One of my user (Person A) is claiming that another person (Person B) is reading into their Calendar because Person B manages to acquire information that he would not otherwise have obtained.Our company has a strict “lock-your-workstation-before-leaving-your-chair” policy and Person A is a VERY good boy.
I checked the “User Details” of Person A’s mailbox and realize that there is absolutely no appearance of Person B whatsoever. Nothing on Log.nsf either.
Is there a way to view someone else’s mailbox without leaving a trace?
Person A (the good boy) has a lot of confidential meeting information that cannot be shared by non-meeting attendees. Security is at stake!
Please help!!!
BrianC
Subject: Snooping on Others’ Calendar Entries
if User Activity is recorded then it would show as a Read in the user activity log of the database. Don’t forget that UA logs are replica specific and do not replicate so if there is more than 1 replica (on another server) it’s possible that user B is accessing the mail file on a different server. But just for sanity sake, check the user B’s access to user A’s mail file by using the Effective Access button in the ACL. If it’s No Access but with the Read Public Docs enabled then the calendar can be seen by user B. If it’s No Access and Read Public Docs is not selected then user B cannot read user A’s calendar entries.
Subject: RE: Snooping on Others’ Calendar Entries
Thanks for your reply, Paul!Yes, we do have another replica of the database on a secondary server, but User Activity on the other replica doesn’t contain User B either 
It’s not really a matter of B seeing A’s calendar entries. It’s how B can see A’s entries without leaving a trace!
We thought, maybe B makes a local replica of A’s so he can see whatever he wants and let the UA writes whatever to the local replica because UA Log 's not replicated like you said. But still, once B replicates to get updated calendar info, replication itself will show as a Read already (we tested that out). The initial replica creation is also logged (we tested that out too). No trace on UA Log means B is not replicating A’s mailbox anywhere.
Any other thoughts?
Greatly appreciated!
Subject: RE: Snooping on Others’ Calendar Entries
Sometimes the low-tech solution is best, so here goes: how about you chair a meeting with User A, User B, and the head of Human Resources. Then ask User B point blank: “How are you managing to read A’s calendar entries w/o leaving a trace?”
Subject: RE: Snooping on Others’ Calendar Entries
HAHA! In this unique situation, I’m afraid there are overlapping characters involved that the meeting will have less than 4 attendants when @Unique(User A;User B;Head of HR;myself) attend.Political power play here and I’m just my lowly Domino Admin trying to provide evidences for the victim.
Subject: RE: Snooping on Others’ Calendar Entries
does user B have access to the OS on the server where the mail file resides? If so he can make an OS level copy of the mail file and open it locally and read any document in it including calendar entries.
Subject: RE: Snooping on Others’ Calendar Entries
Good thought, Paul!But the answer is no, I’m afraid
B doesn’t have OS level access to it.
Subject: RE: Snooping on Others’ Calendar Entries
Here’s a thought. Say I’m user B, and I’m suspicious that User A is meeting with User C (behind my back). I go into scheduling a meeting, add both of them to the invite list, and check busy time, and notice when they’re both busy at the same time. This does not read either person’s calendar, just the busytime database. I just put 2 and 2 together…
Subject: RE: Snooping on Others’ Calendar Entries
Plausible. In fact, that’s how I check whether my boss(es) are around most of the time :).However, User B managed to gain knowledge of certain information that is only mentioned in the description section of the meetings.
The plot thickens 0_0…
Subject: RE: Snooping on Others’ Calendar Entries
have you checked User B’s access via the Effective Access button in the ACL as I hav previously suggested? What is the result?
Subject: RE: Snooping on Others’ Calendar Entries
Hi Paul,
Like you’ve suggested, it is No Access but Read Public Document checked. B can read A’s schedule but NOT the Detail portion of the entries, just busy & available time. But for the problem at hand, it’s not a matter of B being able to read A’s calendar. The problem is how B can see A’s schedule without tiggering a log on User Activity.
Unless there’s a better way, we need to have Read Public Document checked for people to schedule meetings effectively.
Nonetheless, we’ve come to the conclusion that A must have been smoking something potent that he’s imagining the whole thing or B possesses supernatural powers that’s beyond the realm of all scentific explanations.
Perventive measures had been taken including but not limited to a new Public Key for A (we did some more OS & PC level stuffs too).
It’s unfortunate that B is not caught this time. But if it ever happens again (as if it ever happened before), we do have other means of tracking B’s every move.
Subject: RE: Snooping on Others’ Calendar Entries
Putting on my App Dev hat today and saving some other worlds at some other clients. I’ll check on that when I return to the previous Domain tomorrow! Many thanks on checking on progress. Greatly appreciate it!
Subject: Snooping on Others’ Calendar Entries
I wonder what they “know.” If you try and book a meeting with User A and see they are busy, you maybe able to figure out what’s on the go if you look at other people’s meetings and see who else is busy.
Of course the flip of this is, User A’s calendar maybe locked down but User C’s who is also at the meeting calendar maybe WIDE open.
Then there is always the possibility they are getting information from another system. I was fixing a problem with a travel authorization system, it just so happened one of the travel request I opened, looking at the problem, had in the justification of the travel to terminate someone. I knew this before the employee themselve, I did NOT enjoy knowing this information and clearly kept my mouth shut… But it shows sometimes you need to look elsewhere.
There are other options, system openings? Could the information be store on a PDA? Blackberry? Cell Phone? Could these system have a security hole? Could the person be connecting wirelessly and User B be seeing data packets?
Then there is a basic possibility of does User B have a copy of User A’s ID file and have a password? Could Person B be login to Person A calendar via DWA?
ESP?
Subject: RE: Snooping on Others’ Calendar Entries
HA! I like your thinking! Especially the ESP part!Actually, I am leaning towards believing that User B is obtaining the info from another source other than Notes. The general impression I got from all the nice people responding to me indicates that User Activity is to be trusted.
Seems like there’s no way a person can look at another’s mailfile without leaving any footprints (well, unless God is carrying him of course).
The thought of ID file compromised actually occured to me and I’ve already redid the Public Key thingie. If B has a copy it’s no longer a working copy.
I can feel the pain of the situation you’ve described. It’s hard to converse with an employee with a countdown number on their head and they don’t even know it (if you’ve ever seen the game Lemmings, you’ll know what I mean)
Subject: Thank you for all your help!
Thank you all for participating in this little thread!Your kind thoughts and suggestions are greatly appreciated!
Until the next unsolved mystery pops, so long!