On Wed, Feb 24, 2010 at 04:29:23PM -0700, Robert LeBlanc wrote: > > As I talked with the security guy, he mentioned that when they get a > phishing message like the one you got, they put a rule to rewrite the > reply-to address so that that it goes to them rather than the phisher. They > can then inform the sender that they were phished without their sensitive > information actually reaching the wrong hands.
What you describe here isn't what they did in this case, but if it were what they did, it would be evil. I don't want anyone silently changing emails to or from me. That would just be evil. (BYU didn't silently change network traffic in this case, but I've had weird creepy problems with ssh traffic that could probably be explained by meddling from OIT). > This is not some thing that they are constantly watching as they record > about 4 TB of network traffic a day. Usually if they get an alert they just > tell us CSRs that there is a problem with the computer and don't give us the > traffic. I had to specially request it from them in this case. The e-mail is > different because they what to help educate the users. When some email message is matched by their filter, David reads it. He read my personal email message without my permission. I don't care how much he was trying to help. At one point, the CS Department logged all requested URL over HTTP, but they were careful to let everyone know what they were doing, and they didn't store personal stuff like POST data. What BYU Network Security is doing is completely secret and stores all of my private data. As great as it would be to have everyone use GPG, it's simply not feasible to encrypt most email messages. > I'm grateful for their efforts to help secure our computing environment. > Understanding what they are doing, why and how has helped ease my mind about > it. By the way, they can't look into SSL traffic, but they can reconstruct > unencrypted traffic to find files and what not. It is very useful to see the > payload in an attack. This is not done on the fly, but has to be > specifically requested for a host and a period of time. I'm grateful that they want to help secure our computing environment, but I don't think that this is always possible without violating higher principles. In this particular case, they read my email and confronted me with its contents. The Bush and Obama administrations may not believe in warrants, but I think that looking through the contents of personal messages should require probable cause. -- Andrew McNabb http://www.mcnabbs.org/andrew/ PGP Fingerprint: 8A17 B57C 6879 1863 DE55 8012 AB4D 6098 8826 6868 -------------------- BYU Unix Users Group http://uug.byu.edu/ The opinions expressed in this message are the responsibility of their author. They are not endorsed by BYU, the BYU CS Department or BYU-UUG. ___________________________________________________________________ List Info (unsubscribe here): http://uug.byu.edu/mailman/listinfo/uug-list
