Hard to believe this was in the Wall Street Journal
-
My 5 ....mainly because I work for a company with strict IT security policies. I've had attachments stripped out of e-mails sent me by suppliers, my e-mails from home to myself at work get blocked (don't ask me why or how) and yet...I still get spam. Security, eh? (OK, I know security != spam filter, but honestly, if they could only try to do half as well as a free service like Gmail, we'd be getting somewhere). At least they were willing to unblock CP when Websense arbitrarily decided to block it...Websense's reason for blocking? CP was in that set of dangerous websites belonging to the 'Uncategorized' category.
Stuart Dootson wrote:
At least they were willing to unblock CP when Websense arbitrarily decided to block it...Websense's reason for blocking? CP was in that set of dangerous websites belonging to the 'Uncategorized' category.
CP has now been categorized? I wondered why there were tears coming to its eyes.
-
Ten Things Your IT Department Won't Tell You[^] I find it hard to believe this was in a reputable publication like the Wall Street Journal. :sigh: This is irresponsible. X| It basically tells you how to bypass your company's security procedures. :rolleyes: 1. HOW TO SEND GIANT FILES 2. HOW TO USE SOFTWARE THAT YOUR COMPANY WON'T LET YOU DOWNLOAD 3. HOW TO VISIT THE WEB SITES YOUR COMPANY BLOCKS 4. HOW TO CLEAR YOUR TRACKS ON YOUR WORK LAPTOP 5. HOW TO SEARCH FOR YOUR WORK DOCUMENTS FROM HOME 6. HOW TO STORE WORK FILES ONLINE 7. HOW TO KEEP YOUR PRIVACY WHEN USING WEB EMAIL 8. HOW TO ACCESS YOUR WORK EMAIL REMOTELY WHEN YOUR COMPANY WON'T SPRING FOR A BLACKBERRY 9. HOW TO ACCESS YOUR PERSONAL EMAIL ON YOUR BLACKBERRY 10. HOW TO LOOK LIKE YOU'RE WORKING
Simply Elegant Designs JimmyRopes Designs
Think inside the box! ProActive Secure Systems
I'm on-line therefore I am. JimmyRopes -
I can't even access Proxy.org site :( So there is no chance to access other sites... Not a good option... My 1 -- modified at 5:04 Thursday 2nd August, 2007
-
If you sell your newspaper to Rupert Murdoch then this is what you get.
'--8<------------------------ Ex Datis: Duncan Jones Merrion Computing Ltd
-
Ten Things Your IT Department Won't Tell You[^] I find it hard to believe this was in a reputable publication like the Wall Street Journal. :sigh: This is irresponsible. X| It basically tells you how to bypass your company's security procedures. :rolleyes: 1. HOW TO SEND GIANT FILES 2. HOW TO USE SOFTWARE THAT YOUR COMPANY WON'T LET YOU DOWNLOAD 3. HOW TO VISIT THE WEB SITES YOUR COMPANY BLOCKS 4. HOW TO CLEAR YOUR TRACKS ON YOUR WORK LAPTOP 5. HOW TO SEARCH FOR YOUR WORK DOCUMENTS FROM HOME 6. HOW TO STORE WORK FILES ONLINE 7. HOW TO KEEP YOUR PRIVACY WHEN USING WEB EMAIL 8. HOW TO ACCESS YOUR WORK EMAIL REMOTELY WHEN YOUR COMPANY WON'T SPRING FOR A BLACKBERRY 9. HOW TO ACCESS YOUR PERSONAL EMAIL ON YOUR BLACKBERRY 10. HOW TO LOOK LIKE YOU'RE WORKING
Simply Elegant Designs JimmyRopes Designs
Think inside the box! ProActive Secure Systems
I'm on-line therefore I am. JimmyRopesAsk yourself why it is that users are so intent on bypassing IT security. I would submit that it is because IT is viewed as a tyranny with no regard for end users. In the eyes of many end users, IT has siezed power and used it to try to control workers, rather than serving the common goal. Mind you, I'm not saying this is the way it is, only that it is perceived as such by office workers. In such an environment, it is only natural that employees would use any opportunity to circumvent IT policies and procedures. If you want to address the problem, address the perception first, particularly the power perception. Start by distinguishing between legitimate security concerns and simple paranoia. Communicate the 'why' to end users of the systems. Then you might start getting buy-in from line-level management and workers.
