Thank you for everyone who responded, which was many - I haven't had
time to respond to all personally.
I'll try to summarise the feedback as soon as I can, but the gist seems
to be that, unless we have some 'nasties' on our PC's, it is the User's
webmail accounts (and/or their web surfing habits), and their handling
of it which is at the heart of the matter.
We've also identified some setup issue with PC Anti-Virus (AV) we'll
have to look at:
* quarantined items on the PC's confuse the users - so we'll have to try
to make sure that we clear viruses immediately rather than quarantine.
* whether the AV on the PC will protect the user's memory stick if the
user opens a dodgy email - the PC (and network) is clearly protected,and
so, therefore are subsequent users, but is the
* individual users think we are providing a free AV check and clearance
service for their media and want to be able to play with the AV software
to clear up their media - we think we're protecting our PC's and
networks,and the whole user base, and don't want them fiddling with
'our' software.
I heard that some authorities were forcing users to test removeable
media before using it, but not how to do that. I would have thought that
it would be necessary to:
* disallow direct login to the PC booking system - forcing booking
workload onto staff - to ensure all removeable media are checked.
* take away a PC from the bookings, just for testing and clearance,
unless staff have to do it. Or has someone got a clever, small (cheap!)
dedicated kiosk just for that purpose?
Again, all thoughts gratefully received.
JU
-----Original Message-----
From: Vallance, Dawn [mailto:[log in to unmask]]
Sent: 21 August 2009 08:17
To: Usher, John
Subject: FW: Public PC's sending emails after the user has gone?
Hi John,
I asked our IT guy and this is his response. This story may be
connected/cheer you up, but I am not sure, I recently came back to work
after a few days off to a voicemail message from the Head of Personnel
at this council to say I had sent him a dubious pornographic email
(during my time off). When I checked with our IT department they said it
had been caused by a virus and did I know I had also sent it to a
councillor and about 8 other members of staff!!!! No P45 yet.....
Dawn
-----Original Message-----
From: Paterson, Malcolm
Sent: 20 August 2009 14:28
To: Vallance, Dawn
Subject: RE: Public PC's sending emails after the user has gone?
Hi Dawnie,
The only way a Public PC can send emails from a webmail account after a
session is finished and the PC shut down is if:
1. There is a Super Virus on the machine. However, for this to
work the Virus has to hack into a system that is powered on and log on
as a member of Staff. It needs to do this so that it can open and log
into Netloan in order to make the booking for itself. It has to guess
the library card number of the member in question so that it can pretend
to netloan that it is a member of the library and be permitted to log on
to the machine in the first place. It then has to switch on the correct
public PC - or it will not see its booking - and then log on.
2. Users must be permitted to take possession of the PC and therefore
store their username and password on the machine in order for the Super
Virus to carry out its next tasks. It has to log on and open internet
explorer. It then has to find and authenticate to the webmail service
in question (although with so many public users with webmail accounts it
must be terribly difficult to make its mind up). Once authenticated it
then has to open the 'Compose option', type a letter, open the address
book, pick a victim and then mail itself. (Cool virus :D Bet it can
make coffee and bake cakes too :D :D)
REALISTICALLY:
Malware from a webmail service is sent from within the user's own
account where it does not require authentication, has full 24\7 access
to the user's address book and is safely tucked away because the user
brought it in and activated it themselves. It has a pre-composed body
of text already made up so all it has to do is attach itself to an
address and off it goes. Such malware are annoying. The other type is
dangerous - the ones that take your personal banking details back to
their masters.
If any of our customers suggested this I would be advising them to:
1. Clean out their webmail because that is where the culprit is almost
certainly hiding.
2. Make sure their webmail account has not been compromised since that
is the only other way a mail can be sent from your webmail - someone is
logging on as them.
I would also be asking what makes the customer believe it is coming from
the public machine since:
1. Impossible.
2. No way of telling anyway as the mail will be sent from the webmail
server.
Me :)
-----Original Message-----
From: Vallance, Dawn
Sent: 18 August 2009 09:30
To: Paterson, Malcolm
Subject: FW: Public PC's sending emails after the user has gone?
Have you come across this?
Dawn
-----Original Message-----
From: lis-pub-libs: UK Public Libraries
[mailto:[log in to unmask]] On Behalf Of Usher, John
Sent: 17 August 2009 16:41
To: [log in to unmask]
Subject: Public PC's sending emails after the user has gone?
Sorry for Cross-Posting
We have had a couple of customer 'queries' that their webmail webmail
accounts have been sending 'unfortunate' messages after they leave the
library, they allege due to a virus/malicious software on the PC.
Now, I don't discount the possibility, but if the dodgy software
requires the PC to be on to run it, and these messages go out two hours
after the library closes, and we don't have Outlook (full or express) or
any other client-based email on the PC's or servers, and only allow
webmail - how?
