Enterprise IT Watch Blog


December 15, 2009  11:52 AM

Worker text, e-mail privacy gets a Supreme Court review

Michael Morisy Michael Morisy Profile: Michael Morisy

In many cases, it is trivial to monitor or access employee e-mails, browsing history and texts, and it’s standard operating procedure at some companies. But should there be some level of an expectation of privacy when employees are using company computers, phones and mobile devices?

That’s the question that the Supreme Court has agreed to tackle as it reviews USA Mobility Wireless Inc. v. Quon. As CNN reports, the case would cover what, if any, expectations of privacy federal employees have at work when they’re using their employer’s equipment:

The department has a “Computer Usage, Internet and E-mail Policy” that gives workers only limited use for personal communications. Quon signed a statement acknowledging that “use of these tools for personal benefit is a significant violation of City of Ontario Policy” and that “users should have no expectation of privacy or confidentiality when using these resources.”

It was only in reading the transcripts voluntarily provided by Arch Wireless from its electronic archives that the often-racy messages to his wife, his girlfriend and a fellow officer were revealed, prompting an internal department investigation.

A review of one month found that Quon had sent and received 456 personal messages while on duty, an average of 28 per shift, and only three were deemed work-related. A federal court judge characterized many of the messages as not “light personal communications,” as defined in the policy as generally acceptable, but words that were, “to say the least, sexually explicit in nature.”

When I’ve spoken with IT professionals on the matter of personal privacy at work, the number one piece of advice is spell policies out. It seems like the City of Ontario did that, and still ran into problems, suggesting what a thorny issue it is.

GigaOm’s Sebastian Rupley also takes on the case, noting other cases where the federal government has been accused of overstepping its bounds, particularly when it comes to social media:

This isn’t the only recent dust-up involving the privacy rights of government workers online. Earlier this month, the Electronic Frontier Foundation (EFF), working with the Samuelson Law, Technology and Public Policy Clinic at the University of California at Berkeley, slapped a lawsuit against half a dozen government agencies for refusing to explicitly state their policies for using social networking sites for investigations, data collection and surveillance. The suit specifically charges that the agencies are withholding information on data they’ve collected from their workers’ usage of Facebook, Twitter and other social applications.

December 15, 2009  7:05 AM

Do they know it’s Christmas in Spam-sylvania?

Michael Morisy Michael Morisy Profile: Michael Morisy

For those who worry about the working conditions of malfeasance, a little Christmas cheer: At least some spam shops offer the holidays off, according to recent research published by Project Honeypot, which found there is a 21% decrease in spam on Christmas Day and a 32% decrease on New Year’s Day. Next Up: Whether Jabba the Hutt offers dental and vision benefits.

The report does offer some useful information, even if it’s just to raise awareness that spam can easily evolve from “nuisance” to “security threat” in the time it takes you to type out “Nigerian Prince.” Project Honeypot’s billionth spam message, for example, was an IRS phishing attack.

As the “social web” marches forward, Project Honeypot’s researches expected spam to set the pace: One of the fastest growing sectors skipped e-mail entirely:

Looking at the data patterns, comment spam in 2009 resembles email spam when Project Honey Pot began in 2004. While comment spammers today are tending to use a relatively limited set of machines to post their messages, if this new breed of spammers follows the email spammers’ lead to massive adoption of bot networks then it will pose a significant threat to websites everywhere.

And that threat isn’t just obnoxious, off-topic posts (see many a social site to realize you don’t need robots for that!) but also DDoS attacks bringing down sites large and small.

The Project Honeypot team also used the data of where spam was being forwarded one to come up with a rough graph of worst/best IT security by country, based on the thinking that more botnets equals more virus infestations:

What? Still not full of Yuletide cheer? Well here’s the classic song that kicked off the Band Aid fund raisers to get you back in the mood.

[kml_flashembed movie="http://www.youtube.com/v/8jEnTSQStGE" width="425" height="350" wmode="transparent" /]


December 14, 2009  3:29 PM

What goes into a social media cost analysis?

Michael Morisy Michael Morisy Profile: Michael Morisy

Arian Eigen Heald, of Sister CISA CISSP fame, recently splashed some cold water on one company’s social media efforts:

The other issue, at least on Twitter, is trying to build up the “fan” base. Companies are pushing their employees to become “fans,” but that means that the company can see the Twitter profiles of their employees. This has already resulted in company policy changes for employees, telling them to behave themselves on Twitter (or other places). This turns an employee fun toy into a business process, and nobody I’ve talked to that is on Twitter likes it, not at all.

