Hard to believe this was in the Wall Street Journal
-
Websense... we had that deployed here a couple of weeks ago. Almost every site I visit was blocked. CP wasn't blocked, MSDN was! Took me about 30 minutes to force the IT manager to "announce" the upgrade and accept that some of the blocking was a little over the top -- however we need to add a business justification!
Regards, Ray
Ray Hayes wrote:
we need to add a business justification!
Yep, us too. Our IT security people don't seem to understand that some people actually need to use IT and the internet to do their job - their first instinct always seems to be 'you're browsing the internet? Can't possibly a legitimate use of company equipment'...
-
Websense... we had that deployed here a couple of weeks ago. Almost every site I visit was blocked. CP wasn't blocked, MSDN was! Took me about 30 minutes to force the IT manager to "announce" the upgrade and accept that some of the blocking was a little over the top -- however we need to add a business justification!
Regards, Ray
Ray Hayes wrote:
we need to add a business justification!
Yep, us too. Our IT security people don't seem to understand that some people actually need to use IT and the internet to do their job - their first instinct always seems to be 'you're browsing the internet? Can't possibly be a legitimate use of company equipment'...
-
Jimmy, A cogent debate here. This august publication reports on more than just business matters and I am a subscriber myself to the Online Journal. I was initially surprised by the appearance of the article, but after reading it, it occurred to me that, if there were no willing IT people divulging these open "secrets," there would have been nothing for the reporter to write. I agree with you that perhaps the article was misguided, but these "tips" can be found on hundreds of sites via any major search engine. The means to circumvent corporate policies and procedures is out there and has been for a long time -- but it requires the will to do so.
I am glad you separated the "IT people" from the "IT department". The internet is a big playground and yes the tips are there. But coagulating it in one place and publishing it in the last vestiges of reason and responsibility is wrong. Just because its there doesn't mean you have to help. There are probably hundreds or thousands of sites on "How to make a bomb" but should any journal accumulate and publish the results of that web search? I think not. If you believe so, then move to any other criminal topic and ask the same question. Since this is not "criminal", the intent of someone using these techniques is to thwart the rules and regulations of the business. The business probably has a rule about stealing, or a dress code, code of conduct, etc. Should there be articles on how to circumvent those rules?
-
Ten Things Your IT Department Won't Tell You[^] I find it hard to believe this was in a reputable publication like the Wall Street Journal. :sigh: This is irresponsible. X| It basically tells you how to bypass your company's security procedures. :rolleyes: 1. HOW TO SEND GIANT FILES 2. HOW TO USE SOFTWARE THAT YOUR COMPANY WON'T LET YOU DOWNLOAD 3. HOW TO VISIT THE WEB SITES YOUR COMPANY BLOCKS 4. HOW TO CLEAR YOUR TRACKS ON YOUR WORK LAPTOP 5. HOW TO SEARCH FOR YOUR WORK DOCUMENTS FROM HOME 6. HOW TO STORE WORK FILES ONLINE 7. HOW TO KEEP YOUR PRIVACY WHEN USING WEB EMAIL 8. HOW TO ACCESS YOUR WORK EMAIL REMOTELY WHEN YOUR COMPANY WON'T SPRING FOR A BLACKBERRY 9. HOW TO ACCESS YOUR PERSONAL EMAIL ON YOUR BLACKBERRY 10. HOW TO LOOK LIKE YOU'RE WORKING
Simply Elegant Designs JimmyRopes Designs
Think inside the box! ProActive Secure Systems
I'm on-line therefore I am. JimmyRopesMost of these workarounds are lame old news. And if they ever did work at your company they probably won't now. Anyway, I agree with Chris. In the places I have worked Data Security's policies have at best taken away about 75% of their employees effectiveness. Instead of this antagonistic relationship between IT and the rest of the company there should be a willingness to work together. Colin Albert Code Foo, LLC I just need a Macintosh and my operating system collection will be complete.
