Security Basics mailing list archives
RE: Computer forensics to uncover illegal internet use
From: "Bob Radvanovsky" <rsradvan () unixworks net>
Date: Wed, 31 Aug 2005 08:08:40 -0500
Here, here. I completely and utterly agree!!! But before we do, lemme get ONE more word in edgewise... ;) I just *love* watching and reading about this sort of thing, esp. when it's discussed by idiots who think they're "technical". I really like the one quote that I heard one time from a buddy of mine (not my own quote, but thought it humorous and has stuck with me every since): "When an organization can't find usefulness for has-been or never-been 'technicians', what do these companies do? Make 'em auditors!!!" NOTE: A "never-been" technician is someone who lays claim to being "technical", but really isn't or hasn't a friggin' clue how to do (blah) procedure, or even knows what a "B.O.B." is (yes, that IS a technical term, and if you were a technician, you'd know what a "B.O.B." is, esp. if you've ever worked on AT&T, NCR, or IBM equipment). Yet, these weasels manage to get into companies as senior or lead technicians in most companies -- there are always 1 or 2 of these types in about every company. They do nothing (watch sports, surf the web, read [something other than a technical manual] or listen to music -- some go even so much as to writing a book, working a 2nd job somewhere else during the same timeframe/shift, etc.), and push ALL of their technical "chores" onto some unsuspecting poor slob (guys like me) to do their dirty work. As an observation, many corporate security officers that I have encountered over the years have little or no security experience, but are good at bootlicking and deferring tasks onto everyone else; in our organization, our CSO came up the ranks of HR from her previous location (ironically, where she was "laid off"), and has about 1.5 to 2 years of security experience. Everything that she's doing within our organization is by... the... book -- from her PREVIOUS PLACE. It's a "security cookbook" -- it's very good at what it offers, but NOT for a private-sectored, privately-owned company!!! Our company has absolutely NO INTENTIONS of implementing decent security, so they'd have absolutely NO IDEA if any porno is flowing about or not within or throughout our organization. If there is a security issue, they write up the person, their hands are slapped or they're spanked, and if they get 3 strikes, they're fired, regardless of the circumstances. So...I'd say that security within our company is "spin-doctored". This is how many companies "fix" security issues today, hoping that they simply go away, and looking the other way. Interestingly enough though, the BIGGEST violators of this mindset are those listed as a "critical infrastructure" organizations: energy, finance, healthcare, airline, etc. They have REALLY good bastion firewalls, and think/feel that is all that they need, but are very vulnerable WITHIN their organization -- NO IDS, NO active sniffing, NO "Internet Gestapo" (save for a few companies that I know of, which I won't mention). They do the LEAST amount of effort to fix their situations, and have (by far) the WORST to suffer from this because they've little or nothing. Political corporate warfare entrenchment and personnel sniping exist at a large scale. So...of course, they'd be concerned if someone were looking at porno...because many of them have no means or methods of remediating the situation, have budget-clamps preventing them from implementing anything decent that can't be cracked or hacked around, or are so politically "status quo" that they wouldn't know where to start!!! The same goes for the same kind of mindset that other people might have around here within this forum -- IF they're not trying to sell their 'wares (as they see this forum as a perfect location to sell their products or services): "Hi, I'm <Insert Name Here>, the Chief BS Officer from XYZ Security Specialists-R-Us Corp, Ink. I don't know the first thing about security, but have just about every certification under the Sun, but I wanted to assure you that our company is TOP on the list of blah-de-blah-de-blah security techniques that we can solve (but won't) for you. Give me a call offline, and we'll discuss just how much we'll financially rape your company, but won't really solve your problem! Call me!!!" I find it interesting where YOU come from, "Joshua" -- an "adult content" web site. ;))) (ROTFLMAO....yeah, everything has another side or twist to it, doesn't it?) Now, if someone were smart, they'd figure out that you were representing yourself from the pornography business as you've signed it with "ClubJenna, Inc." which is the "adult content" web site for Jenna Jameson. From your website (cjidigital.com) under 'Affiliate Programs': "Make More Money than Ever with CJ, Inc sites; one of the most recognizable Brand Names in Adult Entertainment! CJ, Inc has established a successful and profitable online presence and has put together the largest and highest quality "Mega" Adult Sites on the Net! Please visit <xxx> for further information". Hmmmmmmmmmm........ This, to me, is hypocritical. It's kind of like you being a representative from the tobacco industry saying that smoking or chewing tobacco is bad for you... -r -----Original Message----- From: CJI Support [mailto:support () cjidigital com] Sent: Tuesday, August 30, 2005 11:48 AM To: security-basics () securityfocus com Subject: RE: Computer forensics to uncover illegal internet use Contact http://asacp.com for further info with regards to kiddie porn. Might I suggest we discontinue discussing this topic? It seems as though we've beaten this horse to a pulp. Not to mention the simple fact that a GOOD IT/Network admin would filter out pornographic sites at the firewall, rather than trying to frame an employee because they've allowed the inevitable to occur. joshua cto - clubjenna, inc.
Current thread:
- RE: Computer forensics to uncover illegal internet use McHenry, Glenn CTO1 (Aug 30)
- Re: Computer forensics to uncover illegal internet use Greg Stiavetti (Aug 30)
- <Possible follow-ups>
- Re: Computer forensics to uncover illegal internet use Mike Sweeney (Aug 30)
- RE: Computer forensics to uncover illegal internet use James McEachern (Aug 30)
- RE: Computer forensics to uncover illegal internet use Beauford, Jason (Aug 30)
- RE: Computer forensics to uncover illegal internet use Edmond Chow (Aug 30)
- Re: Computer forensics to uncover illegal internet use Jason Coombs (Aug 30)
- RE: Computer forensics to uncover illegal internet use CJI Support (Aug 30)
- RE: Computer forensics to uncover illegal internet use Bob Radvanovsky (Aug 31)
- RE: Computer forensics to uncover illegal internet use CJI Support (Aug 30)
- RE: Computer forensics to uncover illegal internet use Brunner, Mark (Aug 30)
- RE: Computer forensics to uncover illegal internet use Beauford, Jason (Aug 30)
- Re: Computer forensics to uncover illegal internet use Dave Aronson (SecBasics) (Aug 30)
- RE: Computer forensics to uncover illegal internet use Craig, Tobin (OIG) (Aug 30)
- RE: Computer forensics to uncover illegal internet use Steve.Cummings (Aug 30)
- RE: Computer forensics to uncover illegal internet use Sadler, Connie (Aug 30)
- RE: Computer forensics to uncover illegal internet use dave kleiman (Aug 31)
- RE: Computer forensics to uncover illegal internet use Robinson, Sonja (Aug 30)
- RE: Computer forensics to uncover illegal internet use Robinson, Sonja (Aug 30)
- RE: Computer forensics to uncover illegal internet use Robinson, Sonja (Aug 30)
(Thread continues...)