Hard to believe this was in the Wall Street Journal
-
Ten Things Your IT Department Won't Tell You[^] I find it hard to believe this was in a reputable publication like the Wall Street Journal. :sigh: This is irresponsible. X| It basically tells you how to bypass your company's security procedures. :rolleyes: 1. HOW TO SEND GIANT FILES 2. HOW TO USE SOFTWARE THAT YOUR COMPANY WON'T LET YOU DOWNLOAD 3. HOW TO VISIT THE WEB SITES YOUR COMPANY BLOCKS 4. HOW TO CLEAR YOUR TRACKS ON YOUR WORK LAPTOP 5. HOW TO SEARCH FOR YOUR WORK DOCUMENTS FROM HOME 6. HOW TO STORE WORK FILES ONLINE 7. HOW TO KEEP YOUR PRIVACY WHEN USING WEB EMAIL 8. HOW TO ACCESS YOUR WORK EMAIL REMOTELY WHEN YOUR COMPANY WON'T SPRING FOR A BLACKBERRY 9. HOW TO ACCESS YOUR PERSONAL EMAIL ON YOUR BLACKBERRY 10. HOW TO LOOK LIKE YOU'RE WORKING
Simply Elegant Designs JimmyRopes Designs
Think inside the box! ProActive Secure Systems
I'm on-line therefore I am. JimmyRopesI can't even access Proxy.org site :( So there is no chance to access other sites... Not a good option... My 1 -- modified at 5:04 Thursday 2nd August, 2007
-
JimmyRopes wrote:
I find it hard to believe this was in a reputable publication like the Wall Street Journal. This is irresponsible.
A bit melodramatic don't you think. There is nothing remotely new or novel about any on the items described. I'd figure any windows user with half a brain could figure most if not all of these items out on their own.
My Blog A human being should be able to change a diaper, plan an invasion, butcher a hog, conn a ship, design a building, write a sonnet, balance accounts, build a wall, set a bone, comfort the dying, take orders, give orders, cooperate, act alone, solve equations, analyze a new problem, pitch manure, program a computer, cook a tasty meal, fight efficiently, die gallantly. Specialization is for insects. - -Lazarus Long
Chris Austin wrote:
I'd figure any windows user with half a brain could figure
Sure, but it was in Wall Street Journal. Thats a publication for carefully selected extra-brainless people. :)
Failure is not an option - it's built right in.
-
Ten Things Your IT Department Won't Tell You[^] I find it hard to believe this was in a reputable publication like the Wall Street Journal. :sigh: This is irresponsible. X| It basically tells you how to bypass your company's security procedures. :rolleyes: 1. HOW TO SEND GIANT FILES 2. HOW TO USE SOFTWARE THAT YOUR COMPANY WON'T LET YOU DOWNLOAD 3. HOW TO VISIT THE WEB SITES YOUR COMPANY BLOCKS 4. HOW TO CLEAR YOUR TRACKS ON YOUR WORK LAPTOP 5. HOW TO SEARCH FOR YOUR WORK DOCUMENTS FROM HOME 6. HOW TO STORE WORK FILES ONLINE 7. HOW TO KEEP YOUR PRIVACY WHEN USING WEB EMAIL 8. HOW TO ACCESS YOUR WORK EMAIL REMOTELY WHEN YOUR COMPANY WON'T SPRING FOR A BLACKBERRY 9. HOW TO ACCESS YOUR PERSONAL EMAIL ON YOUR BLACKBERRY 10. HOW TO LOOK LIKE YOU'RE WORKING
Simply Elegant Designs JimmyRopes Designs
Think inside the box! ProActive Secure Systems
I'm on-line therefore I am. JimmyRopesI see your company IT policy, which you haven't subverted yet, includes TYPING IN CAPITALS. (You do make a slight point though. Companies need to change but through proper process not through subversion.)
regards, Paul Watson Ireland & South Africa
Shog9 wrote:
And with that, Paul closed his browser, sipped his herbal tea, fixed the flower in his hair, and smiled brightly at the multitude of cute, furry animals flocking around the grassy hillside where he sat coding Ruby on his Mac...
-
I think you over-estimate the ability of the average Windows user by a great deal. My experience is that most windows users can open their web browser - if it's in exactly the same place as last time. Anything beyond that quickly becomes increasingly unlikely. On the other hand, it is surprising what a completely clueless person can learn to do if it lets them get around security and policy restrictions.