-
Ten Things Your IT Department Won't Tell You[^] I find it hard to believe this was in a reputable publication like the Wall Street Journal. :sigh: This is irresponsible. X| It basically tells you how to bypass your company's security procedures. :rolleyes: 1. HOW TO SEND GIANT FILES 2. HOW TO USE SOFTWARE THAT YOUR COMPANY WON'T LET YOU DOWNLOAD 3. HOW TO VISIT THE WEB SITES YOUR COMPANY BLOCKS 4. HOW TO CLEAR YOUR TRACKS ON YOUR WORK LAPTOP 5. HOW TO SEARCH FOR YOUR WORK DOCUMENTS FROM HOME 6. HOW TO STORE WORK FILES ONLINE 7. HOW TO KEEP YOUR PRIVACY WHEN USING WEB EMAIL 8. HOW TO ACCESS YOUR WORK EMAIL REMOTELY WHEN YOUR COMPANY WON'T SPRING FOR A BLACKBERRY 9. HOW TO ACCESS YOUR PERSONAL EMAIL ON YOUR BLACKBERRY 10. HOW TO LOOK LIKE YOU'RE WORKING
Simply Elegant Designs JimmyRopes Designs
Think inside the box! ProActive Secure Systems
I'm on-line therefore I am. JimmyRopesIf you read ALL of the article, you will see that the author DOES discuss the reasons why you should NOT use these methods indiscriminately. In the course of doing LEGITIMATE work, many of us MUST use tricks to get around IT department security restrictions. For example, ALL HTML documents and ALL .ZIP files are blocked by our EMail server. We often need to send reports in HTML format to other people and send .ZIP files containing various types of other information. To do this, we have to change the file extension of the attachment. (Equivalent to smuggling AK-47s by putting them in a box labeled "shovels".) This article DOES discuss the risks associated with circumventing security (divulging confidential information, computer infection with viruses and other malware, etc.) Until IT department security policies become 100% based on reason, people who actually want to get their work done NEED to find ways to work around them WHEN NECESSARY. (NOT just to play games during work hours!)
John Morgan Center for Health Statistics Arkansas Department of Health and Human Services
-
I am glad you separated the "IT people" from the "IT department". The internet is a big playground and yes the tips are there. But coagulating it in one place and publishing it in the last vestiges of reason and responsibility is wrong. Just because its there doesn't mean you have to help. There are probably hundreds or thousands of sites on "How to make a bomb" but should any journal accumulate and publish the results of that web search? I think not. If you believe so, then move to any other criminal topic and ask the same question. Since this is not "criminal", the intent of someone using these techniques is to thwart the rules and regulations of the business. The business probably has a rule about stealing, or a dress code, code of conduct, etc. Should there be articles on how to circumvent those rules?
