Slashdot Mirror

← Back to Stories (view on slashdot.org)

Do IT Pros Abuse Their Power?

Posted by Soulskill on from the hahahaha-yes dept.

An anonymous reader writes "I have noticed that many airports and hospitals I've visited have some kind of internet usage policy in place. Some use software similar to Websense, which effectively blocks sites based on blacklisting them by category. A commonly used blacklist prevents users from accessing 'forums or discussion boards,' yet I find that often these networks allow users to access sites like Fark, Slashdot, Digg and other message boards that appeal to the technical culture one might find in the IT world. In your experience, do IT administrators abuse their supervisory powers? Has there ever been a backlash from users or management for doing so?"

7 of 460 comments (clear)

  1. Since when.. by dr_strang · · Score: 5, Interesting

    ...are Fark and Digg considered 'technical culture' sites. Seriously, this isn't 2001. Last time I checked, the Internet had sort of entered the mainstream and 'slacking off at work' isn't really considered exclusively IT.

    --
    This is a sig. It is like every other sig in the world, except that it is mine, and it is different.
  2. Power Corrupts... by PCGod · · Score: 5, Interesting

    Absolute power, is even more fun!</bofh>

    Yes, we did have something like this happen where I work. Our IT group ended up blocking all social networking sites. Our marketing department raised a fit because they use Facebook for business purposes.

    1. Re:Power Corrupts... by 2stein · · Score: 5, Interesting

      Yes, we did have something like this happen where I work. Our IT group ended up blocking all social networking sites. Our marketing department raised a fit because they use Facebook for business purposes.

      At the place were I currently work we have kind of a "feel free to use the internet as you wish" policy. This actually works out quite well. Sites are not filtered specifically. They basically say "hey, if you end up doing illegal stuff, you're screwed, otherwise we don't care as long as you get to do your work."

      I used to work for a financial institution before that. And they had sort of a lockdown-mania. Filtering proxies (no checking your private web mail - could be used for stealing information), read-only USB mass storage, scanning outgoing e-mail attachments etc. I guess, these rules came in place because of management being scared to death by compliance requirements, not because of IT admins abusing their power.

      And BTW: Had I wished to steal massive amounts of data, I could have still simply sent them via e-mail in a password-encrypted archive. It's a matter of trust, not only of making it difficult. So basically powerful and clueless management are equally effective as power-abusing admins.

    2. Re:Power Corrupts... by Cederic · · Score: 4, Interesting

      And everybody in my extended team have web browsers on the mobile phones anyway, so if we do want to look something up we don't even need to use company resources to do so.

      Of course, it'll be quicker to use a proper browser on a proper monitor with a proper keyboard, but that just highlights the fallacy of locking things down to promote productivity.

  3. Do power users abuse their IT knowledge? by Wonko+the+Sane · · Score: 5, Interesting

    How many people here get around their workplace's blocking software by running an SSH tunnel to a proxy server on their home network?

    1. Re:Do power users abuse their IT knowledge? by iangoldby · · Score: 5, Interesting

      I don't understand why people always try to "get around" these restrictions. If there is a legitimate business need, then get it approved.

      I suppose it depends on the size of the business. Where I work, it is usually impossible even to find out who is responsible for a particular policy. As for actually getting a policy changed, you'd be better off pissing into the wind.

      Whenever I need information from a blocked site (I'm talking about work-related information here), I just keep trying Google results until I find one that isn't blocked. Sometimes it can take fifteen or twenty minutes, when I know that the top result would have answered my question immediately. On occasions I send myself an email at home so that I can look it up after work, but why should I have to do this?

    2. Re:Do power users abuse their IT knowledge? by linuxrocks123 · · Score: 4, Interesting

      There's no reason you can't actually talk HTTP. See http://www.sensepost.com/research/reDuh/ for one of many examples on how to do this. And, once you have an arbitrary TCP connection, there's no reason you can't perform a public key exchange for SSH as usual, defeating your proxy's man-in-the-middle attack.

      Nice try, man, but you'll never be clever enough to accomplish what you intend.

      ---linuxrocks123

      --
      vi ~/.emacs # I'm probably going to Hell for this.