Rashek writes:
"Alex Kibkalo, an ex-Microsoft employee was just arrested for stealing and leaking company secrets.
Having spent seven years working for Microsoft, Kibkalo is alleged to have leaked Windows 8 code to a French technology blogger in mid-2012, prior to the software's release. Kibkalo was apparently angry over a poor performance review."
(Score: 5, Insightful) by grub on Thursday March 20 2014, @08:16AM
med to be authentic, prompting corporate investigators to dredge the Hotmail account the blogger used to contact the Microsoft worker.[...] While searching the blogger’s account, Microsoft investigators found an email from Kibkalo
What the hell? Microsoft now reserves the right to search through a person's hotmail account based on suspicion?
Run your own email server if possible and PGP whenever possible, even if just muffin recipes.
~ Trolling is a art ~
(Score: 4, Interesting) by MrGuy on Thursday March 20 2014, @08:58AM
Since this took place in the EU, is Microsoft guilty of violating privacy standards by reading personal e-mail without a court order?
I recognize Hotmal servers are owned by Microsoft, but it feels like this is the sort of thing that they'd have needed a court order to troll through if the blogger happened to be using a Gmail or other provider's account.
Or maybe Microsoft's TOS give them the right to troll through your e-mail whenever they think you might be damaging Microsoft in any way (even in a way totally unrelated to Hotmail)?
Of course, if it was the US they could simply argue that "metadata" about who e-mailed who are simply "business records" that aren't personally identifying and obviously aren't an invasion of privacy...
(Score: 2) by mhajicek on Thursday March 20 2014, @11:27AM
Company email can be read by the company. A MS employee using Hotmail is using company email.
(Score: 5, Informative) by MrGuy on Thursday March 20 2014, @12:05PM
The concern isn't about MS reading the MS employee's e-mail. What they read the BLOGGER'S e-mail account. The blogger happened to have/use a hotmail account to communicate with the MS employee.
The question is whether MS reading a non-MS-employee's personal hotmail account because they suspected that person MIGHT have what MS considered confidential info is OK.
(Score: 1) by monster on Thursday March 20 2014, @02:02PM
As of employees' email, it depends of the specific country (different laws about it). For third parties, I think it is big no and may invalidate any evidence they got through it.
(Score: 5, Informative) by Sir Garlon on Thursday March 20 2014, @09:00AM
Yes. Read the Microsoft Services Agreement [microsoft.com], section 3.5. It's right there in black and white.
Be careful what you agree to.
[Sir Garlon] is the marvellest knight who is now living, for he destroyeth many good knights, for he goeth invisible.
(Score: 4, Informative) by higuita on Thursday March 20 2014, @12:55PM
In Europe, TOS, internal rules, contracts, etc can not overpower national laws, they automatically became invalid.
you can not sign a contract saying you want to be a slave or want to be tortured (but many companies try to do that)
(Score: 3, Informative) by Sir Garlon on Thursday March 20 2014, @02:01PM
The same is true in the US, it's just that the national laws are weaker.
[Sir Garlon] is the marvellest knight who is now living, for he destroyeth many good knights, for he goeth invisible.
(Score: 4, Insightful) by Dunbal on Thursday March 20 2014, @09:02AM
Not taking Microsoft's side here if they had no basis to do so, BUT - if it's a requirement for employees to use hotmail (which is owned by Microsoft) for internal and/or external communication, then this is no different than any other corporation going through its internal mail servers. You do know your IT department is "reading" your mail, right? Try to send porn pics or some other objectionable email through the company server and see how long it takes to be deleted and you summoned to your boss' office.
(Score: 2) by TheloniousToady on Thursday March 20 2014, @09:04AM
Next time you try this experiment, just send the objectionable material directly to me. Then I'll have plausible deniability.
(Score: 5, Funny) by KritonK on Thursday March 20 2014, @10:10AM
Given that I am my company's IT department, they'd better be reading my mail!
(Score: 2) by Dunbal on Thursday March 20 2014, @02:20PM
Heh good one.
True story. My wife's former boss insisted that he didn't real "emails" from anyone. He either communicated face to face or by phone, but not email. This, as a country manager for a Fortune 500 co. Long story short, my wife now works for another company at a higher level and with better pay. Some people actually try to get by without this whole newfangled e-mail thingie, apparently. But they're usually arse-holes.
(Score: 0) by Anonymous Coward on Thursday March 20 2014, @01:46PM
The "cloud" is their computer, why not?
How stupid for this idiot to use M$ services to try to get back at them.
(Score: 2) by Marand on Thursday March 20 2014, @02:42PM
And then never have to worry about anybody reading your emails, because they get marked as spam by Google/Microsoft/etc. unless you grease the right palms.
I agree with you in principle, but aggressive spam filtering has led to this being a lot harder to maintain and use in practice.
(Score: 1) by bstamour on Thursday March 20 2014, @09:39PM
I've been running a personal mail server for just over a year now, and I've had no issues with my emails being discarded. I regularly communicate with my thesis adviser (who uses gmail) as well as friends and family who all use various providers. As long as you've got your MX/SPF records in order, and you're not running an open relay, I see no issue with self-hosting.
Peace, love, and Unix
(Score: 2, Informative) by tftp on Thursday March 20 2014, @10:31PM
they get marked as spam by Google/Microsoft/etc. unless you grease the right palms.
I can only agree with bstamour - as long as you do simple measures, like having a static IP address and reverse DNS, you are good. I personally also publish a very aggressive DMARC policy: anything that pretends to be from me but does not pass SPF or DKIM checks is to be discarded. SPF only requires you to publish a simple record in DNS; DKIM for Postfix is free. Works great.
I also run a similar setup (but with MS Exchange) for the business. DKIM for Exchange costs a few hundred dollars (one time fee for the software.) I tried several outsourced email providers, and they all were rejected, for one reason or another. You simply have no control; when something happens all you can do is to call the provider and beg them to look into the problem. I even have my own network of three DNS servers (at different IP addresses) because anything else is just testing your patience. The DNS at the domain registrar is controlled through the Web interface, does not work, and the tech support is just telling me that it's all OK and I have nothing to worry about - when I have a specific bug identified and presented to them. It was infinitely cheaper and easier to just deploy three boxes with BIND.
I have three network accounts in my MUA. Two of them are on my servers, the third one is a 3rd party account. Guess which account fails now and then? People at hosting companies have no second thought about messing with the email system whenever it is convenient to them.
(Score: 2) by Open4D on Saturday March 22 2014, @08:12AM
This has now been picked up as a story in its own right, e.g.:/ microsoft-tightens-privacy-policy-journalists-emai ls [theguardian.com]
http://www.bbc.com/news/business-26677607 [bbc.com]
http://www.theguardian.com/technology/2014/mar/21
(Score: 1) by grub on Saturday March 22 2014, @10:38AM
Yep. I was lighting a torch and getting my pitchfork when others were making excused for MS... ;)
~ Trolling is a art ~