Perhaps an update to Nietzsche’s aphorism is in order: When one stares into the social media abyss, the abyss might not stare back at your Twitter account, Facebook page or YouTube video. And as Kara Swisher at BoomTown deftly notes, it can all quickly degenerate into “finger-tagging” “face-falling” nonsense, even as social networking sites become a larger attack vector. Perhaps the most disturbing facet is that it often times because IT vs. the world when it comes to social media savvy, as in Heald’s case:

My sister-in-law asked me yesterday about getting her company on Twitter and other social media sites like Facebook. She said that they would need to disable blocking functions in the office firewall to make it work.

She also said that their IT department was very much against the idea, and she wanted some information to reassure them. Let’s hear it for the IT department!

Can’t we all just get along? Well, maybe. A little pushback here and there isn’t a bad thing, so help fight the good fight, and share your social media stories by e-mailing me or chiming in on our social media cost analysis guide.

More on Social Media:


December 9, 2009  12:58 PM

Silver lining to new cloud WPA Cracker

Michael Morisy Michael Morisy Profile: Michael Morisy

WPA Cracker, a service that bills itself “as cloud cracking service for penetration testers and network auditors,” has been making waves the past few days as breathless newswires report that “New Cloud-based Service Steals Wi-Fi Passwords“. Not quite: It just makes an already known vulnerability slightly more accessible to the common man, but what ne’er do well is really going to hand over their private info via Amazon Payments to crack a WPA-PSK password, particularly when there are simpler methods such as readily available rainbow tables?

To be clear, the service doesn’t break into Wi-Fi networks; it only runs a dictionary-based attack on handshakes that have to be recorded by an individual with at least some technical savvy.

Glenn Fleishman goes into another reason enterprises don’t have too much to worry about with this new development:

Let me be clear: this is a clever and worthwhile addition to penetration testing (pentesting) and network security, and I would gladly pay $34 to prove to someone smug that his or her company password was vulnerable. But it is not a generic nor dangerous attack on WPA. Smart companies, likely millions of them, already use account-based network authentication in the form of WPA/WPA2 Enterprise, which is not vulnerable to this form of brute-force attack. WPA/WPA2 server-side support is de rigeur in the enterprise network infrastructure, and available from third parties, as well as built into Microsoft Server and Mac OS X Server operating systems. Home users and small-business users are most likely to employ simple passwords.

In fact, there could be a silver lining. As Luke O’Connor notes, explaining the importance of strong passwords and security practices to management is never quite as easy as it should be. Showing decision makers that their password can be cracked by a simple web service in 20 minutes for under $40 can make quite an impact.


December 7, 2009  4:15 PM

Lotus Notes: Almost old enough to drink!

Michael Morisy Michael Morisy Profile: Michael Morisy

Via the Channel Marker blog comes news that Lotus Notes turns 20 today. Well before social networking and crowdsourcing were hip and cool, Lotus Notes lead the collaborative charge with their take on “groupware.” But did anyone remember?

Not Ray Ozzie, apparently. The father of Lotus Notes has gone on to greener pastures as the Chief Software Architect at Microsoft, so don’t look for him to be making any teary-eyed statements about how well his (now IBM-owned) child has aged.

Not IBM, even on its Lotus Notes news page. $3.5 billion to buy Lotus, and then not $3.50 for a Hallmark card?

And definitely don’t look to Facebook. Lotus Notes fan pages were silent, eclipsed in popularity by, um, a Manhattan fashion blog?

It’s a cold world, but the anniversary hasn’t gone completely unremarked. Chris Toohey writes on DominoGuru that Lotus Notes has made him a better IT pro:

I have become friends with some of the most brilliant people in the world; people that not only take a particular technology and extend its functionality, but people that are able to think so far ahead of where I am today that they make me evolve my own thinking.

I’ve been superhuman.

I bleed yellow.

And, most important, I look forward to what I’ll be tomorrow.

Happy Birthday Lotus Notes, and I look forward to the next 20 years of collaboration, community, and evolution!

And Chris was kind enough to send along a link to Ed Brill, director of Lotus Software, who did note the anniversary in “20 years ago today…Notes 1.0“:

On December 7, 1989, at the American Academy of Arts and Sciences in Cambridge, Massachusetts USA, Lotus Notes 1.0 was officially unveiled.  I wasn’t there, and the date wasn’t significant to me other than as I was approaching final exams in my penultimate semester of college.  Clearly, though, that event changed history — and produced one of the most successful and longest-running software products in distributed computing.

How did you celebrate?


