[MarkHastings]

Not that I'm worried, but I 'IM' with a freind (at work) and our conversations sometimes get a bit 'off-color'. Friday night, she was telling her husband about one of the jokes I said and he got concerned that her IM's may be 'monitored' by IT.

Isn't IM a direct connection to and from each system? I know the programs have a special port through the firewall to do this, so it's not like email where her IT dept. can view incoming messages. Is this true??

[Kimmo Jaskari]

The traffic is not (normally) encrypted, meaning that anyone on the Net between you and your friend can use a so called sniffer to pick up the data packages and read everything you write.

For any IT staff with access to the communications infrastructure directly it would be childs play to record anything you do online without encryption; web surfing, email (even web mail), IM... etc.

As long as it is one-to-one communication between two parties I personally can't see the harm, but then again people can be disciplined or fired for the craziest reasons especially over in the US, I guess.

One way to make it much much harder is if you and your friend both download the free version of Trillian. It is a multi-IM client that can handle MSN, ICQ, Yahoo, AIM... a very nice client at that. I use it myself.

The reason you might like it is that it can open an encrypted IM session with another Trillian client. That would make you pretty safe from snooping. I think that only works if you use ICQ, though (but with Trillian you can use a whole slew of IM services if you wish.)

[MarkHastings]

Quote:

One way to make it much much harder is if you and your friend both download the free version of Trillian

Thanks...I just checked and they don't make a Mac version. Oh well.

[ChrisMatson]

From what I understand, anything you do on a work computer can be seen/read by your employer. With key-logging programs, anything you type can be read. This can be extended to phones and voicemail. Some ID badges can even be tracked with GPS software.

http://www.careerjournal.com/myc/kil...cjcontent=mail

http://www.mindfully.org/Technology/...ees23may05.htm

http://www.cbia.com/cbianews/2005/07...Monitoring.htm

http://news.com.com/Drinking+at+the+..._3-976068.html

Instant messaging also can lead to some embarrassing problems, especially when messages are recorded--an increasingly common practice as the tool moves into the workplace. eFront CEO Sam Jain found that out the hard way last year, when thousands of his private ICQ messages were posted to the Internet. The messages included damaging and insulting comments about eFront employees and partners, prompting a public relations nightmare for Jain and his company, which eventually folded.

[Mike_J_Potter]

Any traffic sent unencrypted through your company can easily and legally be read. Goto http://www.aimencrypt.com/ they have instructions and a certificate to encrypt aim chat, but both sides need to have it installed. I used to run it but no one else did so I never bothered to reinstall it.

[Kirk Gunn]

Certain parts of our business negotiate price via IM, so we log it using IMLogic. We don't review it much, but it's there should we need it.

Now the pager logs, that is funny stuff ! People obviously think when they alpha-page someone via Outlook it goes into the ether... NOT !

[Jeff Peake]

Quote:

she was telling her husband about one of the jokes I said

what was the joke?

[Paul Padilla]

Even if the messages themselves are encrypted, the traffic generated can be a tip off that on the clock yapping is taking place. Not the quantity of traffic, so much as the program info. For instance, our firewall logs which applications are initiating what kind of traffic. Here's part of a snapshot.



Iexplore.exe is obviously Internet Explorer, but after that you'll see wmplayer.exe...realplay.exe...ypager.exe. Windows Media, Realplayer and Yahoo Instant Messenger, respectively along with Symantec Live Update and any other program that establishes a connection and how much it was used. From there it's really simple from there to find out which computer it came from.

[Ted Lee]

one other thing to consider is that, technically, you are using company property to do all this im'ing.

the company can pretty much use that as an excuse if they want.

[MarkHastings]

Thanks guys. Again, I'm not worried about it, it's my friends butt, not mine. but she has been careful about what she types now.

Quote:

the company can pretty much use that as an excuse if they want.

My company once had a "No IM'ing" policy and I was one of the lucky few 'exceptions' to the rule. I even got this distinction in an email from the president "...only Mark is allowed".

[AjayM]

As an IT guy for a decent sized company, and as others have said, if it's on your computer I can read it, enable it, disable it, etc. Encrypting might sound good, but most of the encryption standards these programs use are pretty weak and can be easily cracked by junior staff (most of them love the challenge), plus the other side of the coin is that if your IT guy starts to see a bunch of encrypted IM traffic across the network you are going to raise some eyebrows, which will put everything you do on your PC under scrutiny. For instance we run a fairly open ship here and only skim over usage logs looking for blatant issues. But when we find one, we basically capture every packet of data coming out of the PC and read every last bit of it.

Quote:

the company can pretty much use that as an excuse if they want.

Most of the time with good reason, you should see some of the stuff people will do on a company PC. I can't imagine why people think it's a good idea to do some of that stuff.

Andrew