Good analogy about bombmaking, Major Tom. What it all boils down to me is the human factor and whether ethics still matter in the workplace. I'm from the old school and still believe in such but there is no loyalty on either side of the fence these days. Look around your company and count the number of people that have worked there for 5 years -- or even 2 years. Most companies I provide technical services seem to have a revolving door. In most cases, I have more tenancy with any given client than 80% of their entire IT department. Company rules are just words. What matters -- and cannot be truly be controlled -- is the intent and behavior of personnel. Like police departments, no action can be taken unless threats are made or a violation of company policies actually occurs. If anything good comes from publishing this article, it should serve as a wakeup call to admins to tighten security. Uncounted servers have been hacked simply because no one applied critical patches and fixes immediately upon release or were lax in controlling access. It was always "We'll get to it manana..." "Earth below us, drifting falling..." -- from "Major Tom (Coming Home)", Peter Schilling, 1989
-
Ten Things Your IT Department Won't Tell You[^] I find it hard to believe this was in a reputable publication like the Wall Street Journal. :sigh: This is irresponsible. X| It basically tells you how to bypass your company's security procedures. :rolleyes: 1. HOW TO SEND GIANT FILES 2. HOW TO USE SOFTWARE THAT YOUR COMPANY WON'T LET YOU DOWNLOAD 3. HOW TO VISIT THE WEB SITES YOUR COMPANY BLOCKS 4. HOW TO CLEAR YOUR TRACKS ON YOUR WORK LAPTOP 5. HOW TO SEARCH FOR YOUR WORK DOCUMENTS FROM HOME 6. HOW TO STORE WORK FILES ONLINE 7. HOW TO KEEP YOUR PRIVACY WHEN USING WEB EMAIL 8. HOW TO ACCESS YOUR WORK EMAIL REMOTELY WHEN YOUR COMPANY WON'T SPRING FOR A BLACKBERRY 9. HOW TO ACCESS YOUR PERSONAL EMAIL ON YOUR BLACKBERRY 10. HOW TO LOOK LIKE YOU'RE WORKING
Simply Elegant Designs JimmyRopes Designs
Think inside the box! ProActive Secure Systems
I'm on-line therefore I am. JimmyRopesI have to say any person in IT calling this irresponsible is a hypocrite. Circumvention of protocols and bureaucracy is as inherent to IT as the keyboard and mouse. IT Elitists don't like it when someone writes about how to circumvent their rules and procedures, but will figure out how to get around any DRM that stands in their way. Or how about installing a non-standard OS on a company PC. It's ok when it applies to you. And just because the layman is given tips that Captain Crunch would be proud of, doesn't mean they will take the time to use them either. I believe the majority of users (especially business users) wouldn't take the time to look at their email if they didn't have to. So I don't think they would take the time to poke, prod, and play with software the way we do.
-
Ten Things Your IT Department Won't Tell You[^] I find it hard to believe this was in a reputable publication like the Wall Street Journal. :sigh: This is irresponsible. X| It basically tells you how to bypass your company's security procedures. :rolleyes: 1. HOW TO SEND GIANT FILES 2. HOW TO USE SOFTWARE THAT YOUR COMPANY WON'T LET YOU DOWNLOAD 3. HOW TO VISIT THE WEB SITES YOUR COMPANY BLOCKS 4. HOW TO CLEAR YOUR TRACKS ON YOUR WORK LAPTOP 5. HOW TO SEARCH FOR YOUR WORK DOCUMENTS FROM HOME 6. HOW TO STORE WORK FILES ONLINE 7. HOW TO KEEP YOUR PRIVACY WHEN USING WEB EMAIL 8. HOW TO ACCESS YOUR WORK EMAIL REMOTELY WHEN YOUR COMPANY WON'T SPRING FOR A BLACKBERRY 9. HOW TO ACCESS YOUR PERSONAL EMAIL ON YOUR BLACKBERRY 10. HOW TO LOOK LIKE YOU'RE WORKING
Simply Elegant Designs JimmyRopes Designs
Think inside the box! ProActive Secure Systems
I'm on-line therefore I am. JimmyRopesYour initial problem is that you thought the Wall Street Journal was a respectable journal. Nothing could be further from the truth. It has always been a rag for the conservative establishment and the financial elites. Now that Ruppert Murdoch has bought the bloody thing I imagine its true nature should begin to show its colors soon...
Steve Naidamast Black Falcon Software, Inc. blackfalconsoftware@ix.netcom.com
-
If you read ALL of the article, you will see that the author DOES discuss the reasons why you should NOT use these methods indiscriminately. In the course of doing LEGITIMATE work, many of us MUST use tricks to get around IT department security restrictions. For example, ALL HTML documents and ALL .ZIP files are blocked by our EMail server. We often need to send reports in HTML format to other people and send .ZIP files containing various types of other information. To do this, we have to change the file extension of the attachment. (Equivalent to smuggling AK-47s by putting them in a box labeled "shovels".) This article DOES discuss the risks associated with circumventing security (divulging confidential information, computer infection with viruses and other malware, etc.) Until IT department security policies become 100% based on reason, people who actually want to get their work done NEED to find ways to work around them WHEN NECESSARY. (NOT just to play games during work hours!)
