Why You Don't Surf For Porn If You Work For The Government
from the defies-reason dept
Data leaks are bad. Data leaks by government agencies are slightly more irritating. But how about a data leak at a government agency, thanks to a state employee getting a computer infected with a trojan by surfing porn? In another triumph for reactive security, the trojan sat on the computer undetected for four months, and only came to light after the employee got caught surfing porn at work and was fired. Oregon officials say its "anti-malware filters" didn't pick up the trojan because it was so new, the security software didn't recognize it. Uh, okay, but the real cause of this problem is the bonehead employee looking at porn on a state-owned computer. Though the person got fired, will there be any repercussions for either them personally, or the state? That's pretty doubtful. Until that changes, don't expect to see these data leaks subside.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
WOW
[ link to this | view in chronology ]
Re: WOW
[ link to this | view in chronology ]
DUHHH
[ link to this | view in chronology ]
Norton subscription expired
*****Avast antivirus for 64bit****
[ link to this | view in chronology ]
Re: Norton subscription expired
[ link to this | view in chronology ]
Re: Re: Norton subscription expired
Excluding Linux, some of the best things can be free. Kaspersky I feel is better, but why pirate when Avast can be legitimately free, and why pay when, again, Avast is good and free. Save that money to support good PC games instead.
[ link to this | view in chronology ]
Re: Re: Re: Norton subscription expired
[ link to this | view in chronology ]
Re: Re: Norton subscription expired
[ link to this | view in chronology ]
Re: Re: Re: Norton subscription expired
[ link to this | view in chronology ]
Re: Norton subscription expired
[ link to this | view in chronology ]
Re: Re: Norton subscription expired
[ link to this | view in chronology ]
Re: Re: Norton subscription expired
[ link to this | view in chronology ]
Re: Re: Norton subscription expired
[ link to this | view in chronology ]
NOC
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re: by Simon
Users have a responsibility to use their computers as the tool for the task that the computers are given to them to accomplish.
Remember, Locks only keep the honest people honest.
[ link to this | view in chronology ]
Re: Re: by Simon
This is not even taking into account the intellect of someone stupid enough to cruise porn on the job... Much less a government job...
I do my best to educate people, but I may as well be speaking Swahili...
All the same, if everybody was a hotshot with a computer, I'd be looking for a job...
[ link to this | view in chronology ]
Re: Re: Re: by Simon
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
How about the CREATOR of the Trojan
we are so accustomed to malware threats, we lose perspective - but they are wrong for doing what they did. Also, trojans are NOT limited to just PORN sites
While you could blame the employee for being naive or the IT department for NOT locking down the computer, or NOT installing security updates - or even the anti malware software for NOT "pushing" updates...
The REAL Villan is still the criminal that created the program that installed that trojan.
[ link to this | view in chronology ]
Re: How about the CREATOR of the Trojan
[ link to this | view in chronology ]
Re: Re: How about the CREATOR of the Trojan
you getting viruses from CNN and FoxNews, ESPN, etc?
Company policy might allow news sites, but pretty sure surfing porn is against ALL company policies in most work places.
[ link to this | view in chronology ]
Re: How about the CREATOR of the Trojan
[ link to this | view in chronology ]
Re: How about the CREATOR of the Trojan
[ link to this | view in chronology ]
Re: How about the CREATOR of the Trojan
Pretty sure that while the creator of the Trojan is a villiian, the government employee didn't have porn surfing in his job description.
Last I knew, government workers were paid by taxpayer dollars.
So, if you pay ANY taxes, perhaps this might bother you. Unless society caused him to surf porn at work, against company policies..
[ link to this | view in chronology ]
IT Locked down
[ link to this | view in chronology ]
Re: IT Locked down
[ link to this | view in chronology ]
Re: Re: IT Locked down
Unfortunately, only after a security breach do things usually change. So you might think the "black-hat" is the bad guy but he is also the prime motivationg factor in the fight against IT Security apathy .... Not that I condone the actions of the Hackers, and Crackers and Freaks (oh my), but without them we'd all still believe that woefully insecure computer opperating systems were great time-saving tools. Do you remember how your friends talked up Windows when it pushed DOS aside? And how each consecutive wave was supposed to be the next greatest thing since sliced bread? What about OS2? How about Mac OS X? Each in their turn has been exposed to exploits and has show us their flaws. But ask yourself, if software were to be tested until there were no flaws how much of it would actually ever make it to market?