December 2, 2009  2:45 PM

They break it, you buy it

Michael Morisy Michael Morisy Profile: Michael Morisy

What???  meh thinks it lookz better this wai..Foreclosure isn’t easy for anyone involved, particularly those homeowners who feel tricked into mortgages they can no longer pay and so face eviction. The results are often not pretty, as the Wall Street Journal reports in Buyer’s Revenge:

The stucco subdivisions of Las Vegas are caught up in the nation’s foreclosure crisis. These days, bankers and mortgage companies often find that by the time they get the keys back, embittered homeowners have stripped out appliances, punched holes in walls, dumped paint on carpets and, as a parting gift, locked their pets inside to wreak further havoc. Real-estate agents estimate that about half of foreclosed properties to be sold by mortgage companies nationwide have “substantial” damage, according to a new survey by Campbell Communications, a marketing and research firm based in Washington, D.C.

With the former homeowners losing their most valuable asset, it’s tough to re-coup the lost costs after the destruction has occurred, so banks have given up on the stick and turned to the carrot: Cash rewards for leaving early or even just on time and not having trashed the home.

Could the same approach work for IT?

Inevitably, equipment and even software breaks: Motherboards die, laptop screens fizzle, a virus gets through the firewall and anti-virus. Sometimes, it’s user error and other times it is faulty equipment. Often times, users will try and pass off the former as the latter, or pass the blame. According to some informal discussions in the forum, policies are generally clear: Employees are responsible for their possessions. But what about users who do take good care of their computers? While companies probably can’t get away with docking pay stubs for extra help desk tickets, perhaps the inverse is true: Users who self-help with forums or go to other employees to fix basic configuration problems, rather than draining limited resources, could be eligible for a reward, either a small bonus or even just a gift card.

Good idea? Recipe for disaster? Let me know what you think at Michael@ITKnowledgeExchange.com, particularly if you’ve tried an incentive program before.


December 1, 2009  1:47 PM

How was your Manic Cyber Monday?

Michael Morisy Michael Morisy Profile: Michael Morisy

Cyber Monday” has come and gone, but was it just another rough Monday for you or did your network face a deluge of “recreational” traffic?

There’s been a lot of debate over the years about whether “Cyber Monday,” the online follow up to Black Friday where consumers supposedly click on to hot deals while at work, is more marketing hype than reality (coupon codes come and go, after all). This year, at least, there appears to have been some bump: Coremetrics reports sales were up 11%. The real day to watch out for? December 17th, the last day for free shipping to arrive by Christmas for most Amazon purchases:

How was your Cyber Monday? And how are you handling holiday shoppers, whether they sap productivity in a trickle or a torrent? Let me know at Michael@ITKnowledgeExchange.com.


November 30, 2009  9:24 AM

Cyber Monday’s here … but is it just another Manic Monday?

Michael Morisy Michael Morisy Profile: Michael Morisy

The Monday after a long vacation is rarely easy, and today will probably not be the exception for most IT professionals: There’s a whole weekend-plus worth of things to fix up, schedules to resume … and the specter of Cyber Monday.

Hopefully, the latter is just a scary story marketers tell their bosses to make it look like their hip to this Internet thing. As one Business Week writer noted a few years back, there’s a flaw with this image of a surge of workers slacking off and juicing their office connections to get the best deals:

Just one problem: It’s not true, at least for many online retailers. Contrary to what the recent blitz of media coverage implies, Cyber Monday isn’t nearly the biggest online shopping or spending day of the year. It ranks only as the 12th-biggest day historically, according to market researcher comScore Networks. It’s not even the first big day of the season.

For most online retailers, the bigger spending day of the season to date was way back on Nov. 22, three days before Black Friday. What’s more, most e-tailers say the season’s top spending day comes much later, between around Dec. 5 and Dec. 15.

And this year, with more consumers than ever having home connections equivalent to or even faster than their work broadband, “Cyber Monday” might have started on Black Friday: Why deal with the unwashed masses when you can click, click, click your way to steep savings, without having to get up at 4 a.m. or even miss your leisurely breakfast? Search Engine Land reports that Amazon.com traffic grew 22% this Black Friday compared to the year before.

What’s your experience? Are workers nose-to-the-grindstone today, or are you noticing heavy non-work traffic? What’s your corporate policy on dealing with it? Filter, block or let it slide as long as the employees get their work done? I’d love to hear your strategies and war stories in the comments or at Michael@ITKnowledgeExchange.com.


November 23, 2009  12:16 PM

Smoking might violate Apple warranty

Michael Morisy Michael Morisy Profile: Michael Morisy

I’ve written about dodgy computer warranties before, but Consumerist reports that Apple’s taking an even broader view of contributing factors: There are two alleged cases where Apple warranties were voided due to second-hand smoke. I’m a little skeptical: The scenarios are not completely improbable, but Apple’s silence on the matter when the company has such a sterling reputation for customer service is surprising.

