Go Back   English Forum Switzerland > Help & tips > Employment
Reply
 
Thread Tools Display Modes
  #1  
Old 24.10.2015, 14:26
Mr.Maquiavelo's Avatar
Member
 
Join Date: Jul 2012
Location: Zurich
Posts: 247
Groaned at 41 Times in 28 Posts
Thanked 175 Times in 85 Posts
Mr.Maquiavelo has annoyed a few people around hereMr.Maquiavelo has annoyed a few people around here
privacy infringement, now what?

Someone at work broke into my private hotmail email. I have the IP address of the access coming from the office. I checked that the IP coincides with the one of the office. The access happened while I was at the gym and I got a proof from the gym that I was there while the access happened from the office IP address.

Is this a matter to take to the police and file a report? or I have to go to a lawyer?
Reply With Quote
This user groans at Mr.Maquiavelo for this post:
  #2  
Old 24.10.2015, 14:29
Banned
 
Join Date: Jul 2015
Location: Aargau
Posts: 846
Groaned at 322 Times in 159 Posts
Thanked 324 Times in 229 Posts
plumtree is considered unworthyplumtree is considered unworthyplumtree is considered unworthyplumtree is considered unworthy
Re: privacy infringement, now what?

Quote:
View Post
Someone at work broke into my private hotmail email. I have the IP address of the access coming from the office. I checked that the IP coincides with the one of the office. The access happened while I was at the gym and I got a proof from the gym that I was there while the access happened from the office IP address.

Is this a matter to take to the police and file a report? or I have to go to a lawyer?
How did they manage to get into it? Was the computer left on (not blocked) and the account was sitting there open on a webpage?
Reply With Quote
  #3  
Old 24.10.2015, 14:32
Banned
 
Join Date: May 2010
Location: geneve
Posts: 737
Groaned at 328 Times in 142 Posts
Thanked 1,374 Times in 546 Posts
idefix has earned the respect of manyidefix has earned the respect of manyidefix has earned the respect of many
Re: privacy infringement, now what?

Has any damage been done? I have a feeling police won't be interested at all to get involved. Getting a lawyer will be throwing money in a water well...
Reply With Quote
This user would like to thank idefix for this useful post:
  #4  
Old 24.10.2015, 14:38
Forum Veteran
 
Join Date: May 2013
Location: Nyon
Posts: 1,823
Groaned at 61 Times in 33 Posts
Thanked 2,118 Times in 831 Posts
John_H has a reputation beyond reputeJohn_H has a reputation beyond reputeJohn_H has a reputation beyond reputeJohn_H has a reputation beyond reputeJohn_H has a reputation beyond repute
Re: privacy infringement, now what?

Quote:
View Post
How did they manage to get into it? Was the computer left on (not blocked) and the account was sitting there open on a webpage?
Yeah broke in how? and how did you know the IP address? Hotmail sent you a notice of access from an unknown source?

Generally offices will have internal NAT'd IP addresses, hotmail wouldn't (certainly shouldn't) see the actual internal address but instead would see the IP address of your office firewall/proxy/router.. And this means the your computer would appear as the same IP address as all of your colleagues computers..

Here's a suggestion -- what could have happened is that your firewall/router/proxy/provider changed it's IP address, switched from one node to another for any of many reasons .. Hotmail picked this up as a new source?

Unless of course you have stronger reason to be sure, like somebody sent a mail..
Reply With Quote
This user would like to thank John_H for this useful post:
  #5  
Old 24.10.2015, 14:49
Mr.Maquiavelo's Avatar
Member
 
Join Date: Jul 2012
Location: Zurich
Posts: 247
Groaned at 41 Times in 28 Posts
Thanked 175 Times in 85 Posts
Mr.Maquiavelo has annoyed a few people around hereMr.Maquiavelo has annoyed a few people around here
Re: privacy infringement, now what?

Hotmail (I believe other email providers too) offer under the Privacy settings a "See my recent activity" option where you can see the list of IP addresses and locations from where you have successfully logged in into the account. It even shows the failed login attempts and from which IP and locations it happened.

There were two successful sign-in events from the IP address of the office exactly while I was at the gym.