John Morgan Center for Health Statistics Arkansas Department of Health and Human Services
No NEED to PUNCTUATE your WRITING with WORDS in ALL capitals. A paragraph break here and there would also make it easier to read. :)
Simply Elegant Designs JimmyRopes Designs
Think inside the box! ProActive Secure Systems
I'm on-line therefore I am. JimmyRopes -
Good analogy about bombmaking, Major Tom. What it all boils down to me is the human factor and whether ethics still matter in the workplace. I'm from the old school and still believe in such but there is no loyalty on either side of the fence these days. Look around your company and count the number of people that have worked there for 5 years -- or even 2 years. Most companies I provide technical services seem to have a revolving door. In most cases, I have more tenancy with any given client than 80% of their entire IT department. Company rules are just words. What matters -- and cannot be truly be controlled -- is the intent and behavior of personnel. Like police departments, no action can be taken unless threats are made or a violation of company policies actually occurs. If anything good comes from publishing this article, it should serve as a wakeup call to admins to tighten security. Uncounted servers have been hacked simply because no one applied critical patches and fixes immediately upon release or were lax in controlling access. It was always "We'll get to it manana..." "Earth below us, drifting falling..." -- from "Major Tom (Coming Home)", Peter Schilling, 1989
I agree with you and I've seen the same. The Manufacturer I work for, reversed that trend back in the 80s. Now we have people who have been here for 50 years (and everything in between). Our turnover is only 2%. We have over 33,000 employees. Screwups and failures are reprimanded (if there was negligence) but you don't get fired for it. However you do get fired over illegal and conduct issues. So this article is lining some people up for a fall. Good to talk to you.
-
Your initial problem is that you thought the Wall Street Journal was a respectable journal. Nothing could be further from the truth. It has always been a rag for the conservative establishment and the financial elites. Now that Ruppert Murdoch has bought the bloody thing I imagine its true nature should begin to show its colors soon...
Steve Naidamast Black Falcon Software, Inc. blackfalconsoftware@ix.netcom.com
I forgot that it has become The Gotham Town Crier. :)
Simply Elegant Designs JimmyRopes Designs
Think inside the box! ProActive Secure Systems
I'm on-line therefore I am. JimmyRopes -
Ten Things Your IT Department Won't Tell You[^] I find it hard to believe this was in a reputable publication like the Wall Street Journal. :sigh: This is irresponsible. X| It basically tells you how to bypass your company's security procedures. :rolleyes: 1. HOW TO SEND GIANT FILES 2. HOW TO USE SOFTWARE THAT YOUR COMPANY WON'T LET YOU DOWNLOAD 3. HOW TO VISIT THE WEB SITES YOUR COMPANY BLOCKS 4. HOW TO CLEAR YOUR TRACKS ON YOUR WORK LAPTOP 5. HOW TO SEARCH FOR YOUR WORK DOCUMENTS FROM HOME 6. HOW TO STORE WORK FILES ONLINE 7. HOW TO KEEP YOUR PRIVACY WHEN USING WEB EMAIL 8. HOW TO ACCESS YOUR WORK EMAIL REMOTELY WHEN YOUR COMPANY WON'T SPRING FOR A BLACKBERRY 9. HOW TO ACCESS YOUR PERSONAL EMAIL ON YOUR BLACKBERRY 10. HOW TO LOOK LIKE YOU'RE WORKING
Simply Elegant Designs JimmyRopes Designs
Think inside the box! ProActive Secure Systems
I'm on-line therefore I am. JimmyRopesI agree 100% with the OP. This is irresponsible. Some of you seem to be so anti-IT that you aren't seeing the danger of this article. Really the sending of big files is the least harmful in the list of things they're instructing users to do. But some of these are down right dangerous, many of them could get you fired, and some are just unproductive. As someone who's been both an IT admin and a programmer for the past 6 years I understand that users need to be able to do the things neccessary for thier job and also that the IT department is resposible for keeping the network safe. We have ways for users to achieve every item on this list that could possibly be deemed work related. But when a new user starts and he's read this article, what's the chances he's going to ask us the right way to do it instead of just using these dangerous methods? Sure an uninformed user could find out about all of these on his own, but if he's going to be doing that much research chances are instead he'd ask us and we'd instruct him in the proper way to achieve his goal.
