lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: srenna at vdbmusic.com (srenna@...music.com)
Subject: Blocking Music Sharing.

The company I was at before this was ridiculous, as bad as
it was for you.  The company had a massive MP3 server and
he basically had me cut off access to it to everyone except
for him...i should call the RIAA on his ass...

don't waste your time trying to enforce this man, you're
not liable for anything as you're an agent of the company,
so don't stress it.



On Tue, 16 Sep 2003 23:27:07 -0500
 "Rick Kingslan" <rkingsla@....net> wrote:
> "Bottom line is if management won't back the admin's
> attempts to stop things
> like this from the office, and the admin can't (for
> whatever
> reason) prevent it from a technical level, then the admin
> has no place in
> taking upon themself to embarrass or discipline
> employees.  There's no place
> for BOFH in today's corporate environment (IMHO at least)
> and things like
> this are unfortunately what gives seed to many admin
> types I've either fired
> or wanted to choke to death in the past.
> 
> Let management enforce the AUP in a professional manner,
> taking the issue
> seriously or not at all."
> 
> In my current situation - I can't enforce crap because
> the biggest offender
> is one of the VP's.  Seriously.  Currently, my hope is
> that he's d/ling
> enough to catch the attention of the RIAA.  With any
> luck, he'll be served
> and jailed in a week or so.... ;o)
> 
> Honestly, you make good points - and you are clearly
> correct.  Trying to
> enforce policy that is either not communicated, or badly
> done - is stupid
> and ill advised.  
> 
> However, if the policy IS communicated, sometimes you
> only have to make an
> example of one or two offenders - with your actions
> strongly backed by
> Executive Management.  Typically, if the rest of the
> peasants see someone
> strung up out in the main courtyard or the main lobby -
> they get the point.
> 
> I'm really into good examples.  AUP works - examples
> _with_ an AUP works
> better.
> 
> -rtk
> 
> -----Original Message-----
> From: full-disclosure-admin@...ts.netsys.com
> [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf
> Of Jonathan A.
> Zdziarski
> Sent: Tuesday, September 16, 2003 9:33 PM
> To: Ron DuFresne
> Cc: Cael Abal; full-disclosure@...ts.netsys.com
> Subject: Re: [Full-Disclosure] Blocking Music Sharing.
> 
> > >
> > > I heartily disagree -- if an offense is considered
> serious enough to 
> > > warrant being prohibited in an org's Acceptable Use
> Policy then 
> > > there should be real punishment involved.  If an
> offense isn't a big 
> > > deal, then the AUP should be rewritten.
> > >
> 
> My belief is that proactive prevention should always be
> tried before even
> getting to this level; there should be differing levels
> of severity in
> punishment for those who violate the AUP, but I see no
> reason not to block
> the common ports as a first attempt.  Nearly every
> company has a corporate
> firewall (or at least should).  Many P2P sharing tools
> are on obscure ports
> that could easily be blocked.  Even a half-baked firewall
> policy ought to be
> able to prevent sharing.
> 
> > > A Wall of Shame just sets a bad precedent -- a user
> could argue that 
> > > the rules were ambiguous.  "What?  You can't fire me
> for running 
> > > that root exploit!  None of the other rules were ever
> seriously 
> > > enforced, our policy is a joke!"
> 
> Exposing employees instead of dealing with situations
> privately is always
> bad politics, and can be an easy way to kill morale (not
> to mention bring on
> a lawsuit by an embarrassed employee).  Enforce the AUP
> in a private, civil
> manner.  
> 
> Bottom line is if management won't back the admin's
> attempts to stop things
> like this from the office, and the admin can't (for
> whatever
> reason) prevent it from a technical level, then the admin
> has no place in
> taking upon themself to embarrass or discipline
> employees.  There's no place
> for BOFH in today's corporate environment (IMHO at least)
> and things like
> this are unfortunately what gives seed to many admin
> types I've either fired
> or wanted to choke to death in the past.
> 
> Let management enforce the AUP in a professional manner,
> taking the issue
> seriously or not at all.
> 
> 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter:
> http://lists.netsys.com/full-disclosure-charter.html
> 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter:
> http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