KellyKeeton dot Com v3.0 reverse engineering life


Ten Things your IT department will tell you

I saw the most horrificarticle in the WSJ today about how to defeat IT security “Ten ThingsYour IT Department Wont Tell You”. This is so wrong and so insecure I almostwrote the paper, but I dont care to argue with the columnist, instead I will justblog my unforgiving with them.

I wrote a response with 10 things a IT guy will tell you about why this is a Joke.note that I am 1:1 listing my items with the article so i say read that first to seemy response. In the initial set-up for the story, Vauhini Vara talks about the specificreasons that IT staff block content or restrictions, she then implies in a nationalnewspaper “not so fast…” basically this article is giving horribleways for people to hack organization they work for. In fact she states that specificallyfor “hacking advice” not hacking as in modify hardware to make NES ROMSwork, but hack as in bypass policy and procedure to undermine IT. unbelievable.

1. Send Giant Files

This is crazy dumb, the next time you want to transfer large files to customers ofyour company, ask your IT department for a FTP or file portal. anything else is defianceof policy and illegal transfer of data. For IT staff to prevent this just block allmajor sites and use content filtering such as SecureComputing Web-Washer / Sidewinder Firewalls, or CiscoSecurity Agent. To rip on Vauhini she states that you can look for a “securepadlock” haha yea i think that will solve all the worlds problems.

2. How to use software that is banned

Good old local admin rights or no local admin rights, if your company restricts localadmin rights the software you run isnt going to mess anything up. To prevent thisfor IT just GPOdisable the USB storage device. as for using web based applications – ifit will go thru a content filter I dont care much if you use it. Anyone ever hearof Cisco Security Agent?

3. How to visit porn sites at work

if you cant figure out how to use google image cache to your advantage then your skillsarnt 1337. If your a shop with a good firewall and HTTP proxy then this issue isntvalid.

4. How to clear your tracks on your work laptop

again this is a waste of a point to make a list of ten, this will not forensicallyremove data for the sites you have visited. dont forget that if someone is in question,they are loging your traffic off your box anyway. IT admins its called mirror portand wireshark, or a webproxy.

5. search work for documents from home

this here is a dangerous and insane idea, this is where I got mad with the paperfor publishing this. All you just did Vauhini is make me decide to block google applicationson the whole to prevent morons from running google desktop at work, if you need furtherinformation on this google “googledesktop security threats” to stop this Cisco CSA

6. how to store work files online

this is just like #5 if your company has no corporate policy to banish users likethis, make one and banish away. see my hacks on googlecalendar to see the fun that happens when people publish corporate data.

7. keep privacy while using web email

yes, the tips here are true, so if i have reason to suspect or policy to stop i justblock the use of any chat or personal email. good job Vauhini looks like your disablingnot enabling anything here. (i explain that last sentence in my closing remarks)

8. how to steal email for your blackberry

email is corporate property, if your against policy this tip wont land you anythingbut a account. see comments on tip 7

9. access personal email on blackberry

there is little risk here, so unless a company just isnt a fan of corporate use forpersonal gain – not having personal email on a corporate asset is the leastof your concerns and this tip is basically null. except for the use of copy pasteto release information. so BES can disable that function  andBES has the ability to block all this. Also your corporate firewall if implementedcorrectly can block access to sites on a BB

10 how to look like your working

Vara looked like she was working when she alt tabed away from myspace long enoughto write this column.

In the end, this list isnt anything bad, its just bad for employees that start tothink they are smart by using them. If your company isn't blocking them today by technologyor policy. Then your “smart” use of them will start to gain attentionand they will be blocked. The tools that i linked to here will 100% block any crazyactivity that the WSJ can come up with and misinform and ruin peoples day.

normally companies have guest wireless access, my recommendation bring in your ownlaptop and use that to do crap. Then your using a secure network for such activityand its not a company asset that your being a idiot with.




Filed under: Nerd Leave a comment
Comments (0) Trackbacks (0)

No comments yet.

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

No trackbacks yet.