Full Disclosure mailing list archives

RE: Blocking Music Sharing.

From: "Jonathan A. Zdziarski" <jonathan () nuclearelephant com>
Date: Wed, 17 Sep 2003 01:47:56 -0400

In my current situation - I can't enforce crap because the biggest offender
is one of the VP's.


Heh that could be a BCM (Bad Career Move) for you.  Seriously, if the
president or CEO doesn't care, and you can't enforce it from a
technological standpoint, you're really down to two options: let it be,
or if you feel that strongly about it consider moving to a company with
a different corporate atmosphere...I haven't been privy to this whole
thread, but I still don't understand why you couldn't simply block
ports?  If he's a VP, he may not be savvy enough to bounce on port
80...or it may not be worth the trouble.  Worst case scenario, you could
block access to the ports AND the servers he's connecting to and play a
little cat and mouse game.

Examples are kind of difficult because every culture is different.  What
might nail the VP to the wall at one company will get _you_ fired at
another company.  I think the best protocol would be to gather all the
evidence into a nice little hard-copy portfolio (CEOs love hard copy)
with some usage graphs (CEOs love graphs), and present it to the CEO
(CEOs love presentations) as informational...saying "we tracked this
user's behavior and uncovered their identity to be Joe X"...and if your
opinion is valued at the company you might throw in a "this could create
a potential liability for us" but I wouldn't take it any further than
that.  Suggesting a flogging is certainly not appropriate unless asked
for your opinion.

I'm certainly not a management guru, but from my experience working both
as and with company execs, I can tell you that a majority of them don't
like non-management trying to run the company, which is what they will
perceive you try and do if you do anything more than what I suggested. 
A humble appeal is certainly the best approach to this situation..and if
they don't listen, check out some other opportunities - it will
certainly look good on your next interview if you are leaving your
current company because you hold yourself to a higher standard of ethics
(if that is indeed your reason).

Jonathan




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Re: IE Object Type Validation Vulnerability Exploit, (continued)
- - - Re: IE Object Type Validation Vulnerability Exploit Cael Abal (Sep 18)
  - Re: Blocking Music Sharing. james (Sep 15)
    - Re: Blocking Music Sharing. Sam Baskinger (Sep 16)
    - Re: Blocking Music Sharing. morning_wood (Sep 18)
    - Re: Blocking Music Sharing. Azerail (Sep 18)
  - RE: Blocking Music Sharing. Ron DuFresne (Sep 15)
    - Re: Blocking Music Sharing. Cael Abal (Sep 15)
    - Re: Blocking Music Sharing. Ron DuFresne (Sep 16)
    - Re: Blocking Music Sharing. Jonathan A. Zdziarski (Sep 16)
    - RE: Blocking Music Sharing. Rick Kingslan (Sep 16)
    - RE: Blocking Music Sharing. Jonathan A. Zdziarski (Sep 17)
    - Re: Blocking Music Sharing. srenna (Sep 17)
  - Re: Blocking Music Sharing. Kristian Hermansen (Sep 15)
- RE: Blocking Music Sharing. Albert Saerong (Sep 15)
  - websites and privacy n30 (Sep 15)
- RE: Blocking Music Sharing. Zach Forsyth (Sep 16)