I of course understand the reasons for it, but this has in one fell swoop defeated all existing security measures on the net today. There has to be a better way? (Like respect your employees and pay them enough? You'd be surprised how far honesty, integrity and respect will take you.)
SSL is useless with a keylogger on the client.
This is insane overkill. If you want to block access you block access, you do not snoop. This is datamining under the guise of security - pure and simple. How much data collected by the local server is surreptitiously reported back to a central server run by Spector360? (entirely possible and so lucrative as to be almost irresistible, especially without the "employer"/customer's knowledge.)
The potential for abuse is insane here... so what happens when the sysadmin running it on behalf of the manager becomes unsatisfied/offended/loses-it/goes-postal and releases all personal information on emplyees that was collected to the net inculding bank passwords, credit card numbers all kind of personal information.
If your corporate environment is so poison as to require this product then this is extremely likely to happen.
Horribly bad idea. Mark my words. Just wait for the first case. It will (already has?) happen.
(My mind begins working on a way to defeat keyloggers... randomise ar mask or distort or encrypt keyboard input somehow... change the mechanism? A new USB device that serves as a keyboard but uses none of the standard interfaces...? just for communicating with a browser plugin or js code on your "re-secured" webpage ... hardware dongles? gonna have to lock down the mouse too... perhaps a "frequency-hopping" paradigm would do it... continuously and randomly jump interfaces for user input in a way that only your webpage/servers understand...)
I would go so far to say that if you require such "shackles" for your employees, then they are not employees at all. This is what you call wage slavery.
Nice team.
What happened to trust in the workplace? I'm so old fashioned... Your employees must feel part of the team and want to be there or your product/service will suck. Period.
Edit: No, it is not "old fashioned", that is just the way it is (for people of integrity).
Additionally, I might as well spell out an example social engineering scam indicated by the thread title: setup a bogus business with this product as it's main tool. Use whatever guise you want... (jewelery? Tupperware?) target part-time rich housewives, ideally with a "work from home" setup so you can monitor personal use as well... you might make a few bucks on the jewelery and crap in the meantime but just before your flight to a remote pacific island compound, you cash in the data and book.
Data, of course, also has value in currencies other than cash. (Read power.)
Finally, I know for a fact that good old traditional honesty, integrity and respect in business practices will take you way further than using tools like this. If one is considering this product for their business then they are already doomed. Respecting and loving your employees is so much more lucrative in the long run that this is almost humorous if it were not for the abuse and security implications. Yes, I said
love. It actually wins awards and recognition beyond the obvious and tangible benefits to your business.
edit2: aside: technological metahistory of Xenocorp - this takes us one step closer to the originally fictional origins and rise of Xenocorp as a semi- physically separate network implementation for service of the safe and secure fun and joy of the people. "Frequency hopping" user input as our first hardware product? (I just gave the idea away though, like I always do... maybe someone will build it and we can buy it cheap and brand it...)
Topic: A brilliant(ly evil) new social engineering scam (Read 2954 times)