anyone can help
A print out of internet usage has now been supplied and it makes very interesting reading but don't understand so much of it. I have been given a list of internet access and it reads like this.

COOKIE NAME ...........................LOCAL FILE ...........................LAST ACCESS TIME.........HITS
ebay.co.uk.......................****@ebay.co[1].txt......................16/12/2006 14.07.57.......2350

What's all this got to do with you seeing emails on someone elses computer ??
Who provided this information, what is their expertise & training ??
Are they independent ??

The other alllegations sound like lies to exagerrate their abuse claim.

I would get a Court Order to get a clone copy of the relevant computer for independent analysis.

Sorry to be so melodramatic, but it sounds like you are being stitched up like a kipper !!
They need to provide evidence of abuse directly connected to you.

peter999

3plus1

I'll try to explain this in simple terms, as I appreciate you're not best fond of technology.:)

Every time you view a website, your computer makes a note of this. If there are any banner ads on the website, often your computer makes a note of this too, even though you haven't clicked on them and gone off to see a whole other website.

Now, it is possible to delete the list of all the sites you've seen. In varying levels of computing genius. However, generally speaking, a specialist IT person can dig deep enough to find out what it is you did. This is why tech geeks hate selling on their computers and often destroy the bits inside.

If you would like to PM me the full list of websites that the company sent you, I might be able to shed some light on things for you.

But really, if you've done nothing wrong, don't let the company use your lack of computer knowledge to bully you into leaving a job just because someone has a grudge.

DKLS

I had a similar thing, I was hauled in front of the MGT for "abuse" of email policy, they had a huge pile of emails that I had sent. They were very serious, and said it was a sackable offence, I reminded them who brought in the most money for RBS every month, and said I would be happy to leave if that was what they wanted. After that they left me alone to my emails. If you do your job whats the problem?

the_prophet

thanks so much averyone..... this has all been so helpful. I think the company is trying to blind me with science and I am useless..... The ** emails turned out to be ** and of these there are only three that I cannot explain. I was in the office on these days but did not/would not access managers email. Yes I have been on the internet but the evidence they have provided seems bizare to say the least... I am feeling a bit more resolute about things, especially when I gain knowledge to understand things a bit better..... lets see what today brings....... have a good day at work everyone!!

wickedwitch_2

Hi Prophet

I suspect you are right that they are trying to blind you with science. In order to know how to best defend yourself here can you tell us how big your company is? Are they likely to have called in specialist computer forensic experts like Vogon or have they asked the bloke from IT to dig around a bit? If it's the latter they will probably have a job proving anything as it is likely that said bloke will have largely compromised much of the evidence and probably isn't sufficiently skilled (or qualified) to interpret it.

For example, if computer abuse is suspected the pc must not be switched on under any circumstances or used. A special device and software is used to take a complete mirror image of the hard drive and that is interrogated, not the original pc. Switching on a pc leads to lots of internal files being overwritten and updated which can cause problems in evidence gathering.

How do you log on to the pc? Do you each have a password and user id or smartcard? Can more than one user log on at the same time- ie one goes to lunch still logged in but you can log in too?

How on earth can they tell that you have looked at someone else's emails? Did opening the emails trigger a read receipt? How do they know that you were surfing when the cookies were downloaded?

Sorry for all the questions but I'm finding it a bit difficult to understand what their evidence is, other than a few cookies, and how they have gathered it. I'll try and help if I can.

MORPH3US

OP, if you haven't done what they are saying you have done then don't worry, it'll be ok.

The best thing you can do now is ask them for ALL the evidence they have including times and dates of the alleged offences so that you can prepare your defence as you are baffled by their claims a vehemently deny all of them....

