Slashdot Mirror
Porn-Surfing Execs Infecting Corporate Networks With Malware
wiredmikey writes "According to a recent survey of malware analysts at U.S. enterprises, 40% of the time a device used by a member the senior leadership team became infected with malware was due to executives visiting a pornographic website. The study, from ThreatTrack Security, also found that nearly six in 10 of the malware analysts have investigated or addressed a data breach that was never disclosed by their company. When asked to identify the most difficult aspects of defending their companies' networks from advanced malware, 67% said the complexity of malware is a chief factor; 67% said the volume of malware attacks; and 58% cited the ineffectiveness of anti-malware solutions."
It doesn't even include any of the URLs to go to!
last time i saw an article about that on /. it was stating how most porn sites have very little malware and most malware comes from stupid wholesome crape like smileys and bars and other retarded crap the mouth breathers think they need to install
The obvious solution is for corporation to provide safe porn on their internal networks. What could possibly go wrong?
The razor hard at work.
-- Mel Brooks, "History of the World pt 1"
Laughter is the Spackle of the Soul.
and 58% cited the ineffectiveness of anti-malware solutions."
So the majority of experts agree the existing solutions are ineffective. And yet the solution remains the same: Buy more of it.
#fuckbeta #iamslashdot #dicemustdie
The top threats listed in TFA are all common-sense things to avoid with work machines. (Visiting porn sites, letting family members use equipment, installing malicious mobile apps, and falling for phishing emails.) There is a reason us IT folks tell people not to do these things at work.
It gets 'em every time.
When I read these stories on slashdot about some random drive by viruses/malware these users are picking up it always reminds me of the joke where you add "in bed" to the end of a sentence because all these stores are for windows and not linux and probabaly not apple either.
So if the submitter won't doi it, or the slashdot editors won't do it, the next time you read about malware infecting a bunch of users computers don't forget to add "in windows" to the end.
Is executives trying to claim sovereign immunity to IT regulations.
I doubt those of lower rank would be given anything but a pink slip if they were caught doing the same thing.
Remember, the spooks don't care what site they spoof to infect your system when they're doing industrial espionage.
And there's a reason why the executive suite doesn't listen:
"You're not the boss of me!"
(Supported by "If anything does happen, it's your fault anyway.")
Welcome to the Panopticon. Used to be a prison, now it's your home.
I know many executives who let their family use their company computer for home use.
As old as graffiti as new as twitter. Ubiquitous, indomitable, insatiable.
I was the execs personal IT support (not my job, but hey) in the last company I worked for.
One day the CEO brought his "wife's" laptop for me to fix because it was really slow.
I had never seen so much and so varied porn on one persons computer before. I learned so much back then...
So, none of this mentions the lack of a proper security design in the Operating System. When someone says run a program, it let it use this much ram, this much cpu, and this folder.... that should be it.
But no existing commodity OS lets you do that, does it? Until capability based security becomes the norm, this will never be fixed, and information security jobs will flourish.
I've never understood why people do stuff like this. Years ago I recovered data from a CFO's laptop, only to find the thing filled with porn. Senior managers generally make enough money to have personal devices to look at porn on -- why do they risk the embarrassment of being discovered misusing company resources? I guess now that I think of it, the CFO in question wasn't fired (or even really disciplined) for this, as far as I can tell, so maybe senior managers just think that they're important enough that rules and common sense don't matter. If the laptop had belonged to a lower-level employee, he or she probably would have been disciplined.
Facts have a liberal bias.
member the senior leadership team
Bwahaha! "Leadership". That's a good one.
And executives visiting suspicious porn websites is, obviously, not a problem whatsoever
If employees were bypassing security, and getting their machines and the network infected en-mass via porn. One of two or both would happen:
A. A very stern email would go out to all employees regarding the issue.
B. A whole lot of employees would get canned.
Since it's executives, there will be no scolding or even talk of it. Not to mention their security for no good reason is low, so they access anything they want on the internet. It will just keeping going on. After all, this is hardly news. It's well known (at least in support) that executives have been infecting their machines and the network by the sackful for ages. When I did internal corporate IT support, I personally saw it. Over and over and over. The standard course of action? Remote into their machine, silently remark at the sheer number of porn related icons on their desktop, start removing things (toolbars too), climb around in the registry fixing all the damage the porn did, patch anything I had to, and then disconnect - walking away from the whole matter without a word. Also, these events were never properly documented to protect the executive, and therefor my job. The funny thing is, a lot of the higher ups would watch me while I was remoted into their machine, seeing everything they had been up to - they truly didn't give a shit due to their level of authority. I sometimes wondered if they got off on it. No shame at all.
Brought to you by Carl's Junior.
This is not 40% if executives infecting phones. In fact, based on the article, we don't know how many execs get malware on their phone. However, out of that total unknown percentage of execs with malware, 40% of them get their malware from porn sites. The summary is using a method of lying with statistics, letting the reader infer something that isn't true by showing a similar true statistic.
This statistic wasn't even the point of the article, but rather that breaches are not being reported by companies.
http://yourbrainonporn.com/
All that needs to be said...
I really want to say "UNBELIEVABLE", but it's all too believable.
