mailing list archives
Re: Securing workstations from IT guys
From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Thu, 29 Nov 2007 21:35:51 +0100
On 2007-11-29 Vandenberg, Robert wrote:
On Wednesday, November 28, 2007 1:02 PM Eric Marden wrote:
But a keylogger seems more than lazy, in my opinion.
If you can't trust the employees, then fire them.
Nice if the world could be that easy.
It is that easy. Really. If you distrust a person to the point where you
have to resort to that kind of surveillance: fire them (or don't hire
them in the first place).
But nowadays in our litigious society, not going through a through
investigation before taking the appropriate actions is going to invite
a wrongful termination lawsuit.
Using keyloggers is leaving "thorough investigation" in the dust.
Besides, nobody said the termination had to be without notice. You can
always release them from their duties and expel them from the company's
premises. Certainly not the cheapest option, but an option nonetheless.
It is better to have all of your ducks in line and get all of the
evidence you can before you bring the offending party in and fire
Using inappropriate means to gather evidence is like handing your
opponent (or his lawyer) a loaded gun.
"All vulnerabilities deserve a public fear period prior to patches
--Jason Coombs on Bugtraq