Defending yourself against Nazi IT departments

Have a question or want to start a discussion? Post it! No Registration Necessary.  Now with pictures!

Threaded View
Here is the deal:

You have decided to surprise your wife by purchasing sexy lingerie from
your favorite site. The problem is that you are at work and your Nazi IT
department has blocked your favorite site.

The recipe
(Defending yourself against Nazi IT departments)

1. Install BarracudaDrive on your home computer.

2. Make BarracudaDrive visible on the Internet by following the
installation tutorial.

3. Enable the tunnel server for your user ID.

4. Go to work.

5. Surf to your home computer using your default work browser.

6. Navigate to the BarracudaDrive "settings page" and login.

7. Start the HTTPS tunnel client by clicking the tunnel button on the
"settings page".

8. Start our preconfigured proxy version of the Firefox portable browser
(*).

9. Enter the URL to your favorite lingerie site.

10. Enjoy. Total satisfaction guaranteed.




Re: Defending yourself against Nazi IT departments
wini wrote:


Quoted text here. Click to load it


Yeah, they're nazis because they're implementing policies to make you
actually work instead of having personal fun...

Quoted text here. Click to load it


5a. The proxy will log this step.

Quoted text here. Click to load it


7a. Certificate mismatch. Once you accept, the proxy will log this step.

Quoted text here. Click to load it


9a. URL or website hits keyword filter, access denied and attempt logged.

Quoted text here. Click to load it

Real 10: Get a complaint from your IT department, on repeat you'll get
expelled from the IT. If your jobs depends on it, you'll get fired.

Re: Defending yourself against Nazi IT departments
wini wrote:
Quoted text here. Click to load it

That's a lot of work. Why not order it from home? Much simpler and you
don't run the risk of dismissal for misuse of Information Systems.

Or was that spam? I think it was.

Bogwitch.

--
Posted via a free Usenet account from http://www.teranews.com


Re: Defending yourself against Nazi IT departments

Quoted text here. Click to load it

Yes that will work and not one of your IT Nazi's will be any the wiser.
Idiot.

What's that saying I've been saying lately?  Oh that's right ... "you don't
know what you don't know, and what you think you know (maybe) just ain't so"



Re: Defending yourself against Nazi IT departments
wrote:

Quoted text here. Click to load it

Why don't you just admit that the lingerie is for yourself? Go to work in
your favorite skirt and heels. Maybe they'll feel sorry for you and allow
you to surf the Frederick's of Hollywood site on your lunch hour.

Re: Defending yourself against Nazi IT departments
Quoted text here. Click to load it



The precondition you imposed is that you are *already* at work.
If you are *already* at work in a place with a "Nazi IT department",
then you are not going to be able to install remotely onto your
computer at home (at least not without it being detected).

You recipe only works if you preplan your surfing escapade, in
which case you might as well just order from home.

Re: Defending yourself against Nazi IT departments

Quoted text here. Click to load it

Not sure I understand your problem. It works for me.

I have worked as a consultant for many years and I always had problems
reading my own emails from behind large company’s firewalls. This solves
the problem, though it requires that Java is installed on the computer I
am using. I know others have experimented with putting Java on a
USB-stick, but this has so far not been necessary for me.

Re: Defending yourself against Nazi IT departments
wini wrote:
Quoted text here. Click to load it

Interesting. Do the companies you contract to not ask you to adhere to
any security operating procedures? If not, more fool them, please name
them so that I may approach them as they are in dire need of some good
security consultancy. If they do, why do you think it is acceptable to
breech them? It's not a dig as such, I'm interested in attitudes that
breech computer security. I know it happens, I often understand why. In
this case, you feel the resources offered by your client are
insufficient and the procedures for obtaining exceptions are inefficient
I guess.

Bogwitch.

Re: Defending yourself against Nazi IT departments

Quoted text here. Click to load it

Sorry, can't do that obviously.

If they do, why do you think it is acceptable to
Quoted text here. Click to load it

I see this as my right as an individual not to be limited by morons like
you. I do no harm, I simply want to access my own services.

Re: Defending yourself against Nazi IT departments

Quoted text here. Click to load it


Get back to us after your own company has had a visit from
one of the TLA's, informing you that one of your ex-employees was
a spy who stole your technology for the benefit of a country with
a history of violence, repression, and war upon other countries.

And no, I am not speaking hypothetically. There have been enough
attempts at the organization I work for that the security teams
receive specific training about dealing with detected spying.

Re: Defending yourself against Nazi IT departments

Quoted text here. Click to load it

Access your own services using resources that don't belong to you.  Please
explain how you justify that.



Re: Defending yourself against Nazi IT departments
wini wrote:
Quoted text here. Click to load it

OK, no need to get personal. You have no reason to call me a moron, nor
to assume I am a moron.

All I can say is thank Christ you're a yank and very unlikely to work in
my environment. If you were to, and try that crap on any of my networks,
you would be sacked, sued and prosecuted. And you WOULD be detected.

I never suggested you did any harm - at least not as far as you are
concerned. Unfortunately, you are subverting the organisations security,
especially if you are installing Java when there is no business
requirement to do so.

As a contractor, you are paid to do a job of work, not to buy knickers
for your partner hence the harm is obvious.

As an aside, wasn't your original post just a thinly disguised piece of
spam? I refer to the line "8. Start our preconfigured proxy version of
the Firefox portable browser (*)."