[ link to this | view in chronology ]
Re: IT Locked down
[ link to this | view in chronology ]
Re: Re: IT Locked down
[ link to this | view in chronology ]
Re: Re: Re: IT Locked down
[ link to this | view in chronology ]
Negative Externalities
[ link to this | view in chronology ]
Re: Negative Externalities
[ link to this | view in chronology ]
Re: Negative Externalities
- SRNissen
[ link to this | view in chronology ]
Re: Re: Negative Externalities
Sigh...
[ link to this | view in chronology ]
Re: Re: Re: Negative Externalities
Think of it like this: Either everybody has the same level of permissions (Which is going to be low by default) or you'll have to give some of your budget to IT so they can create a ranking system for the users. And if you get a high rank, and permission to fiddle with your PC, and something goes wrong, even if it isn't your fault, you'll take the blame because "you're supposed to know better" and they'll dock your pay and take your pension and make your wife cheat on you. That's how management works mang. Just accept the low-level permissons you have, and tell your manager to talk to IT every time you need permission for something you aren't allowed.
[ link to this | view in chronology ]
Re: Negative Externalities
[ link to this | view in chronology ]
Re: Negative Externalities
[ link to this | view in chronology ]
Re: Negative Externalities
Unless you are installing new software or creating users you have no need to write to the OS's core files.
Windows is the ONLY environment where this particular form of stupidity is the "norm". Get a clue & save yourself some effort.
It's not about your personal rights or privilege, it's about protecting the operating system installed on the machine, Both from it's users and the world in general.
[ link to this | view in chronology ]
The real solution is
Slow em down you say,You bet. Grind government to a halt, You bet. Eliminating every piece of electronic equipment they use will reduce government to a lost little kid just like it should be.
Oh yeah and if the idiots do manage to pass any laws they have to pay for them.
[ link to this | view in chronology ]
What they Don't tell you
[ link to this | view in chronology ]
Re: What they Don't tell you
ChoicePoint is the data collection firm that managed to sell 145,000 persons private information, including mine, and would have kept it a secret if not for the laws of California, which require notification of those at risk. The oinly reason the media found out was because of those notices.
I'm more interested in why the focus of most of the current investigation being done on behalf of the "War on Terror" is on American citizens!
[ link to this | view in chronology ]
Why You Don't Surf For Porn If You Work For The Go
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Fire IT
[ link to this | view in chronology ]
Re: Fire IT
However, firing IT because some ID10T user couldn't stay off the pron sites while he was at work is unreasonable and unfair. Any reasonable person would expect users in a work environment to maintain SOMETHING that resembles professionalism.
My 2 cents,
DeadBeatPoet
[ link to this | view in chronology ]
let me get this straight
[ link to this | view in chronology ]
Re: let me get this straight
[ link to this | view in chronology ]
VERY VALID POINT
Search Engines WEB
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Good programs
[ link to this | view in chronology ]
Good programs
[ link to this | view in chronology ]
OS
(sorry for the double post above - dunno how it happened)
[ link to this | view in chronology ]
The other aspect is, why don't they check where the data was being transmitted and try to contact local athorities (while it is a long shot, I suspect a lot of people using malware aren't too bright, the authors were, the users are often script kiddies using their parents' ISP).
Bottom line is that the network admin for that gov't office is a bonehead.
[ link to this | view in chronology ]
Re: achacha's comment
They were scuppered by environmentalists who insisted that people power down their desktop computers at night rather than leave them on standby, thus assuring that the 2am scheduled virus scans never happened.
[ link to this | view in chronology ]
The Problem is Internet Explorer
The problem is most corporate environments still have IE as the default browser, mainly because they can control it's settings via a central server. Also, if they were to switch to Firefox users could still do damage due to the lack of a standard way to lock down the browser, such as IE's Group Policy Settings.
Oh, and what sort of idiot browses porn in the government? Also, how did he not get caught for four months or more? Cubicles are a baaaad idea.
BMR777
[ link to this | view in chronology ]
this is like telling me the sky is in the directio
[ link to this | view in chronology ]
Cell phone
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Cell phone
[ link to this | view in chronology ]
Any office or business (government or otherwise) Should be keeping antivirus up to date. Having a Trojan, virus, or other malware is utterly unacceptable. It may be understandable to be vulnerable to attack for up to a week after a new threat is released. however ANY anti virus should be checking for updates at least once a week, and scans should be performed at least once a week.