I always leave the Linux office computer account locked. I think they managed to get in, because my email password is saved in the stupid Firefox and it allows to visualize the passwords in plain text to whomever login in the system as you. Since they are root (in Linux) they could temporary change my Linux password, login as me and get my private email password and login.
Reply With Quote
  #6  
Old 24.10.2015, 14:51
adrianlondon's Avatar
Forum Legend
 
Join Date: Nov 2009
Location: Basel
Posts: 8,790
Groaned at 189 Times in 172 Posts
Thanked 24,222 Times in 6,522 Posts
adrianlondon has a reputation beyond reputeadrianlondon has a reputation beyond reputeadrianlondon has a reputation beyond reputeadrianlondon has a reputation beyond reputeadrianlondon has a reputation beyond reputeadrianlondon has a reputation beyond repute
Re: privacy infringement, now what?

Make sure they're showing you the times in the correct timezone.
Reply With Quote
The following 6 users would like to thank adrianlondon for this useful post:
  #7  
Old 24.10.2015, 14:56
Mr.Maquiavelo's Avatar
Member
 
Join Date: Jul 2012
Location: Zurich
Posts: 247
Groaned at 41 Times in 28 Posts
Thanked 175 Times in 85 Posts
Mr.Maquiavelo has annoyed a few people around hereMr.Maquiavelo has annoyed a few people around here
Re: privacy infringement, now what?

Whenever the freaking Firefox ask to remember your password, you are vulnerable.
Reply With Quote
This user groans at Mr.Maquiavelo for this post:
  #8  
Old 24.10.2015, 15:02
BLP's Avatar
BLP BLP is offline
Forum Veteran
 
Join Date: Oct 2014
Location: Vaud
Posts: 674
Groaned at 16 Times in 11 Posts
Thanked 268 Times in 175 Posts
BLP is considered knowledgeableBLP is considered knowledgeableBLP is considered knowledgeable
Re: privacy infringement, now what?

The big question is why? What is in your email that is so interesting?
Reply With Quote
This user would like to thank BLP for this useful post:
  #9  
Old 24.10.2015, 15:03
Forum Veteran
 
Join Date: May 2013
Location: Nyon
Posts: 1,823
Groaned at 61 Times in 33 Posts
Thanked 2,118 Times in 831 Posts
John_H has a reputation beyond reputeJohn_H has a reputation beyond reputeJohn_H has a reputation beyond reputeJohn_H has a reputation beyond reputeJohn_H has a reputation beyond repute
Re: privacy infringement, now what?

Quote:
View Post
Hotmail (I believe other email providers too) offer under the Privacy settings a "See my recent activity" option where you can see the list of IP addresses and locations from where you have successfully logged in into the account. It even shows the failed login attempts and from which IP and locations it happened.

There were two successful sign-in events from the IP address of the office exactly while I was at the gym.

I always leave the Linux office computer account locked. I think they managed to get in, because my email password is saved in the stupid Firefox and it allows to visualize the passwords in plain text to whomever login in the system as you. Since they are root (in Linux) they could temporary change my Linux password, login as me and get my private email password and login.
This is quite far fetched..Of course root can change your password and then login as you .. But root cannot easily change your password back because they didn't know what it was .. Yeah they could decrypt stuff, but during your gym visit? So you'd likely know that your linux password didn't work anymore.

More simply, root could probably take the firefox json.logins and key3.db or whatever and play with them elsewhere..

Sounds like you have more reasons to be suspicious? But it could just be the time zone like AL said?
Reply With Quote
The following 2 users would like to thank John_H for this useful post:
  #10  
Old 24.10.2015, 15:04
3Wishes's Avatar
Moderately Amused
 
Join Date: Jul 2010
Location: Bern area
Posts: 6,522
Groaned at 43 Times in 39 Posts
Thanked 9,155 Times in 4,356 Posts
3Wishes has a reputation beyond repute3Wishes has a reputation beyond repute3Wishes has a reputation beyond repute3Wishes has a reputation beyond repute3Wishes has a reputation beyond repute3Wishes has a reputation beyond repute
Re: privacy infringement, now what?

Quote:
View Post
whenever you allow the freaking firefox ask to remember your password, you are vulnerable.
ftfy
Reply With Quote
This user would like to thank 3Wishes for this useful post:
  #11  
Old 24.10.2015, 15:06
Forum Veteran
 
Join Date: May 2013
Location: Nyon
Posts: 1,823
Groaned at 61 Times in 33 Posts
Thanked 2,118 Times in 831 Posts
John_H has a reputation beyond reputeJohn_H has a reputation beyond reputeJohn_H has a reputation beyond reputeJohn_H has a reputation beyond reputeJohn_H has a reputation beyond repute
Re: privacy infringement, now what?