David Veeneman www.veeneman.com
-
Ten Things Your IT Department Won't Tell You[^] I find it hard to believe this was in a reputable publication like the Wall Street Journal. :sigh: This is irresponsible. X| It basically tells you how to bypass your company's security procedures. :rolleyes: 1. HOW TO SEND GIANT FILES 2. HOW TO USE SOFTWARE THAT YOUR COMPANY WON'T LET YOU DOWNLOAD 3. HOW TO VISIT THE WEB SITES YOUR COMPANY BLOCKS 4. HOW TO CLEAR YOUR TRACKS ON YOUR WORK LAPTOP 5. HOW TO SEARCH FOR YOUR WORK DOCUMENTS FROM HOME 6. HOW TO STORE WORK FILES ONLINE 7. HOW TO KEEP YOUR PRIVACY WHEN USING WEB EMAIL 8. HOW TO ACCESS YOUR WORK EMAIL REMOTELY WHEN YOUR COMPANY WON'T SPRING FOR A BLACKBERRY 9. HOW TO ACCESS YOUR PERSONAL EMAIL ON YOUR BLACKBERRY 10. HOW TO LOOK LIKE YOU'RE WORKING
Simply Elegant Designs JimmyRopes Designs
Think inside the box! ProActive Secure Systems
I'm on-line therefore I am. JimmyRopesDon't blame the WSJ, as sources of the information reported in the article came from -- IT people themselves! Now, IT admins & staff will have to deal with the aftermath.
-
Ten Things Your IT Department Won't Tell You[^] I find it hard to believe this was in a reputable publication like the Wall Street Journal. :sigh: This is irresponsible. X| It basically tells you how to bypass your company's security procedures. :rolleyes: 1. HOW TO SEND GIANT FILES 2. HOW TO USE SOFTWARE THAT YOUR COMPANY WON'T LET YOU DOWNLOAD 3. HOW TO VISIT THE WEB SITES YOUR COMPANY BLOCKS 4. HOW TO CLEAR YOUR TRACKS ON YOUR WORK LAPTOP 5. HOW TO SEARCH FOR YOUR WORK DOCUMENTS FROM HOME 6. HOW TO STORE WORK FILES ONLINE 7. HOW TO KEEP YOUR PRIVACY WHEN USING WEB EMAIL 8. HOW TO ACCESS YOUR WORK EMAIL REMOTELY WHEN YOUR COMPANY WON'T SPRING FOR A BLACKBERRY 9. HOW TO ACCESS YOUR PERSONAL EMAIL ON YOUR BLACKBERRY 10. HOW TO LOOK LIKE YOU'RE WORKING
Simply Elegant Designs JimmyRopes Designs
Think inside the box! ProActive Secure Systems
I'm on-line therefore I am. JimmyRopesTo be honest, all of these are things that the company IT security professionals should already have thought of. Any proxy administrator worth their salt will have already blocked as many upload sites and 3rd party proxies as they can find, and there are companies that do nothing but provide lists of what to block. The one thing that can't really be blocked is someone setting up their own proxy/upload site that won't be known about by published proxy blacklists.
-
I see your company IT policy, which you haven't subverted yet, includes TYPING IN CAPITALS. (You do make a slight point though. Companies need to change but through proper process not through subversion.)
regards, Paul Watson Ireland & South Africa
Shog9 wrote:
And with that, Paul closed his browser, sipped his herbal tea, fixed the flower in his hair, and smiled brightly at the multitude of cute, furry animals flocking around the grassy hillside where he sat coding Ruby on his Mac...