Bottom line: You ARE doing harm. You are breeching your employers
security and by installing unauthorised software you are reducing the
overall security of your employers systems.

BUT, it would appear that you are SO arrogant that you will not accept
this and in your world, you are completely justified.

However, you have, in a round about sort of way, answered my question.
Why do you think it is acceptable to breech your employers security
policy? Because you are arrogant and you do not understand the security
requirements of your employer. I just hope you are not contracted for
security work.

Bogwitch.

--
Posted via a free Usenet account from http://www.teranews.com


Re: Defending yourself against Nazi IT departments

Quoted text here. Click to load it

By your own notebook and get a mobile broadband account.



Re: Defending yourself against Nazi IT departments

Quoted text here. Click to load it

That is a possible solution, but why the heck should I do that when this
solution is so much cheaper.

Regarding the responses to my post I realize that there are a number of
Nazi IT specialists on this group. I guess certain type of people have a
strong urge to control other people. I have to say I feel liberated now
when you no longer can control me :-)




Re: Defending yourself against Nazi IT departments
wini wrote:

Quoted text here. Click to load it


Ehm... it's their job, damn it!

Quoted text here. Click to load it

You'd wish...

Re: Defending yourself against Nazi IT departments
Quoted text here. Click to load it

Because someone else pays for the resources that you use unauthorizedly?

This may come as a shock to you, but you do not have a natural right to
use resources that belong to someone else. Especially not if that some-
one has taken steps to prevent you from using said resources.

Quoted text here. Click to load it

By "control other people" you apparently mean "prevent other people from
abusing company's resources".

cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich

Re: Defending yourself against Nazi IT departments

Quoted text here. Click to load it


Bad logic works for you??

Your recipe only works if you have *already* installed something
on your home machine, but the whole premise of your posting
was that you are starting from work -before- you've installed
anything on your home machine.

It is as if you had written,

"You are at work, and you want to use a hammer -now- (immediately,
before going home), but your workplace Health and Safety Committee
won't authorize recreational use of a hammer. Here's what you do:
you go home and you tie a long long fishing line to your hammer at
home, and then you go to work and you reel in the line at work until
your hammer reaches you."

Well, duh, if you need to use that hammer *now*, then you can't
go home and prepare the fishing line and go back to work. If you -did-
have time to go home, then you could just use the hammer at home and
you wouldn't need to go through the rigamorole. So your solution
doesn't solve the situation that it claimed to solve: that you have
no hammer and made no advance preparations and you need the hammer -now-.

The recipe you posted is a recipe for *premediated* violation of
policies, not the claimed recipe for relief of acute and unexpected
need to violate policies.


I would suggest that you consider getting yourself a Palm Trio and use
that to surf the net wirelessly. You can get wireless telnet programs
with terminal emulators if you need to be able to access your machines
at home. Or since it's supposely your wife's favorite lingerie site,
prepare yourself by taking down their phone number, and then calling
in your order.


At my workplace, if you deliberately violated our IT policies, your
company would be told that you were no longer welcome on our
premises, and your company would be reminded that we hired the
company rather than the person, so your company would be responsible
for providing an acceptable replacement worker. If you happen to be
the only employee of your company, tough luck: you'd still be
responsible for meeting the contract goals even if you have to take
a loss to do so by hiring someone else to do the work. Oh, and
non-completion of a contract nets a non-compliance note in the
unified purchasing system of our very large organization...


Re: Defending yourself against Nazi IT departments

Quoted text here. Click to load it

I guess I would not work for you.

I understand the importance of firewalls, but they are being misused by
many Nazi IT departments. I simply decided to circumvent this limitation
and it works. The same concept probably works for millions of other
users that do not tolerate Nazi IT departments. Why should I suffer and
pay extra for expensive equipment, which I do not really need.

Re: Defending yourself against Nazi IT departments
Quoted text here. Click to load it

Your posting IP address is in the USA, but it sounds to me as if
you are not overly familiar with the terms of the US Computer Fraud
and Abuse Act (1986). That's US Criminal Code Title 18, section
1030 and thereabouts.

One might as well ask why you should have to suffer and pay
extra for an expensive car, when you have a method of hot-wiring
other people's cars to "borrow" them when they aren't using them.


The fact that you work on contracts for companies suggests to me
that you are probably not entirely familiar with the laws and
regulations that their IT departments must operate under. Are you,
for example, familiar with what is required for Sarbanes-Oxley
compliance? Were you aware that the legislative branch of the
country I live in gave a government department the authority to
make IT regulations, and that government department thence adopted
as regulations certain clauses that were strongly
recommended by the national domestic security agency, with the effect
of those regulations being that in organizations subject to the
regulations, it is -required- (if they have a firewall at all)
to block outgoing accesses except to locations the organizations
can prove are necessary for their operations? Are you aware that
for certain private information that we deal with, that the
-minimum- fine upon an auditing agency detecting a *potential*
for a leak, is $25000 per day?

So are we operating a "Nazi IT department" and restricting access
just because we get off on controlling people -- or are we just
doing the best we can to comply with multiple jurisdictions'
laws and regulations?

Re: Defending yourself against Nazi IT departments
Walter Roberson wrote:


Quoted text here. Click to load it


That sounds like the S in BDSM.

Quoted text here. Click to load it


That pretty much sounds like the D in BDSM.

Quoted text here. Click to load it


That's the B in BDSM.

And I guess running Windows on the machines makes the M.

*SCNR*

Site Timeline