lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: jonathan at nuclearelephant.com (Jonathan A. Zdziarski)
Subject: Blocking Music Sharing.

> In my current situation - I can't enforce crap because the biggest offender
> is one of the VP's. 

Heh that could be a BCM (Bad Career Move) for you.  Seriously, if the
president or CEO doesn't care, and you can't enforce it from a
technological standpoint, you're really down to two options: let it be,
or if you feel that strongly about it consider moving to a company with
a different corporate atmosphere...I haven't been privy to this whole
thread, but I still don't understand why you couldn't simply block
ports?  If he's a VP, he may not be savvy enough to bounce on port
80...or it may not be worth the trouble.  Worst case scenario, you could
block access to the ports AND the servers he's connecting to and play a
little cat and mouse game.

Examples are kind of difficult because every culture is different.  What
might nail the VP to the wall at one company will get _you_ fired at
another company.  I think the best protocol would be to gather all the
evidence into a nice little hard-copy portfolio (CEOs love hard copy)
with some usage graphs (CEOs love graphs), and present it to the CEO
(CEOs love presentations) as informational...saying "we tracked this
user's behavior and uncovered their identity to be Joe X"...and if your
opinion is valued at the company you might throw in a "this could create
a potential liability for us" but I wouldn't take it any further than
that.  Suggesting a flogging is certainly not appropriate unless asked
for your opinion.

I'm certainly not a management guru, but from my experience working both
as and with company execs, I can tell you that a majority of them don't
like non-management trying to run the company, which is what they will
perceive you try and do if you do anything more than what I suggested. 
A humble appeal is certainly the best approach to this situation..and if
they don't listen, check out some other opportunities - it will
certainly look good on your next interview if you are leaving your
current company because you hold yourself to a higher standard of ethics
(if that is indeed your reason).

Jonathan

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