-
I agree with you and I've seen the same. The Manufacturer I work for, reversed that trend back in the 80s. Now we have people who have been here for 50 years (and everything in between). Our turnover is only 2%. We have over 33,000 employees. Screwups and failures are reprimanded (if there was negligence) but you don't get fired for it. However you do get fired over illegal and conduct issues. So this article is lining some people up for a fall. Good to talk to you.
Nice chat, Major. When I said I'm from the old school, take that literally, as I've been in the work force since 1963. Today, technology is still my profession -- and also my hobby, as I never get enough of it. I've lived through the eras of "work for us for life and we'll take care of you for life" to "what have you done for us lately." That's why I’ve embraced entrepreneurship instead of a corporate career for the last 25 years. I’m pleased to see, however, that your company still retains people of quality, experience and longevity. Perhaps, as you say, the article may be enabling – but only to those who have less than honorable intentions to begin with and are easily tempted to push the envelope in less than honorable ways. These types bring no favor to any employer and should be discharged, even if they are company “stars.” But, management sometimes turns a blind eye to such misconduct because they are solely focused on quarter-to-quarter results to please shareholders and have ways of covering malfeasance. It is unlikely that the WSJ will ever publish such content again, but with the recent sale to Murdoch, we may see more tabloid-style articles like this. If so, they will lose longtime subscribers like me and the world will lose a truly great publication. Also, technology columnists Lee Gomes and Walter Mossberg will have to find other employment; look for them at your company’s next job fair. Rather than clog this blog, reach me at my web site: robertewilson.name and click the eMail button. Otherwise, we can continue our enjoyable dialog here at the discretion of the forum moderator(s). “Ground Control to Major Tom, Take your protein pills and put your helmet on” -- Space Oddity, 1972, David Bowie, aka Ziggy Stardust & The Spiders from Mars, aka glitter rock
-
Ten Things Your IT Department Won't Tell You[^] I find it hard to believe this was in a reputable publication like the Wall Street Journal. :sigh: This is irresponsible. X| It basically tells you how to bypass your company's security procedures. :rolleyes: 1. HOW TO SEND GIANT FILES 2. HOW TO USE SOFTWARE THAT YOUR COMPANY WON'T LET YOU DOWNLOAD 3. HOW TO VISIT THE WEB SITES YOUR COMPANY BLOCKS 4. HOW TO CLEAR YOUR TRACKS ON YOUR WORK LAPTOP 5. HOW TO SEARCH FOR YOUR WORK DOCUMENTS FROM HOME 6. HOW TO STORE WORK FILES ONLINE 7. HOW TO KEEP YOUR PRIVACY WHEN USING WEB EMAIL 8. HOW TO ACCESS YOUR WORK EMAIL REMOTELY WHEN YOUR COMPANY WON'T SPRING FOR A BLACKBERRY 9. HOW TO ACCESS YOUR PERSONAL EMAIL ON YOUR BLACKBERRY 10. HOW TO LOOK LIKE YOU'RE WORKING
Simply Elegant Designs JimmyRopes Designs
Think inside the box! ProActive Secure Systems
I'm on-line therefore I am. JimmyRopesI don't think it's bad that the Wall Street Journal ran this article. As has been pointed out here many people are already doing the things described here and far worse. I applaud them for describing the risks and talking about how to mitigate them. The issue I found with end users during my brief stint in technical support (I started out helping end users, but quickly graduated to helping techies, talk about problems!) is that they do not have the time or inclination to research the risks they are exposing themselves to. Back in the day, I had a user that had discovered you could pull a floppy before the drive spun down. I suppose the modern equivalent is pulling a flash drive without stopping it's file system. It will work fine 99 out of 100 time. The other time the FS is toast and you get to start over. This user had been told repeatedly not to take the floppy until the light went out, but he was a busy guy and saw a way to save a few moments. He also was a repeat customer to the IT department to have us attempt to recover his disks. When I explained to him the risk, he stopped the behaviour most of the time. What's more he stopped coming to us for help recovering his files, because he only did it when he knew he had another copy of the file. The reason the IT rules seem arbitrary to most people is because they do not have enough of an understanding to tell that the rules are not arbitrary.