So, given the worst case a computer would be vulnerable for less than 7 days (assuming updates are scheduled to be applied before scans are scheduled.)
I suspect the employee was fired not because that the virus was there, but because in most ANY place of employment viewing porn at work is agenst policy. Its a HUGE liability for a sexual harassment lawsuit. Its blatant miss use of company resources for both systems, time and bandwidth.
but getting to the point. Why was this in the news? why does it stir up such debate? because 1. Its a government agency, and we as a society expect our government officials to be doing "good" and someone has been caught doing something "bad". 2. because it involved potential compromise of personal data and/or confidential information. 3. because (GASP!) it shows the fallibility of government network resources.
So begins the blame game. We feel something wrong has been done. An injustice committed. As such we demand the guilty be found and punished accordingly! But who do we blame? The misguided employee who thinks its ok to surf for porn at work and got a virus from the websites? The IT department for failing to follow good practices in maintaining anti virus definitions, updates and scans, or using web filtering? Or do we blame the author of the software? do w blame the person who placed the Trojan on the porn site? do we blame the porn site that had the Trojan on it? The possibilities are endless.
Personally I think that the employee deserved to be fired, surfing for porn on the job is just plain stupid. The IT department needs to be reprimanded for not providing for the security of the network in a timely manner, and changes in policy need to be implemented as well. Any and all traceable information needs to be given to the proper authorities to attempt to research the origin of the Trojan and the party receiving information thru it. And the web master for the porn site should be contacted to advise them of malware being spread via their services.
[ link to this | view in chronology ]
punish everyone
Well, surfing porn whlie your on the clock suposedly earning a paycheck to do ANYTHING, wether you work for the govt. company xyz or even a grocery clerk, plain and simple dont abuse the system, and the rest of us wont kick your ass for messing it up for us that want to get some work done.
Americans love to blame everyone else, its not my fault, its because it wasnt locked out, thats why I was surfing porn. Its not cause your a sick f*** that nees to see your porn 24X7. I think if you cant go a few hours without seeing something nekid you have a serious mental issue that you should seek out immediate psycological assistance, go go do it NOW, you sick f***... I bet you could see someone do something wrong they will blame someone else, you go to them, they will in turn blame someone else yet, and so on, till it reaches all the way around the world a few thousand times.
Anyway, Ill admit I have surfed porn, never at work, I have been infected with trojans (ironic if you ask me, porn, trojan, condoms...) Anyway, GET BACK TO WORK YOU TAX HOARDING GOVERNMENT SLACKERS.......
One more thing before I go, turn off java scripting, turn off active X and put your browser on high security or just use some Mozilla or something without the access to them. You will see a dramatic reuction in invasion attempts. This will not stop an attack if you download and install a program that had the installer infected with a trojan or malware.
I only have one thing to say to those who take advantage of weaknesses and write viruses, trojans and data miners, go take a long walk off a short pier.
Well, as much fun as typing this was, my break is over and I have to go do that which puts food on my table and a roof over my head. later all.
[ link to this | view in chronology ]
this is sick
[ link to this | view in chronology ]
Porn Surfing @ Work
Although many would find this annoying, I really believe that it is a good use of taxpayer money.
[ link to this | view in chronology ]
India Outlaws Children's Songs
http://www.excite.co.jp/News/odd/00081150350974.html
[ link to this | view in chronology ]
Hey, what can we say?
[ link to this | view in chronology ]
Pr0n ftw
A. Nobody should be stupid enough to be surfing porn at work.
B. The IT dept should be smart enough to have updated antio-malware pushed to all the workstations
C. There should have been anti-pr0n filters on the network.
D. The only good trojans are purchased at the pharmacy
E. Online pr0n isn't worth surfing
[ link to this | view in chronology ]
Re:India Outlaws Children's Songs
And engineering is in any way related to black sheep???and whats the relevance of posting here???
[ link to this | view in chronology ]
porn
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Idiot
[ link to this | view in chronology ]
[ link to this | view in chronology ]
porn in the ass...ets
[ link to this | view in chronology ]
No thats not why
Government using Windows.. no wonder our government is so messed up!
~blitze
[ link to this | view in chronology ]
Avast
Kaspersky is much better software
Kaspersky includes a pop-upblocker, firewall, automatic updates, automatic scans(several), Web Mail scanning, Anti spy and hacker, and a system that finds malware that is not in teh database(aka brand spankin new virus)
[ link to this | view in chronology ]
Around here there's certainly reprecussions...
Around here, TPTB prosecutes civil servants fired for surfing porn on work computers or improper email for misuse of gov't property.
[ link to this | view in chronology ]
Government employee surfing porn
[ link to this | view in chronology ]
Porn Surfer
[ link to this | view in chronology ]
Why You Don't Surf For Porn If You Work For The Go
It seems commonplace to just load up MS Office Professional and several other apps and call it a day. No one questions whether certain positions need Outlook, Access, or IE, it just gets handed to them like name badges on their first day. Often, there is no training to go with these new applications and thus the nightmare begins. People who may never have owned or used a computer before in their lives now have the latest and greatest system at their finger tips.
I've seen shop floor assembly workers with full blown systems that have Office w/Outlook and full web access. The reality is that they may get two emails a month and only use Office to open Word formated procedures. All they really need is Word or PDF reader software so they can view those procedures and someone to hand them the couple of memos which come from HR or whatnot throughout the month. But the get the whole shebang and then surf the web or play Solitare or Hearts on their breaks and at lunchtime. If they didn't have access to as many apps/services, they couldn't cause as many problems.
I realize that this would take some extra work and that it would affect Enteprise Licensing budgets and a variety of other like issues, but considering the cost of cleaning up some of these messes, would those costs be justified in the long run.
[ link to this | view in chronology ]
Sorry
The reality is that locking down a machine is not a fix. Sure it will prevent most software from being installed (that require administrative priviledges), but most spyware/virii do not need administrative priviledges to install itself. These spyware/virii developers are much more crafty than their corporate counterparts such as Symantec/Microsfot, etc... These companies mostly have software that depend on signature based definitions that look for behavior patterns of an already identifed spyware/virus program. This is reactive, not proactive, which means that all the new viruses/trojans/spyware can be installed on all of our machines without us knowing until these companies find out about it and provide an updated definition or security vulnerability fix to patch it. So this problem can happen to every single one of you, and none of you can completely eliminate the risk of getting these virii/trojans on your network, but at most minimize the risk by installing the most up to date software techniques to catch the already identified virus/spyware.
There are some software programs on the market now that are behavior based versus signature based such as Cisco's CSA, or some more intelligent in-line Intrusion Prevention Systems, but for the most part, they are not as far along as the virus/spyware developers are. Most content filters are close to worthless because the porn/spyware companies are poping up new domains everyday and the blacklist or content blocking heuristics will never be completely up to date.
So quit calling everyone stupid, because your network is catching all the same crap as everyone else, unless you have a network of one or two PC's and have just gotten lucky.........
Love,
Pablo Escobar
[ link to this | view in chronology ]
What is the internet for?
[ link to this | view in chronology ]
HELP! I'm looking @ p*rn on company pc!
I may work like crazy & get lots done in 3 hours, then I want to kick back & just "surf", to say that I dont sometime surf over to a little bit of xxx action would be a lie.
This is a great job & I dont want to get fired.
I've downloaded disk cleaning & internet privacy software that seems really good, I'm fairly certain my computer is clean. But I'm ignorant as to what exactly anyone looking could find if they searched the server.
Is it tags?
Is it address', what?
Our office has 7 computers, networked and going through a server which "backs up" every day after we close. We dont have an IT department or anything like that. So if I look at some questionable sites & immediately after I finish & I run the "cleaner", am I still at risk of someone seeing what I looked at?
I guess what Im asking is how does it all work?
Is there a work around? Is there software out there that I could install that would prevent any of what I do from going to the server?
What exactly can be retreieved from the server?
is it just website addresses they see?
What if I go to sites that don't have anything "descriptive" in the address, such as "www.flurl.com", where there are a lot of great vids, but in the address bar there's nothing but a bunch of non descript code...?
[ link to this | view in chronology ]
Re: HELP! I'm looking @ p*rn on company pc!
In order to access the internet, your connection goes THROUGH the company server. You don't have the admin rights to bypass the server so that you can continue to look at porn on the clock. You want to do it at home? that is your choice as long as it is not kiddie porn. You don't have permission to "clean" your access from the server. If your conscience is bothering you, have you considered just not surfing to the questionable sites? Your days are numbered...
[ link to this | view in chronology ]