Specific text typed

[popotech]

hello all,
well i have a user on my network sending some nasty posts to a forum about things they shouldn't be posting. the thing is that they are emailing these posts in, i did a exmerge for specific text and didn't find anything? ohh, we are using exchange 2000 and i have no idea who is sending these posts.

popotech

 

[Davetoo]

How do you know that your user is doing this?

I'm Certifiable, not cert-ified.
It just means my answers are from experience, not a book.

 

[popotech]

it's only a gut feeling but i'll exmerge their pst's and to file that matches the text i was searching for and didn't find anything. i am 90% sure i am doing the exmerge correct. the good news is if i'm doing it correctly no one sending anything out.

 

[Davetoo]

Well, I'm still confused...you said they were posting stuff on the Internet, but you don't have any proof of this other than a gut feeling? We normally don't operate on gut feelings because we're bound by certain company rules as well as legal precedents.

Since you are in theory reading users email, you'd better confirm your company policies permit this and that the users are aware that you have this capability. Some legal jurisdictions require employee notification of such events prior to them occuring.

I'm Certifiable, not cert-ified.
It just means my answers are from experience, not a book.

 

[popotech]

when your boss tells you to do something you do it right? i always thought that is how modern business operated, anyways i am not reading anyone's mail, what i am doing is a search with exmerge to see if certain text appears and if that search yeilds no matching text then the pst (of the users) has nothing in it. i was simply posting to see if their was another way to go about it or if i was missing something. thanks for the reply's.

 

[Davetoo]

Your boss may be telling you to do something that can end up with you in trouble and not him. So no, if my boss tells me to do something that might not be legal, I'm not going to do it.

If you ran your exmerge looking for specific text and found it, what were you going to do? Not read the emails that had that text contained within it? No, you were then going to read those emails to confirm, so therefore you are, as I said, reading users email...it just so happened that on this exmerge that you ran no email was found containing the text you were looking for.

Do what you want in the end, but just be aware of the consequences. Ignorance of the law and/or company policies isn't any excuse.

I'm Certifiable, not cert-ified.
It just means my answers are from experience, not a book.

 

[paulha]

Morning popotech

Are you sure that this user is using email rather than http to post to the forum ? I would imagine that there is quite an admin overhead running a forum in this way ?

It may be an idea to cross-post this on the tek-tips "Security, hacker detection & forensics Forum", the experts over there may be able to do a better job of helping you to collect the information you need if it is not email related

http://www.tek-tips.com/threadminder.cfm?pid=83

If I were you I would also take some HR/legal advice on what is needed to cement your company's case against this individual.

Once you know what you need, if it is exchange related, drop another post onto this forum, and I am sure that someone will point you in the right direction

Good luck !

Cheers

Paul

 

[58sniper]

First, get it in writing as to the desires of management. In most states, it's not illegal to read someone else's email, since courts have held that users have no reasonable expectation of privacy. But company policies may get you in trouble. Of all of the clients of ours who have asked for info on another user, none has ever refused to put it into writing. Be VERY detailed, including exact username, what you're looking for, and what you're to do with your findings. Verify it's not running afoul of any company policies (I could tell you some horror stories). Print that information out, and take it home. Seriously. It might be legal, but that doesn't mean you won't/can't get sued.

Also - who's to say the user isn't using Outlook Express and a POP account?

Pat Richard, MCSE(2) MCSA:Messaging, CNA(2)

 

[Davetoo]

See, redundancy is good, even in answers.

I'm Certifiable, not cert-ified.
It just means my answers are from experience, not a book.

 

[popotech]

Regardless, i was right or should i say my "gut" was. Her supervisor caught her red-handed typing into a forum she had no business being. thank you for all the replies they where very interenting. also i forgot to mention that i had all the employees sign a network policy that basically tells them they have no privacy on this network. so it was absoulutely legal to do what i was doing.

THanks again for all the comments and inserts,
Popotech

 

[Davetoo]

This is a professional forum, there is no need for you to come back here and leave such a spiteful reply.

Best of luck to you.

I'm Certifiable, not cert-ified.
It just means my answers are from experience, not a book.

 

[58sniper]

Having them sign a policy doesn't make it legal. Or illegal.

Pat Richard, MCSE(2) MCSA:Messaging, CNA(2)

 

[popotech]

what? in the policy it basically states that you have no privacy when funtioning on the businesses network. I'm confused? Doesn't that waive any right to privacy??

This is for lander215:
look i'm aware of the professionalizm of this site, i actually love it. there was nothing spiteful about my reply, in all actuallity i was admitting my negligence to inform the forum that i had the users sign a network privacy policy. i apologize for any misrepresentation of my last post.

 

[paulha]

I am of the opinion that legal issues are best dealt with elsewhere : This is a technical forum, for people to seek and/or give technical advice.

I generally assume that the person asking for the assistance is aware of any legal implications in the state/country/continent he/she is working in, and will act professionally with any information supplied. (Something illegal in the US may well be A-OK in the UK for example.)

Obviously others can and will disagree with this interpretation, but we can discuss that issue on

http://www.tek-tips.com/threadminder.cfm?pid=717

if you want to ! ;-)

Cheers

Paul

 

[strongm]

>Doesn't that waive any right to privacy??

No. At least not until it has been tested in court against local laws

Let's be really extreme to make the point. Let's pretend that you issue a company policy that says that anybody who wears red socks can be killed by their manager by having their heart cut out with a spoon. Just because there is such a policy doesn't make it right or legal for such a killing to take place.

 

[popotech]

lol.... i get your point but is it this severe. i mean they aren't using their own personal pc's. they are provided by the business as well as internet usage? our law director looked over the policy and said that we have the right to view their past emails and visited url logs?

 

[popotech]

enough said, thanks all.

popotech

 

[58sniper]

U.S. courts have typically maintained that businesses always have the right to see what's going over their network, on their PCs, etc. Even if they don't have a policy, businesses can typically watch what's going on. My comments are basically to keep your job & paycheck. People can be fired for what they send via email (just look at Dow - they fired dozens at one time) - but that doesn't mean they (the fired employees) can't drag you into court over it. And then, it becomes a bunch of finger pointing. So - get it in writing. At my last employer, we had a form that had to be signed by the supervisor FIRST before we would go looking.

I agree that this isn't the place for the debate.

Pat Richard, MCSE(2) MCSA:Messaging, CNA(2)