RE: Internet Access

Jay L Schollmeyer
Local Chairman 1637
Portland, OR 97215
Email jay@jaysworks.com

Matthew K Rose
President and CEO
BNSF
2600 Lou Mink Dr
Forth Worth, TX 76131

RE: Internet Access

April 1, 2001

Mr. Rose, since 1997 the BNSF has allowed access to crew information via the Internet and I might add that it was very much appreciated.

Around March 1, 2001 they did a software update that has raised some concerns. The first time an employee logs on to the new version they must grant permission to access files on the employees computer. The BNSF computer people did flash a memo that said, “This new process is non-intrusive and does not allow access to any PC configuration files.”

Access to PC configuration files is not the problem. The issue is the potential for abuse and unauthorized access to personal files on the users computer. The Spec-Sheet provided by Open Connect Systems the vendor of the software states that, “the program allows your Java applet or application programs to interact with host systems”. Any moderately talented hacker could write an application that could collect and report the files on the employees computer.

Any rational person would ask, “Why would a company like the BNSF want to do that?” I have to ask, “Why does the BNSF use a spider program to view every file and directory on my web server?”

The solution would be to let the user choose between the old and new version. Currently if you do not grant the permission the person has to deal with less than what the old version provided.



Yours Truly,

/s/JL Schollmeyer

Vice General Chairman

cc:   Byron A. Boyd, Jr.
       Clinton J. Miller, III
       John O’B. Clarke, Jr.
       JD Fitzgerald
       BNSF General Chairpersons

Sample of access log for jaysworks.com, note the IP address (170.49.43.2)

Burlington Northern Railroad (NET-BNR2)
176 E 5th St
St Paul, MN 55101 Netname: BNR2
Netblock: 170.49.0.0 - 170.49.255.255
Coordinator:
Satchell, Mike (MS4024-ARIN) michael.satchell@bnsf.com
(817) 333-7830 (FAX) (817) 333-7165