"Your typical day is full of moments where you ask for a cup of coffee and someone hands you a bag of nails." - Scott Adams
standgale wrote:
On the other hand, it is surprising what a completely clueless person can learn to do if it lets them get around security and policy restrictions.
Absolutely.
Upcoming events: * Glasgow: Mock Objects, SQL Server CLR Integration, Reporting Services, db4o, Dependency Injection with Spring ... "I wouldn't say boo to a goose. I'm not a coward, I just realise that it would be largely pointless." My website
-
That's partially true. IT departments are not "self-made": they are organization belonging to structures whose activities are decided by the company "tecnocracy" that basically say what an employ of a given department should or shouldn't do. And that's valid for IT as well, that are explicitly required to contain the IT costs in certain budgets and to assure that a given activity that shouldn't be done cannot in fact be done. The "arbitrary rules bored bureaucrats use to make my life difficult" don't come from the IT itself, but from per personnel department, that ask the IT to find out the technical way to implement such rules. I perfectly agree that "When a sales person calls up, irate because the proposal he spent the night putting together was stripped out ... ", but if the IT has a limited spending capabilities, it cannot continuously buy hard disks to store the "infinite history" of the company employees life inside the e-mail databases. Even Google gmail has a limit about attachment sizes. The real problem is -probably- that who fixes such limits (the "spending limits" not the mailboxes: personnel, budget and control etc.) is not really aware of what the activity of the people are and what the kind of resource they are required to use are. These problems will probably self-disappear after certain "paper generation people" will left certain key position in the companies. By me, the reason I've to invest in managing comapny PC owned by people tha tare perfacly able to manage their home PC themself is an overkill. I'll probably spend more in infrastructure letting the user self-manage their own end let themselves pay for assistance if they require. But this is a completly different culture about the relation between company and technology.
2 bugs found. > recompile ... 65534 bugs found. :doh:
I was once asked to block certain pages (read: porn) to all the users in a factory (1200+) because they were absorving a large amount of bandwidth, **except** for the 6 executives' computers. Those had full free access to anything. After performing the task, logs showed a decrease in 4% to the amount of hits to those pages. That is, those who where so worried that their employees lost time watching porn where the ones actually causing the trouble! No more comments :P
-
JimmyRopes wrote:
I didn't say any of this was new or novel in any way for an IT professional. I am just surprised at the Wall Street Journal advocating something like this.
To me this is no big deal. Hell, I was a user that did stuff like this when the pricks in the IT dept refused to do something silly like allow the devs to browse MSDN. The problem isn't the users, the problem is the IT departments like this. Rather than doing their job and meeting their users needs they become a self serving wanna-be programmer elitist group.
JimmyRopes wrote:
As I said before, it's irresponsible.
I still maintain that you are being melodramatic. [EDIT]
JimmyRopes wrote:
I didn't say any of this was new or novel in any way for an IT professional.
BTW, I am not an IT professional. I am a software developer.
My Blog A human being should be able to change a diaper, plan an invasion, butcher a hog, conn a ship, design a building, write a sonnet, balance accounts, build a wall, set a bone, comfort the dying, take orders, give orders, cooperate, act alone, solve equations, analyze a new problem, pitch manure, program a computer, cook a tasty meal, fight efficiently, die gallantly. Specialization is for insects. - -Lazarus Long
Chris Austin wrote:
The problem isn't the users, the problem is the IT departments like this. Rather than doing their job and meeting their users needs they become a self serving wanna-be programmer elitist group.
Surely you're aware that company computer networks exist solely and only for the benefit of the SysAdmin staff! If it weren't for all those blasted users, messing around and requesting things that a system adminstrator would never need or use, every company would have a perfect intranet. Get with the program, eh?
-
My 5 ....mainly because I work for a company with strict IT security policies. I've had attachments stripped out of e-mails sent me by suppliers, my e-mails from home to myself at work get blocked (don't ask me why or how) and yet...I still get spam. Security, eh? (OK, I know security != spam filter, but honestly, if they could only try to do half as well as a free service like Gmail, we'd be getting somewhere). At least they were willing to unblock CP when Websense arbitrarily decided to block it...Websense's reason for blocking? CP was in that set of dangerous websites belonging to the 'Uncategorized' category.
Stuart Dootson wrote:
At least they were willing to unblock CP when Websense arbitrarily decided to block it...Websense's reason for blocking? CP was in that set of dangerous websites belonging to the 'Uncategorized' category.
