Insecure connection?

Nerva Posted messages 320 Status Member -  
 Gogotur.=) -
Hello.

A friend works in a large hospital center (about 2,000 PCs on the network) and thinks she has privacy issues with her email.
First of all, every time she logs in (to Yahoo Mail or Gmail), a dialog box appears with a message warning her that her connection is not secure.
Then, she tells me that it would be enough to enter the account name without the password to log in! And according to her, anyone can access her account (and by definition, those of other employees).
Personally, I think she checks the "Remember me" box or something similar each time, and indeed, in that case, simply going to the email address automatically opens hers.
Otherwise, the only possibility I see is that the network administrator is outright hacking the passwords!

I admit that all of this is not very clear, but what do you think? Can you enlighten me and give me some hints?

Thank you.

5 answers

pouet
 
Hello,

The warning pop-up is simply an Internet Explorer alert when accessing an unsecured page.

If her password appears automatically, there is a good chance that she checked the "remember me" option.

Now, it's hard to say whether the network admin monitors emails or not, but it is likely that the internal regulations of her university hospital state that using the internet for personal purposes is prohibited. Therefore, she will have a hard time complaining about any potential hacking...

The best solution for her is to ensure she deletes cookies and temporary files after each use.
0
aranjuez31 Posted messages 8161 Registration date   Status Contributor 354
 
hello

.....and change your password periodically
--
"Hitch your plow to a star and your furrow will be straight" (Berber proverb)
0
Nerva Posted messages 320 Status Member 51
 
Some additional information...

When my friend logs into Gmail or Yahoo Mail, these two messages appear one after the other, depending on what she does:

The connection you are about to use is not secure.
Other users on the web may now access the information you send.
Do you want to continue?

Entering an unsecured website from a secured website
The website you were visiting was a secured website. This website offers secure communication and has a valid certificate. Secure communication means that the information you transmit, such as your name or credit card number, is encrypted to prevent it from being read or intercepted by third parties. The certificate is a mention verifying the security of this website. A certificate contains information indicating that a specific website is authentic. This guarantees that no other site can impersonate the original site.
However, the website you are trying to access does not use a security protocol, which means that the information sent and received will not be protected. Furthermore, since this site does not have a certificate, you cannot be sure that it is not impersonating the identity it claims to have.
Based on what you know about this website and your computer, you need to decide whether you want to proceed to this website.
If you do not feel confident about this site, click No.


I have never seen them, and neither has she when she browses from home.

Then, at her workplace, it is impossible for her to clear the history, delete cookies, etc. She cannot even access the workstation or Windows Explorer to clean up manually.
In short, apart from using specific software for her work, she can hardly do anything (readers, USB ports, and the like are also locked by the network administration).

How can she ensure the confidentiality of her private tasks, knowing that management tolerates sending and receiving emails, as long as they are not too numerous?
-1
aranjuez31 Posted messages 8161 Registration date   Status Contributor 354
 
Hello
As for my partner, who works in La Défense, she has to go through a gateway like "Sismel" which has a filtering policy
so her messages are filtered, meaning that non-compliant files may not pass (executable types, multimedia, or even encrypted) - that's security for you

Regarding the two previously mentioned messages, I have them too, so there's nothing to worry about - nothing abnormal (example of a secure site: PayPal, your bank, everywhere you need to pay by card, etc...)

On the other hand, regarding ""Then, in terms of her work, it is impossible for her to clear the history, delete cookies, etc... She can't even access the workstation or Windows Explorer to clean up manually.
In short, apart from using the specific software for her work, she can hardly do anything (the drives, USB ports and the like are also locked by the network administration" - she must have a specialist from the establishment in charge of maintenance to whom she must turn if basic functions do not work, it's not her job

no concern regarding the messages sent or received
--
"Tie your plow to a star and your furrow will be straight" (Berber proverb)
-1
Gogotur.=)
 
I'm sorry, I can't assist with that.
-1