Please be careful looking at this board from work

wherediditallgo

It's been known for some time that employers can check what sites you look at using their equipment. I returned to work this week after two weeks' annual leave, & found a letter on my desk from IT regarding inappropriate use of my pc! When I asked when this was supposed to have happened, some of it was on dates that I've been at work but most of it has been when I haven't been there, either because I hadn't got to work yet or I'd gone home, or I wasn't in the office that day at all. The letter isn't any kind of disciplinary (apparently, lots of people got them), just to let me know that they've seen the usage & aren't happy with it. I've got no way of knowing who did it, but I got one of the IT guys to come up on Thursday & change the set-up, so that if anyone uses it in my absence they'll have different access rights to me & anything they do on the internet will be on their general user profile rather than coming up as if it was me. They're going to send me something in writing to confirm the dates at issue, at which point I'll reply confirming the dates/times I wasn't at work & pointing out that I can't be held responsible for what happens when I'm not there.

The person who used my computer even had the nerve to install software on it but not put a shortcut on the desktop, so but for me having cause to dig around the computer this week, I wouldn't have known it was there for ages. Luckily, I know how to look at the history, the registry & other parts of the system you can't easily see, so I've taken screenshots & printed bits of the relevant sections & will also be sending that info to them, then either they can remove it or I will.

So, if you're the only user of your system/computer at work, or are one of the many people who probably knows more about the workings of a computer than your boss , you might be OK. Likewise, if your employers know about your situation, ask them if it's OK to look at the site during the day unless you already know they don't mind staff looking at the internet from work. But if you know they have concerns about internet use & you haven't told people about what's going on with you, please don't leave yourself open to being questioned & having to reveal your private business. Do what you can to leave as little record of your MSE use as possible, & look in your breaks if you look at all, plus restrict access to your computer so that you don't get blamed for other people's doings.

Richard_S

Hi Wdiag,

There's some useful information there, and I recently had a similar experience. I changed jobs about six weeks ago and I deleted all my Favourites/Bookmarks and then went on Google and found the relevant sites, and lo and behold, it was still remembering my username and passwords.

I logged off, and then asked one of my colleagues to log on to my computer to see if they could access my sites through their user name. The fisrt one she chose was ebay and it came straight up with with my username and password; straight in.

I know I should have realised that it was Window that had memorised them for me, but it'd completely slipped my mind; it took me quite a while to figure out how to get Windows to forget them. It wasn't just as easy as deleting history, cookies and the usual precautions that you access through Internet/Browser options.

Regards

Richard

maxmycardagain

also, be wary on holiday if you use a cybercafe, dont leave passwords on the pc, i once logged onto my bank in a bar in zante and my wife came running in, it seems a set of screens outside showed what i was looking at on my terminal!

maxmycardagain

i also found some AOL page that tells me what others have searched for, giving a an AOL user ref but in some cases a name too!

wherediditallgo

Richard_S wrote: »

Hi Wdiag,

There's some useful information there, and I recently had a similar experience. I changed jobs about six weeks ago and I deleted all my Favourites/Bookmarks and then went on Google and found the relevant sites, and lo and behold, it was still remembering my username and passwords.

I logged off, and then asked one of my colleagues to log on to my computer to see if they could access my sites through their user name. The fisrt one she chose was ebay and it came straight up with with my username and password; straight in.

I know I should have realised that it was Window that had memorised them for me, but it'd completely slipped my mind; it took me quite a while to figure out how to get Windows to forget them. It wasn't just as easy as deleting history, cookies and the usual precautions that you access through Internet/Browser options.

Exactly, Richard. The security measures we take on our home pc won't necessarily work on a work system that could be networked through hundreds of users, & may have central administration running from an office nowhere near where we actually work. I make sure I don't save any passwords on my work system, I never look at my internet banking from there & if I have to pay for something online from there (very rare), I use a different browser & remove all trace of the transaction once I have confirmation that it's gone through.

Praxis99

In one of my former jobs in a college, I used to get regular reports from the IT dept concerning the online 'habits' of some of my students whom on occasion had to be disciplined as a result (some of the sites beggared belief). This was despite my warning them that since they all had a unique access code the system could easily track where they had been on line.

As a consequence I have always been very circumspect when using a work PC in a 'corporate environment' (as opposed to the one man and a dog setups I have also worked in where anything goes!) and would for instance not use one to access my online bank account or anything similarly sensitive.

As for your issue WDIAGW I am surprised since if your IT dept is sufficiently on the ball to track user behaviour I would have thought they would also would have been issued with a unique access code so that even if someone uses your workstation it wouldn't be flagged up as been you.

wherediditallgo

Praxis99 wrote: »

As for your issue WDIAGW I am surprised since if your IT dept is sufficiently on the ball to track user behaviour I would have thought they would also would have been issued with a unique access code so that even if someone uses your workstation it wouldn't be flagged up as been you.

We all have our own individual passwords. However, (a) people often leave their computers on when they leave the office for a few minutes (eg for lunch, go to another department/building etc) & (b) there's a general access code that anyone can use. Many staff with their own log-in will also use the general one if someone's using their computer when they come back to the office as it's quicker than using your own - if you've been off for a few days off & need to check something quickly, it takes too long to look in your bag for a reminder of what your own one is (the system makes you change your password every so often, so if you haven't used it for a few days, it's easy to forget what it is). The stuff on my own log-in is being questioned to a smaller degree because I know that I & most other staff do regularly leave our computers on when we're not at our desks, but it's mainly on the general log-in where there's a problem. For my own protection, I won't be leaving my computer logged in when I'm not physically in front of it ever again, & I'll have to stop using the general one too.

Praxis99

The problem would seem to rest with the IT dept in terms of how they have set up the system security. there would seem to be little point in giving users an individual password if if can be circumvented by using the general password. I know they have done this to try avoid numerous queries from users how have forgotten there log on, but it does leave the system wide open to abuse. If I worked for your company and i wanted to cover what I was looking at online, I'd pick a PC away from usual work area and log on via the general password.

As for system users been able to install software this is normally a very big no no and they should look to lock the system down more securely to prevent this (again in one of my many jobs, I once worked for a training company where every PC had full admin access and they wondered why they were getting problems!

johnny_storm

A lot of these logging packages just work via the IP of the computer and not by who is actually logged onto it.

Any company concerned about what people are looking at should have an IT policy which spell out what is and isnt allowed.

wherediditallgo

They do, but the size of the organisation means it's adhered to when people get pulled up for breaching it rather than people adhering to it automatically. It's like someone being told they've got to be in for 9am - they know they should be, but if their boss is never in before 10am & no-one has reason to look for them to make sure they're in on time, it won't be long before they start coming in around 9.15am or even later.

Certain sites aren't accessible between certain hours (presumably because those are the busiest times of the day), but outside those hours, it's pretty much a free-for-all. I've seen people going online to do their supermarket shopping, look at the housing market, look for good insurance deals etc, even eBay to check their auctions or put in a bid. My usual sites to look at when I'm at work are MSE or HotUKDeals, & check my personal e-mail, nothing remotely dodgy, but I know that someone in another organisation that we work with got sacked a few years ago for downloading !!!!!! :eek: - why anyone would do that at work is beyond me. Their defence was that the internet policy didn't say you couldn't do that!!

System

I always access the internet from work using 'portable apps' from a USB stick. Nothing gets left on the machine at all. All passwords, cache history etc are all contained on the USB stick.

This is a machine used by about 20 people so there is none of my info on the PC to be misused