Wednesday, January 17, 2007

 

Guilty as Charged!  Oh, the shame of it!

 

Well, folks I have a confession to make:  I have committed a corporate crime.



Companies have rules for a reason, which is why we can't just go around cheating customers, poisoining the water cooler, deceiving shareholders, or stealing big bags of money out the back door.



But oh my transgression is worse than all of the above--so bad that it actually triggered a warning from corporate headquarters in New York!





My crime:  

I checked my personal e-mail at work!




(I can see you are all gasping in horror!)




[sound of me slapping myself in the face]

NEVER [slap] DO [slap] THAT [slap] AGAIN! [slap]



Ouch!  Slapping myself sure does hurt.  But I certainly deserve it for the terrible crime I have committed.  Now I can only do my best to serve as a deterrent to others.

I feel like Richard Nixon, only balder and more evil.

And for any of you out there who would even consider emulating my terrible crime, let the e-mail below serve as a dire warning.  (Names blanked out to protect the hard working men and women of JPMC Info Security who risk their lives every day to make sure that this will never ever be a fun place to work.)









N------ C---/JPMCHASE
01/16/2007 03:55 PM
To
Joshua Nathan/IL/ONE@JPMCHASE
cc
ITR - CSIRT - FULL, ITRM SMC NA@JPMCHASE, J----- - D-----/JPMCHASE@JPMCHASE
Subject
Attn Joshua: RESPONSE NEEDED - POTENTIAL POLICY VIOLATION - WEBMAIL - 10.136.201.28 Peregrine# 08060042




Joshua,

CSIRT received the alert below showing that you used webmail (st17.startlogic.com) from your machine via the infrastructure. Use of external webmail is a violation of the IT Control Policies due to the inherent security risks involved.

Please provide your exception ID for this usage, or cease using it from JPMC assets and infrastructure. Please note that continued violations without an exception requires CSIRT to notify Employee Relations as well.

Thank you,
N------

N------ C--
Computer Security Incident Response Manager, Americas

N------ C---, Vice President
JPMorgan Chase
Information Technology Risk Management
Computer Security Incident Response Team
1 Chase Manhattan Plaza, 24 Floor
New York, New York 10005






I sure do miss my glory days consulting at Arthur Andersen, where no one would even think of doing anything naughty.

Now be good, kids!




Comments:
So far.
 
Hilarious, I am so glad I don't work in corporate america! That sucks.
 
WTF?! That's a bunch of BS! I check my e-mail ALL of the time, but of course I work on a college campus. They can not track employee personal e-mail accounts...so I am scott-free. :D
 
oh that's obsene....however, I can one up you....

I used to work for this engineering company and they completely took away our internet all together. I think (but not sure) we could still get company e-mail....but that was it. awesome.

(i bet my advisor wishes he could take away my internet these days :-) )
 
Oh Josh, you are such a bad, bad bad bald man.

How incredibly, stupefyingly ridiculous!

*drools*

I feel dumber just thinking about it.
 
Well, as capricious as Corporate Enforcement is these days, I'd watch your back for a year. As much traffic as there is bound to be on the personal webmail sites all they can afford to do in what little time they have is come down heavy on a random sampling of individuals not in a position to fight back about it.

If you're really feeling like putting some money up against thumbing your nose at them, get a mobile e-mail client (Treo, Blackberry, Smartphone, whatever).

If you're *really* feeling ambitious, you could switch your website to one of the hosting services that lets you manage the site on your own. (DreamHost.com is one I was referred to once.) I'm sure there are some open-source webmail utilities out there. Then all you have to do is snag the domain name "officialbusinessonly" .com or some such (I just checked, it's unregistered -- at least as I write -- no telling how long that'll last) and have your webmail hosted there in such a way that that's the URL which shows up in JPMC's log-files as the DNS signature. Well, at least as long as you don't give yourself away by setting up the URL to be https://officialbusinessonly.com/joshthumbshisnoseatjpmc/personalwebmail.php ...

There's no saying you have to match your login to your e-mail address, though, so if you'd managed to set up HTTPS you may as well make the login name be jishthumbshisnoseatjpmc.

Oh, yeah, and if you don't register that domain within a month, I'll take it. Tons of opportunity for mischief that can't be passed. ;-)
 
Bleh. jish Josh. I can't type today. You get the picture.
 
R9Q, the problem is not my site (pugpaw.com) or my host (startlogic) but the webmail software itself.  From what I can tell, the sniffer solution at my company looks for websites that contain the words "webmail" or "inbox" or "mail" within an URL.  Unfortunately, controlling my own remote server or even hosting myself on a home server would not get me around the problem if I still have to use off-the-shelf e-mail software.

I wish someone would create an e-mail server that doesn't use the word "webmail."

Oh, well.
 
I can't even acccess mine. And yahoo mail and google mail and all those web-based mail sites are banned from dh's work. Can't even access 'em.

Wow. Can't believe they sent you an email about it. That is so weird.
 
oh man! That is tough! I can no longer blog on here from work, but I can read and mobile post from my cell phone.

You bad man! lol
 
That sucks. I do most of my emailing from work.
 
Nice thing about off-the-shelf open-source software is that you can do search-and-replace over the source code yourself.

webmail=blunderbus
email=granolabar
mail=wigit
etc.

And, yes, actually going through with recompiling the source-code for a webmail host is over-the-top effort to get around their ban. A bit like working at learning how to work a backhoe to smush a dead fly. It's only worth it if you really wanted an excuse to learn how to work a backhoe. The fly's already dead.

I opted for the lazier solution of getting a Treo, personally. The data service costs extra money per month, but it's a cool toy to have, and I wanted one anyways. And, kidding aside, it's a lot of work keeping people out of your server if someone decides you're their target-du-jour.

About a year after I got it they relaxed the web filters on the proxy my employer uses, but I'm keeping my techie toy.
 
Makes me glad I majored in Philosophy - I made sure my resume was poison to (most) corporate types.

Is telecommuting an option?

(p.s. don't let the man get you down!)
 
Features - StartLogic Review

200 GB Space
2000 GB Web Traffic Transfer
Host 10 Domains on 1 Account
Free Domain.
30 day money back guarantee
PHP, PerlScripts, MySQL, SSL, CGI-BIN and Library, SSI
100's of professional web templates
FREE Marketing Guides (500+ Page Manual) + Search Engines Submitter
AW Stats (Web Statistics)
FREE Form Mail, Guestbook, Bulletin Board, PHP Nuke, Chat, Blogger, Multiple Java Applets
FREE Agora Shopping Cart, OS Commerce, PayPal Shopping Cart
Award-Winning 24/7 Support

Learn More...

 
Gee, it's too bad none of you losers ever consider how much personally information gets sent out through personal e-mail. Too bad none of you losers consider that preventing personal e-mail at work keep smost of your identities safe fro mhackers who sniff internet traffic. Too bad none of you losers realize that policies like that help keep companies' names off the front pages, and keep most of you employed. And oh yeah, one more thing Josh, if it was fun, it wouldn't be called WORK. Too bad you don't work for ME, cause I'd fire your a$$ in a heartbeat.
 
Post a Comment

<< Home

This page is powered by Blogger. Isn't yours?