Tanks for your support
Pat O
Blog_ _ _
/*\== /*\== /*\==
<ooo> <ooo> <ooo> -
JimmyRopes wrote:
I didn't say any of this was new or novel in any way for an IT professional. I am just surprised at the Wall Street Journal advocating something like this.
To me this is no big deal. Hell, I was a user that did stuff like this when the pricks in the IT dept refused to do something silly like allow the devs to browse MSDN. The problem isn't the users, the problem is the IT departments like this. Rather than doing their job and meeting their users needs they become a self serving wanna-be programmer elitist group.
JimmyRopes wrote:
As I said before, it's irresponsible.
I still maintain that you are being melodramatic. [EDIT]
JimmyRopes wrote:
I didn't say any of this was new or novel in any way for an IT professional.
BTW, I am not an IT professional. I am a software developer.
My Blog A human being should be able to change a diaper, plan an invasion, butcher a hog, conn a ship, design a building, write a sonnet, balance accounts, build a wall, set a bone, comfort the dying, take orders, give orders, cooperate, act alone, solve equations, analyze a new problem, pitch manure, program a computer, cook a tasty meal, fight efficiently, die gallantly. Specialization is for insects. - -Lazarus Long
Would you bank somewhere if you knew bank employees were uploading your mortgage application to Google so they could work on it at home over the weekend? Those "pricks" in the IT department are often concerned with implementing policies that protect customers' personal information, avoiding bad press for the company, and doing it in a way that is both efficient and verifiable to internal auditors. Do the "user's needs" you allude to above include a regular paycheck along with unfettered net usage for geniuses at work? Sorry, but as a developer in a small IT department, I get to see both sides. And the WSJ is incredibly irresponsible not simply because it puts ideas in the heads of non-experts, but because it brings said ideas down to the level of "common advice" and "everyone's doing it". I think many people who had a toe in the water before will be encouraged to go all in after reading it. Given that most non-technical users can't even configure LimeWire correctly so that it doesn't share every single file on their system (as widely reported recently) why would anyone publish a non-technical advertisement for using proxies, file sharing services, etc?
-
standgale wrote:
I think you over-estimate the ability of the average Windows user by a great deal.
Perhaps. Usually, when I run into these people I try to help them actually learn to use a computer. Maybe that is why I am not to popular with IT departments. :)
My Blog A human being should be able to change a diaper, plan an invasion, butcher a hog, conn a ship, design a building, write a sonnet, balance accounts, build a wall, set a bone, comfort the dying, take orders, give orders, cooperate, act alone, solve equations, analyze a new problem, pitch manure, program a computer, cook a tasty meal, fight efficiently, die gallantly. Specialization is for insects. - -Lazarus Long
pffft. That's crazy talk! :laugh: Sometimes, it seems that some people just can't get their head around the difference between their computer and Microsoft Office, or between their web browser and the internet, let alone other concepts. But I also think that once those people go away and think about it, you know that kind of thinking in idle moments where stuff just runs through your head, then they might get it. It is too much to take in at the time one is talking to them.
"Your typical day is full of moments where you ask for a cup of coffee and someone hands you a bag of nails." - Scott Adams