CP has now been categorized? I wondered why there were tears coming to its eyes.
-
Ten Things Your IT Department Won't Tell You[^] I find it hard to believe this was in a reputable publication like the Wall Street Journal. :sigh: This is irresponsible. X| It basically tells you how to bypass your company's security procedures. :rolleyes: 1. HOW TO SEND GIANT FILES 2. HOW TO USE SOFTWARE THAT YOUR COMPANY WON'T LET YOU DOWNLOAD 3. HOW TO VISIT THE WEB SITES YOUR COMPANY BLOCKS 4. HOW TO CLEAR YOUR TRACKS ON YOUR WORK LAPTOP 5. HOW TO SEARCH FOR YOUR WORK DOCUMENTS FROM HOME 6. HOW TO STORE WORK FILES ONLINE 7. HOW TO KEEP YOUR PRIVACY WHEN USING WEB EMAIL 8. HOW TO ACCESS YOUR WORK EMAIL REMOTELY WHEN YOUR COMPANY WON'T SPRING FOR A BLACKBERRY 9. HOW TO ACCESS YOUR PERSONAL EMAIL ON YOUR BLACKBERRY 10. HOW TO LOOK LIKE YOU'RE WORKING
Simply Elegant Designs JimmyRopes Designs
Think inside the box! ProActive Secure Systems
I'm on-line therefore I am. JimmyRopes -
I can't even access Proxy.org site :( So there is no chance to access other sites... Not a good option... My 1 -- modified at 5:04 Thursday 2nd August, 2007
-
If you sell your newspaper to Rupert Murdoch then this is what you get.
'--8<------------------------ Ex Datis: Duncan Jones Merrion Computing Ltd
-
Ten Things Your IT Department Won't Tell You[^] I find it hard to believe this was in a reputable publication like the Wall Street Journal. :sigh: This is irresponsible. X| It basically tells you how to bypass your company's security procedures. :rolleyes: 1. HOW TO SEND GIANT FILES 2. HOW TO USE SOFTWARE THAT YOUR COMPANY WON'T LET YOU DOWNLOAD 3. HOW TO VISIT THE WEB SITES YOUR COMPANY BLOCKS 4. HOW TO CLEAR YOUR TRACKS ON YOUR WORK LAPTOP 5. HOW TO SEARCH FOR YOUR WORK DOCUMENTS FROM HOME 6. HOW TO STORE WORK FILES ONLINE 7. HOW TO KEEP YOUR PRIVACY WHEN USING WEB EMAIL 8. HOW TO ACCESS YOUR WORK EMAIL REMOTELY WHEN YOUR COMPANY WON'T SPRING FOR A BLACKBERRY 9. HOW TO ACCESS YOUR PERSONAL EMAIL ON YOUR BLACKBERRY 10. HOW TO LOOK LIKE YOU'RE WORKING
Simply Elegant Designs JimmyRopes Designs
Think inside the box! ProActive Secure Systems
I'm on-line therefore I am. JimmyRopesAsk yourself why it is that users are so intent on bypassing IT security. I would submit that it is because IT is viewed as a tyranny with no regard for end users. In the eyes of many end users, IT has siezed power and used it to try to control workers, rather than serving the common goal. Mind you, I'm not saying this is the way it is, only that it is perceived as such by office workers. In such an environment, it is only natural that employees would use any opportunity to circumvent IT policies and procedures. If you want to address the problem, address the perception first, particularly the power perception. Start by distinguishing between legitimate security concerns and simple paranoia. Communicate the 'why' to end users of the systems. Then you might start getting buy-in from line-level management and workers.
David Veeneman www.veeneman.com
-
Ten Things Your IT Department Won't Tell You[^] I find it hard to believe this was in a reputable publication like the Wall Street Journal. :sigh: This is irresponsible. X| It basically tells you how to bypass your company's security procedures. :rolleyes: 1. HOW TO SEND GIANT FILES 2. HOW TO USE SOFTWARE THAT YOUR COMPANY WON'T LET YOU DOWNLOAD 3. HOW TO VISIT THE WEB SITES YOUR COMPANY BLOCKS 4. HOW TO CLEAR YOUR TRACKS ON YOUR WORK LAPTOP 5. HOW TO SEARCH FOR YOUR WORK DOCUMENTS FROM HOME 6. HOW TO STORE WORK FILES ONLINE 7. HOW TO KEEP YOUR PRIVACY WHEN USING WEB EMAIL 8. HOW TO ACCESS YOUR WORK EMAIL REMOTELY WHEN YOUR COMPANY WON'T SPRING FOR A BLACKBERRY 9. HOW TO ACCESS YOUR PERSONAL EMAIL ON YOUR BLACKBERRY 10. HOW TO LOOK LIKE YOU'RE WORKING
Simply Elegant Designs JimmyRopes Designs
Think inside the box! ProActive Secure Systems
I'm on-line therefore I am. JimmyRopesDon't blame the WSJ, as sources of the information reported in the article came from -- IT people themselves! Now, IT admins & staff will have to deal with the aftermath.