Quote:
View Post
Whenever the freaking Firefox ask to remember your password, you are vulnerable.
To tell Firefox to never remember usernames and passwords for the current website, click the drop-down menu and select Never Remember Password for This Site. In the future, when you log in to the website you won't be prompted to save the username and password.

If you later change your mind and would like Firefox to ask you to save usernames and passwords for this site, you'll need to remove it from the exceptions list using the Preferences window - Security panel.

Source
Reply With Quote
This user would like to thank John_H for this useful post:
  #12  
Old 24.10.2015, 15:07
me.anon's Avatar
Forum Veteran
 
Join Date: Jan 2012
Location: thun
Posts: 1,451
Groaned at 22 Times in 16 Posts
Thanked 1,759 Times in 868 Posts
me.anon has a reputation beyond reputeme.anon has a reputation beyond reputeme.anon has a reputation beyond reputeme.anon has a reputation beyond reputeme.anon has a reputation beyond repute
Re: privacy infringement, now what?

Quote:
View Post
Someone at work broke into my private hotmail email. . .
Could paranoia play a role here ? : Can an employer check your internet browsing history?
Reply With Quote
The following 3 users would like to thank me.anon for this useful post:
  #13  
Old 24.10.2015, 15:09
adrianlondon's Avatar
Forum Legend
 
Join Date: Nov 2009
Location: Basel
Posts: 8,790
Groaned at 189 Times in 172 Posts
Thanked 24,222 Times in 6,522 Posts
adrianlondon has a reputation beyond reputeadrianlondon has a reputation beyond reputeadrianlondon has a reputation beyond reputeadrianlondon has a reputation beyond reputeadrianlondon has a reputation beyond reputeadrianlondon has a reputation beyond repute
Re: privacy infringement, now what?

Quote:
View Post
Whenever the freaking Firefox ask to remember your password, you are vulnerable.
Only if you leave your session logged in. It's probably against corporate rules to leave your PC/laptop logged in and not password-locked when you go out.
Reply With Quote
This user would like to thank adrianlondon for this useful post:
  #14  
Old 24.10.2015, 15:10
Mr.Maquiavelo's Avatar
Member
 
Join Date: Jul 2012
Location: Zurich
Posts: 247
Groaned at 41 Times in 28 Posts
Thanked 175 Times in 85 Posts
Mr.Maquiavelo has annoyed a few people around hereMr.Maquiavelo has annoyed a few people around here
Re: privacy infringement, now what?

Quote:
View Post
This is quite far fetched..Of course root can change your password and then login as you .. But root cannot easily change your password back because they didn't know what it was .. Yeah they could decrypt stuff, but during your gym visit? So you'd likely know that your linux password didn't work anymore.
Wrong! they backup the /etc/shadow file, change your password, break in and restore the old /etc/shadow file back with all encrypted passwords and you won't notice a thing. No need to decrypt anything.
Reply With Quote
  #15  
Old 24.10.2015, 15:16
Forum Veteran
 
Join Date: May 2013
Location: Nyon
Posts: 1,823
Groaned at 61 Times in 33 Posts
Thanked 2,118 Times in 831 Posts
John_H has a reputation beyond reputeJohn_H has a reputation beyond reputeJohn_H has a reputation beyond reputeJohn_H has a reputation beyond reputeJohn_H has a reputation beyond repute
Re: privacy infringement, now what?

Quote:
View Post
Wrong! they backup the /etc/shadow file, change your password, break in and restore the old /etc/shadow file back with all encrypted passwords and you won't notice a thing. No need to decrypt anything.
Well if you really think that your sysadmins are doing this sort of thing then your company has bigger issues

Like i said sounds like a bigger issue if you think this is going on during your gym break.
Reply With Quote
The following 2 users would like to thank John_H for this useful post:
  #16  
Old 24.10.2015, 15:20
Banned
 
Join Date: May 2010
Location: geneve
Posts: 737
Groaned at 328 Times in 142 Posts
Thanked 1,374 Times in 546 Posts
idefix has earned the respect of manyidefix has earned the respect of manyidefix has earned the respect of many
Re: privacy infringement, now what?