Paul Watson wrote:
TYPING IN CAPITALS
Just swiped the lines from the WSJ article. Didn't type any of them. I don't type in all caps, except when it is syntactically correct to do so as in forming acronyms. By the way, you really didn't need to type "TYPING IN CAPITALS" (swiped that too) when a simple "typing in capitals" would do nicely.
Paul Watson wrote:
Companies need to change but through proper process not through subversion.
Agreed, some companies need to change their IT policy, but what struck me as irresponsible was a trusted business journal advocating policy that will put the person's job in jeopardy. Storing company documents on public repositories, out of the control of the company, is not something a respected business publication should advocate. I think you probably don't appreciate the WSJ reputation in business. It used to be a very responsible publication.
Simply Elegant Designs JimmyRopes Designs
Think inside the box! ProActive Secure Systems
I'm on-line therefore I am. JimmyRopes -
Don't blame the WSJ, as sources of the information reported in the article came from -- IT people themselves! Now, IT admins & staff will have to deal with the aftermath.
robertewilson wrote:
Don't blame the WSJ, as sources of the information reported in the article came from -- IT people themselves!
Then what is the function of the editor if not to edit the content of the newspaper. This article is clearly advocating things that if practiced put someone at risk of losing their job.
Simply Elegant Designs JimmyRopes Designs
Think inside the box! ProActive Secure Systems
I'm on-line therefore I am. JimmyRopes -
robertewilson wrote:
Don't blame the WSJ, as sources of the information reported in the article came from -- IT people themselves!
Then what is the function of the editor if not to edit the content of the newspaper. This article is clearly advocating things that if practiced put someone at risk of losing their job.
Simply Elegant Designs JimmyRopes Designs
Think inside the box! ProActive Secure Systems
I'm on-line therefore I am. JimmyRopesJimmy, A cogent debate here. This august publication reports on more than just business matters and I am a subscriber myself to the Online Journal. I was initially surprised by the appearance of the article, but after reading it, it occurred to me that, if there were no willing IT people divulging these open "secrets," there would have been nothing for the reporter to write. I agree with you that perhaps the article was misguided, but these "tips" can be found on hundreds of sites via any major search engine. The means to circumvent corporate policies and procedures is out there and has been for a long time -- but it requires the will to do so.
-
JimmyRopes wrote:
I didn't say any of this was new or novel in any way for an IT professional. I am just surprised at the Wall Street Journal advocating something like this.
To me this is no big deal. Hell, I was a user that did stuff like this when the pricks in the IT dept refused to do something silly like allow the devs to browse MSDN. The problem isn't the users, the problem is the IT departments like this. Rather than doing their job and meeting their users needs they become a self serving wanna-be programmer elitist group.
JimmyRopes wrote:
As I said before, it's irresponsible.
I still maintain that you are being melodramatic. [EDIT]
JimmyRopes wrote:
I didn't say any of this was new or novel in any way for an IT professional.
BTW, I am not an IT professional. I am a software developer.
My Blog A human being should be able to change a diaper, plan an invasion, butcher a hog, conn a ship, design a building, write a sonnet, balance accounts, build a wall, set a bone, comfort the dying, take orders, give orders, cooperate, act alone, solve equations, analyze a new problem, pitch manure, program a computer, cook a tasty meal, fight efficiently, die gallantly. Specialization is for insects. - -Lazarus Long
Chris Austin wrote:
To me this is no big deal. Hell, I was a user that did stuff like this when the pricks in the IT dept refused to do something silly like allow the devs to browse MSDN. The problem isn't the users, the problem is the IT departments like this. Rather than doing their job and meeting their users needs they become a self serving wanna-be programmer elitist group.
Exactly. We had our firewall system transparently upgraded a couple of weeks ago. E.g. our IT department didn't feel the need to tell anyone as there would be no noticable changes... within 30 minutes of arriving at work, I'd sent a dozen "helpdesk requests" - in each of them I asked whether anything had been changed -- more importantly, we're a software house (but the IT department are "IT" only), I asked each time whether they'd tested it! Apparently, only (good) software engineers know what testing and deployment entails!