-
Ten Things Your IT Department Won't Tell You[^] I find it hard to believe this was in a reputable publication like the Wall Street Journal. :sigh: This is irresponsible. X| It basically tells you how to bypass your company's security procedures. :rolleyes: 1. HOW TO SEND GIANT FILES 2. HOW TO USE SOFTWARE THAT YOUR COMPANY WON'T LET YOU DOWNLOAD 3. HOW TO VISIT THE WEB SITES YOUR COMPANY BLOCKS 4. HOW TO CLEAR YOUR TRACKS ON YOUR WORK LAPTOP 5. HOW TO SEARCH FOR YOUR WORK DOCUMENTS FROM HOME 6. HOW TO STORE WORK FILES ONLINE 7. HOW TO KEEP YOUR PRIVACY WHEN USING WEB EMAIL 8. HOW TO ACCESS YOUR WORK EMAIL REMOTELY WHEN YOUR COMPANY WON'T SPRING FOR A BLACKBERRY 9. HOW TO ACCESS YOUR PERSONAL EMAIL ON YOUR BLACKBERRY 10. HOW TO LOOK LIKE YOU'RE WORKING
Simply Elegant Designs JimmyRopes Designs
Think inside the box! ProActive Secure Systems
I'm on-line therefore I am. JimmyRopesTo be honest, all of these are things that the company IT security professionals should already have thought of. Any proxy administrator worth their salt will have already blocked as many upload sites and 3rd party proxies as they can find, and there are companies that do nothing but provide lists of what to block. The one thing that can't really be blocked is someone setting up their own proxy/upload site that won't be known about by published proxy blacklists.
-
I see your company IT policy, which you haven't subverted yet, includes TYPING IN CAPITALS. (You do make a slight point though. Companies need to change but through proper process not through subversion.)
regards, Paul Watson Ireland & South Africa
Shog9 wrote:
And with that, Paul closed his browser, sipped his herbal tea, fixed the flower in his hair, and smiled brightly at the multitude of cute, furry animals flocking around the grassy hillside where he sat coding Ruby on his Mac...
Paul Watson wrote:
TYPING IN CAPITALS
Just swiped the lines from the WSJ article. Didn't type any of them. I don't type in all caps, except when it is syntactically correct to do so as in forming acronyms. By the way, you really didn't need to type "TYPING IN CAPITALS" (swiped that too) when a simple "typing in capitals" would do nicely.
Paul Watson wrote:
Companies need to change but through proper process not through subversion.
Agreed, some companies need to change their IT policy, but what struck me as irresponsible was a trusted business journal advocating policy that will put the person's job in jeopardy. Storing company documents on public repositories, out of the control of the company, is not something a respected business publication should advocate. I think you probably don't appreciate the WSJ reputation in business. It used to be a very responsible publication.
Simply Elegant Designs JimmyRopes Designs
Think inside the box! ProActive Secure Systems
I'm on-line therefore I am. JimmyRopes -
Don't blame the WSJ, as sources of the information reported in the article came from -- IT people themselves! Now, IT admins & staff will have to deal with the aftermath.
robertewilson wrote:
Don't blame the WSJ, as sources of the information reported in the article came from -- IT people themselves!
Then what is the function of the editor if not to edit the content of the newspaper. This article is clearly advocating things that if practiced put someone at risk of losing their job.
Simply Elegant Designs JimmyRopes Designs
Think inside the box! ProActive Secure Systems
I'm on-line therefore I am. JimmyRopes -
robertewilson wrote:
Don't blame the WSJ, as sources of the information reported in the article came from -- IT people themselves!
Then what is the function of the editor if not to edit the content of the newspaper. This article is clearly advocating things that if practiced put someone at risk of losing their job.