Quote:
View Post
Could paranoia play a role here ? : Can an employer check your internet browsing history?
maybe they finally found the porn stash?
Reply With Quote
This user would like to thank idefix for this useful post:
  #17  
Old 24.10.2015, 15:27
DUTCH's Avatar
Member
 
Join Date: Oct 2006
Location: Wollerau
Posts: 137
Groaned at 3 Times in 3 Posts
Thanked 159 Times in 72 Posts
DUTCH has earned the respect of manyDUTCH has earned the respect of manyDUTCH has earned the respect of many
Re: privacy infringement, now what?

If it is something very important, go to the office management and report it. I am sure they will take it seriously that someone is breaking into a colleagues account. Be prepared to backup your version.

Police and lawyers.... OTT. They cannot even figure out what to do with hackers who are blackmailing corporates, you will be millionth on their list.
Reply With Quote
This user would like to thank DUTCH for this useful post:
  #18  
Old 24.10.2015, 16:29
Junior Member
 
Join Date: Jan 2015
Location: Baden (was) -- UK (now)
Posts: 58
Groaned at 0 Times in 0 Posts
Thanked 30 Times in 12 Posts
electrique has earned some respectelectrique has earned some respect
Re: privacy infringement, now what?

I have another idea! Pretend nothing happened and start saving emails in your account on topics like: "50 ways to kill my colleagues", "how to poison my office mates slowly and without detection", "10 ways to get away with murder in the office", etc.

Make sure they are visible at the top of your mailing list! Then just wait to see the paranoia in their eyes
Reply With Quote
The following 4 users would like to thank electrique for this useful post:
  #19  
Old 24.10.2015, 16:31
Forum Legend
 
Join Date: Mar 2009
Location: Zurich
Posts: 9,168
Groaned at 520 Times in 398 Posts
Thanked 11,921 Times in 4,665 Posts
Richdog has a reputation beyond reputeRichdog has a reputation beyond reputeRichdog has a reputation beyond reputeRichdog has a reputation beyond reputeRichdog has a reputation beyond reputeRichdog has a reputation beyond repute
Re: privacy infringement, now what?

Quote:
View Post
Someone at work broke into my private hotmail email. I have the IP address of the access coming from the office. I checked that the IP coincides with the one of the office. The access happened while I was at the gym and I got a proof from the gym that I was there while the access happened from the office IP address.

Is this a matter to take to the police and file a report? or I have to go to a lawyer?
If you really think it's a genuine invasion of privacy from your workplace then you tell your management or HR for them to investigate and get further information from IT... why would you involve the police or a lawyer at this stage?

Last edited by Richdog; 24.10.2015 at 17:29.
Reply With Quote
  #20  
Old 24.10.2015, 17:18
MrVertigo's Avatar
Forum Legend
 
Join Date: Feb 2010
Location: CH
Posts: 3,061
Groaned at 77 Times in 65 Posts
Thanked 5,269 Times in 2,054 Posts
MrVertigo has a reputation beyond reputeMrVertigo has a reputation beyond reputeMrVertigo has a reputation beyond reputeMrVertigo has a reputation beyond reputeMrVertigo has a reputation beyond reputeMrVertigo has a reputation beyond repute
Re: privacy infringement, now what?

This is a corporate policy or corporate values infringement and you should therefore involve the IT security dept and/or HR if you think that this is serious stuff and that you have enough evidence. Don't see why police or justice should be involved at this stage.
Reply With Quote
This user would like to thank MrVertigo for this useful post:
Reply




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Had interview - now what... drmom Employment 14 27.10.2013 21:53
Yatedo privacy infringement Mr.Maquiavelo Complaints corner 13 17.12.2012 18:08
Broken ankle #3? - now what?! Scarsdale Family matters/health 8 29.08.2011 18:32
Prison for Parking infringement?? River10 Permits/visas/government 23 25.08.2010 17:28
Reasons to maintain your privacy and watch what you post.... Lob General off-topic 13 07.06.2007 17:45


All times are GMT +2. The time now is 01:57.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2016, Jelsoft Enterprises Ltd.
LinkBacks Enabled by vBSEO 3.1.0