170.49.43.2 - - [05/Mar/2001:04:39:06 -0500] "GET / HTTP/1.0" 200 3836
170.49.43.2 - - [05/Mar/2001:04:39:07 -0500] "GET /jay.gif HTTP/1.0" 200 7355
170.49.43.2 - - [05/Mar/2001:04:39:07 -0500] "GET /aster.jpg HTTP/1.0" 200 9186
170.49.43.2 - - [05/Mar/2001:04:39:07 -0500] "GET http://www.hostcentric.com/cgi-bin/c2countit.cgi?hoc_jaysworks_1&sworks.com/index.html
170.49.43.2 - - [05/Mar/2001:04:39:09 -0500] "GET /kites HTTP/1.0" 301 231
170.49.43.2 - - [05/Mar/2001:04:39:09 -0500] "GET /kites/ HTTP/1.0" 200 6263
170.49.43.2 - - [05/Mar/2001:04:39:09 -0500] "GET /kites/curtainz.jpg HTTP/1.0" 200 2347
170.49.43.2 - - [05/Mar/2001:04:39:10 -0500] "GET /kites/eyes3.gif HTTP/1.0" 200 13044
170.49.43.2 - - [05/Mar/2001:04:39:10 -0500] "GET /kites/tb.gif HTTP/1.0" 200 8471|
170.49.43.2 - - [05/Mar/2001:04:39:10 -0500] "GET /kites/top.jpg HTTP/1.0" 200 18158
170.49.43.2 - - [05/Mar/2001:04:39:10 -0500] "GET /kites/cooll.gif HTTP/1.0" 200 20726
170.49.43.2 - - [05/Mar/2001:04:39:10 -0500] "GET /kites/lo-025.gif HTTP/1.0" 200 4162
170.49.43.2 - - [05/Mar/2001:04:39:11 -0500] "GET http://www.hostcentric.com/cgi-bin/c2countit.cgi?hoc_jaysworks_1&sworks.com/kites/index.html
170.49.43.2 - - [05/Mar/2001:04:39:11 -0500] "GET /kites/bbanner.gif HTTP/1.0" 200 1886
170.49.43.2 - - [05/Mar/2001:04:39:11 -0500] "GET /kites/bottom.jpg HTTP/1.0" 200 40252
170.49.43.2 - - [05/Mar/2001:04:39:18 -0500] "GET /1637/ HTTP/1.0" 200 14743
170.49.43.2 - - [05/Mar/2001:04:39:19 -0500] "GET /1637/utusmall.gif HTTP/1.0" 200 5844
170.49.43.2 - - [05/Mar/2001:04:39:19 -0500] "GET /1637/new-1.gif HTTP/1.0" 200 1416
170.49.43.2 - - [05/Mar/2001:04:39:19 -0500] "GET http://www.hostcentric.com/cgi-bin/c2countit.cgi?hoc_jaysworks_1&sworks.com/1637/index.shtml
170.49.43.2 - - [05/Mar/2001:04:39:19 -0500] "GET /1637/tcab3.jpg HTTP/1.0" 200 6960
170.49.43.2 - - [05/Mar/2001:04:39:19 -0500] "GET /1637/web_gem.jpg HTTP/1.0" 200 4160
170.49.43.2 - - [05/Mar/2001:04:39:19 -0500] "GET /1637/all1.gif HTTP/1.0" 200 14418
170.49.43.2 - - [05/Mar/2001:04:39:20 -0500] "GET /1637/uyesclr2.gif HTTP/1.0" 200 1944
170.49.43.2 - - [05/Mar/2001:04:39:24 -0500] "GET /1637/1637/ HTTP/1.0" 200 15519
170.49.43.2 - - [05/Mar/2001:04:39:25 -0500] "GET /reabanner.gif HTTP/1.0" 200 8836
170.49.43.2 - - [05/Mar/2001:04:39:34 -0500] "GET /wwwboard/ HTTP/1.0" 200 46878
170.49.43.2 - - [05/Mar/2001:04:39:34 -0500] "GET /wwwboard/bg.jpg HTTP/1.0" 200 952
170.49.43.2 - - [05/Mar/2001:04:39:34 -0500] "GET /1637/member.gif HTTP/1.0" 200 6121
170.49.43.2 - - [05/Mar/2001:04:39:56 -0500] "GET /2000/2000yardmaster.pdf HTTP/1.0" 200 107369
170.49.43.2 - - [05/Mar/2001:04:49:54 -0500] "GET /deadhead HTTP/1.0" 301 234
170.49.43.2 - - [05/Mar/2001:04:49:55 -0500] "GET /deadhead/ HTTP/1.0" 200 505
170.49.43.2 - - [05/Mar/2001:04:49:55 -0500] "GET /deadhead/temps.html HTTP/1.0" 200 1431
170.49.43.2 - - [05/Mar/2001:04:49:55 -0500] "GET /deadhead/reports.html HTTP/1.0" 200 245
170.49.43.2 - - [05/Mar/2001:04:49:56 -0500] "GET http://www.hostcentric.com/cgi-bin/c2countit.cgi?hoc_jaysworks_1&sworks.com/deadhead/temps.html
170.49.43.2 - - [05/Mar/2001:04:50:53 -0500] "GET /deadhead/ HTTP/1.0" 304 -
170.49.43.2 - - [05/Mar/2001:04:50:54 -0500] "GET /deadhead/temps.html HTTP/1.0" 304 -
170.49.43.2 - - [05/Mar/2001:04:50:54 -0500] "GET http://www.hostcentric.com/cgi-bin/c2countit.cgi?hoc_jaysworks_1&sworks.com/deadhead/temps.html
170.49.43.2 - - [05/Mar/2001:04:50:59 -0500] "GET /deadhead/ HTTP/1.0" 304 -
170.49.43.2 - - [05/Mar/2001:04:51:00 -0500] "GET /deadhead/temps.html HTTP/1.0" 304 -