And our Anti-Virus solution is reputable and robust, and the machines
appear clean, but nothing is perfect.
Our IT department have suggested there is a Microsoft Malicious
Software Removal Tool, but I'm not clear whether this offers any
advantages.
We've asked the 'affected' users to change their email password and
improve their eSecurty wherever possible.
If anyone has any experience of, or ideas on this, I'd be glad to hear
from you.
Regards
JU
John Usher
ICT Manager
Library and Heritage Services
Islington Council
Central Library
2 Fieldway Crescent
LONDON N5 1PF
Tel: 020 7527 6920
Mobile: 07825 098 223
Fax: 020 7527 6926
Alternative contact: Michelle Gannon - 020 7527 6907
www.islington.gov.uk
How to get to Central Library:
http://www.islington.gov.uk/Education/Libraries/Local/Central.asp
************************************************************************
****************
This Email, and any attachments, may contain Protected, Restricted or
Legally Privileged information and is intended solely for the individual
to whom it is addressed. It may contain sensitive or protectively
marked material and should be handled accordingly.
If this Email has been misdirected, please notify the author
immediately. If you are not the intended recipient you must not
disclose, distribute, copy, print or rely on any of the information
contained in it or attached, and all copies must be deleted immediately.
Whilst we take reasonable steps to try to identify any software viruses,
any attachments to this Email may nevertheless contain viruses which our
anti-virus software has failed to identify. You should therefore carry
out your own anti-virus checks before opening any documents.
Islington Council will not accept any liability for damage caused by
computer viruses emanating from any attachment or other document
supplied with this e-mail. All Email communications may be subject to
recording and / or monitoring in accordance with relevant legislation.
Information contained in this Email may be subject to public disclosure
under the Freedom of Information Act 2000 or the Environmental
Information Regulations 2004. Unless the information is legally exempt
from disclosure, the confidentiality of this Email and your reply cannot
be guaranteed.
If you wish to re-use the information, perhaps for commercial purposes,
in a way which, without permission, might breach our copyright, please
first read our policy on Re-use of Public Sector Information which can
be found on our website http://www.islington.gov.uk/freedomofinformation
or alternatively e-mail [log in to unmask] Any part of this Email
which is purely personal in nature is not authorised by London Borough
of Islington.
Contact Islington switchboard: +44 20 7527 2000 www.islington.gov.uk
************************************************************************
****************
Keep Johnnie Walker in Kilmarnock
http://www.keepjohnniewalkerinkilmarnock.com
************************************************************************
************
East Ayrshire Council's service commitment states that all
correspondence will be answered within seven working days of receipt.
Customers will be informed should the Council require additional time to
resolve their query. Please note that different legal standards apply
to Social Work.
************************************************************************
************
This footnote confirms that this email message has been checked by East
Ayrshire Council for the presence of computer viruses before being sent.
Recipients should understand that we cannot maintain the integrity of
messages once they have left our network and you are therefore advised
to ensure you have adequate protective software operating before reading
emails from any source.
Please be advised that all of East Ayrshire Council's incoming and
outgoing email is subject to monitoring. This communication shall not
bind East Ayrshire Council, its officials or employees and shall not in
any way constitute or form part of a contract. Any view or opinion
expressed in this communication shall not be construed as that of East
Ayrshire Council.
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they are
addressed.
If you have received this email in error please notify the system
manager - [log in to unmask]
************************************************************************
************
****************************************************************************************
This Email, and any attachments, may contain Protected, Restricted or Legally Privileged information and is intended solely for the individual to whom it is addressed. It may contain sensitive or protectively marked material and should be handled accordingly.
If this Email has been misdirected, please notify the author immediately. If you are not the intended recipient you must not disclose, distribute, copy, print or rely on any of the information contained in it or attached, and all copies must be deleted immediately.
Whilst we take reasonable steps to try to identify any software viruses, any attachments to this Email may nevertheless contain viruses which our anti-virus software has failed to identify. You should therefore carry out your own anti-virus checks before opening any documents.
Islington Council will not accept any liability for damage caused by computer viruses emanating from any attachment or other document supplied with this e-mail. All Email communications may be subject to recording and / or monitoring in accordance with relevant legislation.
Information contained in this Email may be subject to public disclosure under the Freedom of Information Act 2000 or the Environmental Information Regulations 2004. Unless the information is legally exempt from disclosure, the confidentiality of this Email and your reply cannot be guaranteed.
If you wish to re-use the information, perhaps for commercial purposes, in a way which, without permission, might breach our copyright, please first read our policy on Re-use of Public Sector Information which can be found on our website http://www.islington.gov.uk/freedomofinformation or alternatively e-mail [log in to unmask] Any part of this Email which is purely personal in nature is not authorised by London Borough of Islington.
Contact Islington switchboard: +44 20 7527 2000 www.islington.gov.uk
****************************************************************************************
|