Regards, Ray
-
I was once asked to block certain pages (read: porn) to all the users in a factory (1200+) because they were absorving a large amount of bandwidth, **except** for the 6 executives' computers. Those had full free access to anything. After performing the task, logs showed a decrease in 4% to the amount of hits to those pages. That is, those who where so worried that their employees lost time watching porn where the ones actually causing the trouble! No more comments :P
-
My 5 ....mainly because I work for a company with strict IT security policies. I've had attachments stripped out of e-mails sent me by suppliers, my e-mails from home to myself at work get blocked (don't ask me why or how) and yet...I still get spam. Security, eh? (OK, I know security != spam filter, but honestly, if they could only try to do half as well as a free service like Gmail, we'd be getting somewhere). At least they were willing to unblock CP when Websense arbitrarily decided to block it...Websense's reason for blocking? CP was in that set of dangerous websites belonging to the 'Uncategorized' category.
Websense... we had that deployed here a couple of weeks ago. Almost every site I visit was blocked. CP wasn't blocked, MSDN was! Took me about 30 minutes to force the IT manager to "announce" the upgrade and accept that some of the blocking was a little over the top -- however we need to add a business justification!
Regards, Ray
-
To be honest, all of these are things that the company IT security professionals should already have thought of. Any proxy administrator worth their salt will have already blocked as many upload sites and 3rd party proxies as they can find, and there are companies that do nothing but provide lists of what to block. The one thing that can't really be blocked is someone setting up their own proxy/upload site that won't be known about by published proxy blacklists.
Craster wrote:
all of these are things that the company IT security professionals should already have thought of.
I am not saying that any of these things are new or aren't freely available from other sources. I was just commenting on the irresponsibility of a (formerly) respected business publication advocating such practices.
Craster wrote:
The one thing that can't really be blocked is someone setting up their own proxy/upload site that won't be known about by published proxy blacklists.
That is a dangerous one if the site isn't protected properly.
Simply Elegant Designs JimmyRopes Designs
Think inside the box! ProActive Secure Systems
I'm on-line therefore I am. JimmyRopes -
Craster wrote:
all of these are things that the company IT security professionals should already have thought of.
I am not saying that any of these things are new or aren't freely available from other sources. I was just commenting on the irresponsibility of a (formerly) respected business publication advocating such practices.
Craster wrote:
The one thing that can't really be blocked is someone setting up their own proxy/upload site that won't be known about by published proxy blacklists.
That is a dangerous one if the site isn't protected properly.
Simply Elegant Designs JimmyRopes Designs
Think inside the box! ProActive Secure Systems
I'm on-line therefore I am. JimmyRopesThe most interesting one I discovered recently was what happens if you set up a Citrix Presentation Server on the internet. It has a web client that tunnels everything over http on tcp_80, so it's impossible to block at the proxy level, and once you're connected to an external Citrix session that you control, you can pretty much do anything you like.
-
Ten Things Your IT Department Won't Tell You[^] I find it hard to believe this was in a reputable publication like the Wall Street Journal. :sigh: This is irresponsible. X| It basically tells you how to bypass your company's security procedures. :rolleyes: 1. HOW TO SEND GIANT FILES 2. HOW TO USE SOFTWARE THAT YOUR COMPANY WON'T LET YOU DOWNLOAD 3. HOW TO VISIT THE WEB SITES YOUR COMPANY BLOCKS 4. HOW TO CLEAR YOUR TRACKS ON YOUR WORK LAPTOP 5. HOW TO SEARCH FOR YOUR WORK DOCUMENTS FROM HOME 6. HOW TO STORE WORK FILES ONLINE 7. HOW TO KEEP YOUR PRIVACY WHEN USING WEB EMAIL 8. HOW TO ACCESS YOUR WORK EMAIL REMOTELY WHEN YOUR COMPANY WON'T SPRING FOR A BLACKBERRY 9. HOW TO ACCESS YOUR PERSONAL EMAIL ON YOUR BLACKBERRY 10. HOW TO LOOK LIKE YOU'RE WORKING
Simply Elegant Designs JimmyRopes Designs
Think inside the box! ProActive Secure Systems
I'm on-line therefore I am. JimmyRopesSounds like employers need to fire some people who do this. If the I.T. Security department doesn't plug holes like that, then they are stupid. The bigger problem is that you have a bunch of employees who aren't working. Hence my original comment. Yes I agree it is stupid of WSJ to publish this for the dolts who are attempting to circumvent security measures. Though I can do that, I don't even try since I actually care about the security within my company and I care about my company's welfare. Sending security folks scrambling when their software triggers an intrusion is not a good idea.