Simply Elegant Designs JimmyRopes Designs
Think inside the box! ProActive Secure Systems
I'm on-line therefore I am. JimmyRopesJimmy, A cogent debate here. This august publication reports on more than just business matters and I am a subscriber myself to the Online Journal. I was initially surprised by the appearance of the article, but after reading it, it occurred to me that, if there were no willing IT people divulging these open "secrets," there would have been nothing for the reporter to write. I agree with you that perhaps the article was misguided, but these "tips" can be found on hundreds of sites via any major search engine. The means to circumvent corporate policies and procedures is out there and has been for a long time -- but it requires the will to do so.
-
JimmyRopes wrote:
I didn't say any of this was new or novel in any way for an IT professional. I am just surprised at the Wall Street Journal advocating something like this.
To me this is no big deal. Hell, I was a user that did stuff like this when the pricks in the IT dept refused to do something silly like allow the devs to browse MSDN. The problem isn't the users, the problem is the IT departments like this. Rather than doing their job and meeting their users needs they become a self serving wanna-be programmer elitist group.
JimmyRopes wrote:
As I said before, it's irresponsible.
I still maintain that you are being melodramatic. [EDIT]
JimmyRopes wrote:
I didn't say any of this was new or novel in any way for an IT professional.
BTW, I am not an IT professional. I am a software developer.
My Blog A human being should be able to change a diaper, plan an invasion, butcher a hog, conn a ship, design a building, write a sonnet, balance accounts, build a wall, set a bone, comfort the dying, take orders, give orders, cooperate, act alone, solve equations, analyze a new problem, pitch manure, program a computer, cook a tasty meal, fight efficiently, die gallantly. Specialization is for insects. - -Lazarus Long
Chris Austin wrote:
To me this is no big deal. Hell, I was a user that did stuff like this when the pricks in the IT dept refused to do something silly like allow the devs to browse MSDN. The problem isn't the users, the problem is the IT departments like this. Rather than doing their job and meeting their users needs they become a self serving wanna-be programmer elitist group.
Exactly. We had our firewall system transparently upgraded a couple of weeks ago. E.g. our IT department didn't feel the need to tell anyone as there would be no noticable changes... within 30 minutes of arriving at work, I'd sent a dozen "helpdesk requests" - in each of them I asked whether anything had been changed -- more importantly, we're a software house (but the IT department are "IT" only), I asked each time whether they'd tested it! Apparently, only (good) software engineers know what testing and deployment entails!
Regards, Ray
-
I was once asked to block certain pages (read: porn) to all the users in a factory (1200+) because they were absorving a large amount of bandwidth, **except** for the 6 executives' computers. Those had full free access to anything. After performing the task, logs showed a decrease in 4% to the amount of hits to those pages. That is, those who where so worried that their employees lost time watching porn where the ones actually causing the trouble! No more comments :P
-
My 5 ....mainly because I work for a company with strict IT security policies. I've had attachments stripped out of e-mails sent me by suppliers, my e-mails from home to myself at work get blocked (don't ask me why or how) and yet...I still get spam. Security, eh? (OK, I know security != spam filter, but honestly, if they could only try to do half as well as a free service like Gmail, we'd be getting somewhere). At least they were willing to unblock CP when Websense arbitrarily decided to block it...Websense's reason for blocking? CP was in that set of dangerous websites belonging to the 'Uncategorized' category.
Websense... we had that deployed here a couple of weeks ago. Almost every site I visit was blocked. CP wasn't blocked, MSDN was! Took me about 30 minutes to force the IT manager to "announce" the upgrade and accept that some of the blocking was a little over the top -- however we need to add a business justification!
Regards, Ray
-
To be honest, all of these are things that the company IT security professionals should already have thought of. Any proxy administrator worth their salt will have already blocked as many upload sites and 3rd party proxies as they can find, and there are companies that do nothing but provide lists of what to block. The one thing that can't really be blocked is someone setting up their own proxy/upload site that won't be known about by published proxy blacklists.
Craster wrote:
all of these are things that the company IT security professionals should already have thought of.
I am not saying that any of these things are new or aren't freely available from other sources. I was just commenting on the irresponsibility of a (formerly) respected business publication advocating such practices.
Craster wrote:
The one thing that can't really be blocked is someone setting up their own proxy/upload site that won't be known about by published proxy blacklists.
That is a dangerous one if the site isn't protected properly.
Simply Elegant Designs JimmyRopes Designs
Think inside the box! ProActive Secure Systems
I'm on-line therefore I am. JimmyRopes