Posts Tagged ‘email’

Aussie Govt wants Companies to Spy on Workers

April 14, 2008

Bosses will be able to spy on workers’ emails without consent under new anti-terror laws being considered in Australia, Deputy Prime Minister Julia Gillard said Monday.

Anti-terror? Really?

While it’s unclear as to what the extent (“internet communication” is the specified term) of the proposed legislation is, the Australian government has suggested that offering these new powers to employers will aid the prevention of denial of service attacks on the country’s digital infrastructure.

This can be ridiculous in one of (at least) two ways. The first is that, hopefully, this was drafted by government advisors who actually do have an understanding of technology, but Ms. Gillard either does not or has dumbed-down her announcement for the mass media. The second, and more concerning, is that, the government actually believes that this sanctioned invasion of privacy by corporations justifies the minimal amount of national security information which could be obtained from employee emails.

One of the examples the government has mentioned is that of a distributed denial of service (DDoS) attack. If such a threat were to propagate through email, surely email virus filtering would be a better thing to mandate than this proposed law. What about simply providing organisations with solid advice on network security policy? Prevention is better than a cure.

The other implication with the “anti-terror” label is that “terrorists” might be sending each other notes at work. While no-one can say for sure, practically speaking, who would use a work email to swap bomb recipes? There are more subtle ways to send sensitive information.

It’s one thing for a government to have power to intercept personal emails (which many, including the Australian government, do), but giving those rights to private citizens (eg. network admins) crosses the line.

If a company really wants this power, they can stipulate it in their employee contracts. While not great, at least the employees are informed. On the other hand, this sort of legislation will serve only to unnecessarily increase government powers and the powers of employers, without our consent.

Who’s winning here?

AFP Article

Phishermen with Better Bait

April 8, 2008

Most of the phishing emails I see are obviously fakes. Many don’t bother to spoof the sender address, clearly link to third-party sites (eg. http://www.yourbank.com.46dyu.ru/verify/) and/or use terrible grammar and spelling. While it’s always a give-away when I’m not actually a customer of the purported bank, a few emails certainly make me look twice before I work out their trick.

Here’s one allegedly from St. George bank in Australia.

Have a look at their official website: http://www.stgeorge.com.au/

Then this email:

While some of the grammar is slightly amiss, this email is a step above the bulk of what I’ve seen. Their trick, while not new, is that the text, http://ibank.stgeorge.com.au/verify, is HTML linked to a phishing site at http://www.stgcorge.com/verify, much like I can have http://ibank.stgeorge.com.au/verify link to Google or anywhere else. Only in the case of this email, on a cursory glance, “stgcorge” could easily be read as “stgeorge”.