Stuck in the same position? Take consolation from the IT Watch Blog’s handy, lawyer-written guide on your warranty rights: It notes that often, your device is better covered under the default warranty than under extended warranties like AppleCare:

If a product is sold in breach of any of these warranties, the merchant is required by law to repair the product, replace the product or refund the purchase price for the product, all at their own cost. Thus, these warranties (as well as other consumer protection statutes) provide valuable tools to combat abuse. And the best part is these warranties are free of charge.

Merchants, however, can limit or even waive these implied warranties under the right circumstances. For example, if you purchase an item and the seller indicates in the bill of sale that it is sold “as is,” or “with all faults,” this constitutes a waiver of all warranties. In such a situation, the buyer should beware that he will be liable if the good is defective. A merchant may also waive implied warranties by indicating so, in writing, in an obvious or conspicuous manner (i.e., it cannot be hidden in the fine print).

Are you on the other side of the fence? I’d love to hear how you handle user-caused damage: Do you just chock it up to the cost of doing business, or does your company hold careless users accountable for when their devices are lost, damaged or stolen? I’d love to hear your thoughts, policies and stories either in the comments or, at Michael@ITKnowledgeExchange.com, or on Twitter at @Morisy. If requested, I’m happy to keep your information private.


November 23, 2009  9:56 AM

Battling bullies when your job’s at stake

Michael Morisy Michael Morisy Profile: Michael Morisy

As a news writer for SearchNetworking, there were times I could have been interviewing Rodney Dangerfield instead of IT professionals: They couldn’t get no respect, they’d complain, and instead were forced to deal with executives with outsized egos and little regard for the facts on the ground. One of the most popular articles, in fact, was about dealing with the “the make-it-so CEO“:

Even if you’ve never met one, you know the stereotype: curt, driven, my-way-or-the-highway CEOs who wash down their morning bowl of nails with a glass of Drano.

These “make-it-so” CEOs want their networks not only to work but to work for them without hassle, without passwords and without understanding how and why, even if those demands imperil network security. Quite often, hapless network admins have to leave the rest of the organization on hold while patiently explaining how to turn on a home router or why “password” is not a secure password.

At the time I wrote the article, the advice a lot of IT professionals gave in dealing with a tyranical boss was to simply quit: Life’s too short, and your career matters too much, for it to be crushed by someone else’s ego trip or insecurities.

But with unemployment up over 10%, that can be a tough pill to swallow. Fortunately, there’s hope for reform, even if it’s a difficult road ahead. A recent post on Harvard Business Review’s Conversation Starter blog quoted David Rock’s article Managing with the Brain in Mind: “[N]euroscience has also discovered that the human brain is highly plastic … Neural connections can be reformed, new behaviors can be learned, and even the most entrenched behaviors can be modified at any age.” The post then goes on and offers some advice on dealing with bullies in the here and now:

1.  Document and define the bullying. Is it actually bullying? “Women who exert ‘male’ leadership styles are in danger of being perceived as bossy. Men who do the same thing are often praised as decisive,” says John Medina. Look for patterns over time vs. isolated incidents, privately document the facts and specific actions. Finally, look at your company’s culture. Is bullying or aggressive behavior rewarded?

2. Consider your options and make a choice. If the culture supports or rewards bullying, seriously consider if this environment is for you. “Much of the repeated mistreatment that characterizes bullying relies on a poisoned, sick workplace to permit and sustain the madness,” according to WBI psychologists Ruth and Gary Namie. According to the Labor Day 2009 Survey conducted by the WBI, employers do nothing to correct the bully 53.6% of the time ,and 37% of the targets experienced retaliation for taking action.

3. Nip bullying in the bud — carefully. Privately derailing someone who is yelling at you by calmly repeating their name can be highly effective. Not so when your boss belittles you in a meeting. (Never out a bully in public; it will surely escalate things.) Once bullying is successful it rapidly becomes a habit — neurons that fire together, wire together — address it when it begins. The Bully at Work and the WBI discuss making formal complaints including legal parameters. In the Company of Women (Heim, Murphy and Golant) and Mean Girls Grown Up (Dellasega) deal specifically with Woman-on-Woman Bullying and relational aggression, providing concrete strategies for creating alliances, interrupting behavior patterns and moving forward effectively and productively.

4. Grow a support system. Hire a coach, talk to a therapist, or find a mentor or trusted friend. It’s as important to get honest feedback about your experiences, perceptions, reactions, as it is to know that you are not alone.

Any other advice you can offer? Any caveats you see to the above approaches? Let me know by e-mailing me at Michael@ITKnowledgeExchange.com, or leave your thoughts in the comments.


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: