Surviorship Bias and Infosec
Well said sir. This reminds me of a company my friend "Bob" worked at, where they boasted "We haven't been hacked yet!" Only for "Bob" to point out that they have little-to-no monitoring in place to prove otherwise. Sadly that was when Bob started and it was when he determined his tenure may be short.
Kids at school watch porn in class (school PCs). Our IT maintenance guy was told to solve the issue. A colleague of mine suggested a DNS sinkhole, but she was told the IT guy "didn't know how that worked".
I'll try to set it up with him this week. Also, there is no wifi anywhere in the building although there is a timeline that contained it several semesters ago.
@jerry @m4iler Re: pi-hole this would work great if this can be configured at the router level. If the kids can manipulate the PCs to the point that they're changing the DNS server, then they've got too much control as it is. I'm sure with a bit of research your IT dept could lock down network controls and then you could blacklist some VPNs if they come up, but like Jerry said, kids are innovative.
When I was ~7 or so, my dad took me to the bank he worked at (didn't get fired). He went to a meeting and I found myself alone with his computer. I am told that when he came back, I had been sitting in his chair, smiling as if nothing happened and in his printer, there were a series of documents labelled "CONFIDENTIAL" about some loan processing error.
I still smile at the thought
@jerry @m4iler I agree with you. I've seen it from both a development perspective and now a security perspective - people get ingrained in their thinking and will not change without some type of outside force, like a hack or something equally unpleasant. Saying "I told you so" afterwards is a great way to make yourself a scapegoat as well. Can't save everyone unfortunately, so you need to know when to move on for your own sanity.
🤔 There is a similar statistical anomaly about the reporting of sexual assault cases in American university's:
More registered cases result from better services to the survivors so the statistical correlation shows the exact inverse of the distribution of *actual* (not necessarily registered) cases!
A Mastodon instance for info/cyber security-minded people.