-
Paul Watson wrote:
TYPING IN CAPITALS
Just swiped the lines from the WSJ article. Didn't type any of them. I don't type in all caps, except when it is syntactically correct to do so as in forming acronyms. By the way, you really didn't need to type "TYPING IN CAPITALS" (swiped that too) when a simple "typing in capitals" would do nicely.
Paul Watson wrote:
Companies need to change but through proper process not through subversion.
Agreed, some companies need to change their IT policy, but what struck me as irresponsible was a trusted business journal advocating policy that will put the person's job in jeopardy. Storing company documents on public repositories, out of the control of the company, is not something a respected business publication should advocate. I think you probably don't appreciate the WSJ reputation in business. It used to be a very responsible publication.
Simply Elegant Designs JimmyRopes Designs
Think inside the box! ProActive Secure Systems
I'm on-line therefore I am. JimmyRopesAnother good point. All employees that come in contact with computers need to be trained again as to how they could be duped into exposing sensitive corporate data.
-
Websense... we had that deployed here a couple of weeks ago. Almost every site I visit was blocked. CP wasn't blocked, MSDN was! Took me about 30 minutes to force the IT manager to "announce" the upgrade and accept that some of the blocking was a little over the top -- however we need to add a business justification!
Regards, Ray
Ray Hayes wrote:
we need to add a business justification!
Yep, us too. Our IT security people don't seem to understand that some people actually need to use IT and the internet to do their job - their first instinct always seems to be 'you're browsing the internet? Can't possibly a legitimate use of company equipment'...
-
Websense... we had that deployed here a couple of weeks ago. Almost every site I visit was blocked. CP wasn't blocked, MSDN was! Took me about 30 minutes to force the IT manager to "announce" the upgrade and accept that some of the blocking was a little over the top -- however we need to add a business justification!
Regards, Ray
Ray Hayes wrote:
we need to add a business justification!
Yep, us too. Our IT security people don't seem to understand that some people actually need to use IT and the internet to do their job - their first instinct always seems to be 'you're browsing the internet? Can't possibly be a legitimate use of company equipment'...
-
Jimmy, A cogent debate here. This august publication reports on more than just business matters and I am a subscriber myself to the Online Journal. I was initially surprised by the appearance of the article, but after reading it, it occurred to me that, if there were no willing IT people divulging these open "secrets," there would have been nothing for the reporter to write. I agree with you that perhaps the article was misguided, but these "tips" can be found on hundreds of sites via any major search engine. The means to circumvent corporate policies and procedures is out there and has been for a long time -- but it requires the will to do so.
I am glad you separated the "IT people" from the "IT department". The internet is a big playground and yes the tips are there. But coagulating it in one place and publishing it in the last vestiges of reason and responsibility is wrong. Just because its there doesn't mean you have to help. There are probably hundreds or thousands of sites on "How to make a bomb" but should any journal accumulate and publish the results of that web search? I think not. If you believe so, then move to any other criminal topic and ask the same question. Since this is not "criminal", the intent of someone using these techniques is to thwart the rules and regulations of the business. The business probably has a rule about stealing, or a dress code, code of conduct, etc. Should there be articles on how to circumvent those rules?