M

the_prophet

Hi Wickedwitch, many thanks for your input. The organisation has grown substantially within the last year and we have gone from homeworking into an office set up with I would guess about 12 offices through out the coountry and around 7 people per office. The company is not a big player... it is not the IT industry (quite the opposite) but we have a database that is linked per region and have microsoft email.
There is an IT company that is employed and they have set up all the offices, fix the computers when they break etc... and for example if there is a problem on a particular computer they can look at it remotely and give advice on what to do and even fix it. I think they have asked the IT company to dig around as you have sugggested and come up with evidence to suspend me. I would imagine that all the terminals have continued to be used purely from the fact that the last access time is 19th February and I would have been suspended for nearly 3 weeks.
To get into the PC I would normally switch on, punch in a user ID... which was all the same for everyone on all the computers in the offices in our region.... and punch in a password..... which was all the same for everyone again and this would get me into the terminal. Then to get to the database it would be the same access and password for everyone and for the email it would be our christian name plus 1st initial and then the SAME password for all again. However we were asked to change this in the new year after 10 months of operating this way. out of the four terminals in the office, three would have to be on whether there was anyone working from them or not so that we could get printers to work and get the actual office database to work as there seemed to be a main terminal that had to be on for anything to work at all. This was my colleagues computer.
As far as the emails go this is still something I do not understand. When our managers would come down to the office they would sit at the free terminal (usually mine as I work part-time) and do something that would then put all their own settings onto that terminal. Likewise I could go and work from another office and punch into the address bar WWW. something/exchange/and then my own name... and this would then get me into my email and database. What would sometimes happen is that when I went onto 'my' terminal after they had been on, I would click on the email icon and their emails would automatically come up, I have inadvertenly clicked on the odd email as it was impossible to tell whose email it was... I even remeber last summer the first time it happened and I actually phoned the IT company and said I couldn't get into my stuff because my managers stuff was on the PC. They then told me how to log it out and get back into mine. But the company are saying that this is not how the emails have been accessed and they have taken these times into consideration. They have said that whilst I was at my terminal I have dropped down the address bar and put in WWW.something/exchange/managers name..... which would have got me into their system and of course the password is all the same. Now whilst i admit how ridiculously easy this would be to do, I swear I have never done it. From the original accusation of ** times I was supposed to have done this, they are now saying it is ** times of which I was not in the office * of those times, I might be able to explain away a further three.... however it would be going on the basis of switched on the computer and their stuff was already there.... and I cannot explain 3 occassions other than toilet, making tea etc.... photocopying. But then that would put the onus onto my colleague and I don't think for one minute would she do any such thing. The print out I have had for this is date and time USER_1234567 managers name@.

The cookies question is a good one as I have learned that cookies can be downloaded without even going onto a website and some of them are completely unrecognizable.... I have looked at the data meticulously today and out of the ***cookie items it seems I was only present for ** of them. Of these I recognise and was present for ** of these cookies and ** of these sites I would use for work with possibly another four, * sites, were accessed by more than just me (manager has these accoints) blah blah blah..... i have actual deconstructed the whole thing to the fact that I have accessed * sites absolutely down to me with a total of * hits each...... however that is if I am understanding the data correctly. It definately looks like this printout is for all the internet usage from the office and not just the terminal I work from as there are quite a few cookies from other sites.
The accusation I was given at the suspension meeting that I deleted my history If anyone has got to the end of this post I thank you so much for reading it and I would buy you a beer if I could!!!!!!!!!!!!!

raq

shameless-about-money wrote:

Two women took their employer to court last year because they were sacked.

They worked from 10 - 4 Mon to Fri.

They had sent 360 emails each way to each other PER DAY!

They were sacked. They took them to an Employment Tribunal and actually won their case.

I wouldn't have employed them either, they are supposed to be there to work not to talk on the net all day long.

My god, there are loads of them out there. Couple of years back we had a couple of temps on our department and that's all they done all day. Managers cottoned on as they could see exactly what they done all done. Work for a huge company so i.t. information was on hand straight away.

Yes I agree we all use it now and again but that was taking the mickey. Since this incident we could only go on the net break times. Think now adays alot of people now got their own computer at home

wickedwitch_2

Hi Prophet

Thanks for the info. My short answer is I think your employer will find it very difficult to prove you did anything, though I'm sure they will try. The systems would appear to be totally insecure and the audit trail facility laughable.

It may be worth your while having a look at www.vogon.co.uk. They may be able to offer you some advice. Try dropping them an email, they might want to charge you for any detailed advice but it's worth a try. No, I don't work for them or have any connection with them but they have a good reputation.

You could also dig round on google and see if you can find any forums or messageboards dedicated to computer security. I haven't time to look I'm afraid but you might find some very knowledgeable people who can help.


Think about seeing a solicitor at one of those free sessions. They may not be an expert in employment law but should be able to advise you on how to get your employer to set out the case against you to an acceptable standard and clearly set out the evidence they think they have. Perhaps a solicitors letter asking them to do this might make them think carefully about it as I can't see how open terminals, shared passwords, lists of cookies and the internet access history for the whole office would stand up in an employment tribunal!