@jerry
Well said sir. This reminds me of a company my friend "Bob" worked at, where they boasted "We haven't been hacked yet!" Only for "Bob" to point out that they have little-to-no monitoring in place to prove otherwise. Sadly that was when Bob started and it was when he determined his tenure may be short.

@JohnsNotHere @jerry Is it a CLM to tell your superiors they are fucking retarded? Oh boy, I'd best embrace the "job-hopper" attitude while I still have time!

@m4iler @jerry In so many words - yes. But it's best to try to point out benefits and try to get them to change for the better. When they start acting like the three monkeys (see no evil, hear no evil, speak no evil) then that's when it's time to pack up and save your career (and sanity).

@JohnsNotHere @jerry Well, I actually have a Bob at the school where I teach, so I kinda know what I'm dealing with.

Kids at school watch porn in class (school PCs). Our IT maintenance guy was told to solve the issue. A colleague of mine suggested a DNS sinkhole, but she was told the IT guy "didn't know how that worked".

I'll try to set it up with him this week. Also, there is no wifi anywhere in the building although there is a timeline that contained it several semesters ago.

@m4iler @JohnsNotHere a pi-hole (possibly running on a server rather than a pi for capacity) would do a respectable job and is super easy to set up. Also, opendns can let you filter by category. But be aware: kids are smart. The know about VPNs, changing DNS, etc

@jerry @JohnsNotHere Well I am currently assuming they can't change this stuff on school PCs. If they can, all bets are off.

@jerry @m4iler Re: pi-hole this would work great if this can be configured at the router level. If the kids can manipulate the PCs to the point that they're changing the DNS server, then they've got too much control as it is. I'm sure with a bit of research your IT dept could lock down network controls and then you could blacklist some VPNs if they come up, but like Jerry said, kids are innovative.

@jerry @JohnsNotHere Oh tell me about it!

When I was ~7 or so, my dad took me to the bank he worked at (didn't get fired). He went to a meeting and I found myself alone with his computer. I am told that when he came back, I had been sitting in his chair, smiling as if nothing happened and in his printer, there were a series of documents labelled "CONFIDENTIAL" about some loan processing error.

I still smile at the thought :ablobowo:

@m4iler @JohnsNotHere I have been working for 30 years now and I have never once seen this go well. Not saying it can’t happen, but I’m skeptical.

@jerry @m4iler I agree with you. I've seen it from both a development perspective and now a security perspective - people get ingrained in their thinking and will not change without some type of outside force, like a hack or something equally unpleasant. Saying "I told you so" afterwards is a great way to make yourself a scapegoat as well. Can't save everyone unfortunately, so you need to know when to move on for your own sanity.

@jerry

🤔 There is a similar statistical anomaly about the reporting of sexual assault cases in American university's:

More registered cases result from better services to the survivors so the statistical correlation shows the exact inverse of the distribution of *actual* (not necessarily registered) cases!

Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.