Apparently it's just too much to ask that some jackass making over a million a year show a tiny little bit of emotional maturity and/or professionalism and NOT view porn at work. More is expected of teenagers at their first minimum wage job than that.
Why do porn sites have more malware than other sites?
It stands to reason that porn on the internet shouldn't have any more to do with malware than sports on the internet. Both are popular with about the same demographic and both are providing an entertainment product.
By now, considering the money associated with porn and the relative competiton, porn sites should be like any other site selling entertainment, wanting to maintain a "safe" shopping experience for their customers lest they take their entertainment dollar to a competitor who will provide that experience.
Is it all tied to the shame of sex? You can rip someone off looking for erotica because it's dirty and they won't tell, but if you rip them off selling them something else they'll bitch to their friends but not be embarassed about watching sports, for example?
This kind of makes sense, but at the same time, it runs against the profit motive of a porn site operator who has more incentive to sell you a recurring subscription and keep you as a customer than earn 10 cents providing a malware download and chase you away.
Let's create a list of malware free porn sites and call it executive porn-hub ~^x^~
I was once googling for "evacuated cylinder solar collector", and cmd-clicking all the links to open a batch of tabs to vendors of such. A few dozen tabs in, I looked over at my secondary monitor, and it was filled with a porn site. So you see, I "visited a pornographic site" that day.
Any executive who gets a virus from a porn site instead of a hooker is grossly incompetent and should be fired.
There is a reason us IT folks tell people not to do these things at work.
PERHAPS; it would be more credible if IT folks would actually explain a plausible reason, every time they tell people not to do something.
People will assume you're telling them not to surf porn, because it's against the rules, or because you in IT feel that is immoral, and maybe you warn them about "malware" as a scare tactic to try and keep them doing what you want them to do, instead of what they want to do.
(Supported by "If anything does happen, it's your fault anyway.")
No... this is when you bring them a paper; "Please sign here that you agree that you will have exclusive responsibility for the security of this workstation which will be excluded from the security rules --- you understand the risk, and the concerns of the IT department, attempting to maintain due care with regards' to the security of the organization's assets and proprietary and sensitive information."
Copy in triplicate; keep a copy for your personal files.
I work in a major Bank and the support staff tell me the senior execs are all kept in a separate isolated LAN, not because of the security of the documents they work on but because they access so much porn and torrents etc that their bit of network is riddled with crap that needs daily cleaning up. And some of the porn is very much in the jail time category.
I want a list of atrocities done in your name - Recoil
Yep, above the law, above company policy...these modern lords "tax" by paying woefully less to the peons than their labor is worth (usually less than half the profit created by said peons is returned to them) . A majority provide only the "leadership" of following the latest trends from books or from successful start-ups...except the execution is typically poor because they try to do it cheaper. Anyone who has worked for a corporation probably recognized the enthusiastic rantings every time some new initiative comes down the line...full of bluster, slogans, posters...and little substance.
The primary qualification for most executive positions is to be found on their facebook/rolodex/speed dial list: who they know.
And for this, they seem to ever more see themselves as superior.
And so they jack off to internet porn behind a desk that costs more than they're willing to pay their employees in a year.
These porn-surfing execs are just taking a more "hands-on" approach to management and want to make sure they have a firm grasp on their critical infrastructure.
It gives new meaning to The Peter Principle.
You are welcome on my lawn.
What you need in this case is a CISO with a hell of a backbone who cares more about doing his job than about keeping it.
In other words: Good luck.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Management and bosses aren't peons and want carte blanche when it comes to IT. At my work we had a problem with people using facebook and porn. Its a small shop with about 20 PC's and there were only two culprits: the office "manager" who spent her entire day on FB and a skeevy shop worker who used his PC for porn. The office manager tried to hide her addiction but she was caught time and time again with FB open. She once had the nerve to tell an overworked and overloaded secretary that she was too busy to help her when in reality she was on FB. At least the skeevy shop guy didn't give a shit. You could walk by his machine and see him sitting there watching the sickest shit imaginable. The worst was when he showed me this clip of a quad amputee getting gangbanged by 10 or so guys. He had no shame.
So those two clowns earned the entire shop a Barracuda internet filtering device (a total PoS) at the bosses demand. I opted myself out of it and gave the general manager a very relaxed filter which I think only blocked porn. The boss wanted to "play with it" so I had to give him the password (how can I say no when he paid for it)? So he granted himself full access and of course I was in his office a week later cleaning malware off his PC (because you know, he is the boss and locked down security policies don't apply to him). My money is on porn.
And the barracuda was no picnic. It crapped out every week needing a re-image. And there were times when the filter blocked legit sites because they were listed as a blocked category when they weren't (eg a commercial vendor site marked as entertainment). Then there were times it simply needed a reboot when the internet speeds came to a crawl. They fired or should I say forced out the office manager and the skeevy shop guy got paranoid when he thought the boss was watching him watch porn. So after only six months I canned the barracuda as all it did was create more problems than it solved and the problems went away.
This sounds great on theory, but in practice the users think you re jet making risks up to scare them into complying. The reality is that most users who are in positions that earn the company money do not know or care how their computers work.
I was smart enough to ensure my technical advisor was competent and would refuse to support Mac OS X or MS Windows.
hmm and for that matter any and all non-free software.
For the pron, get a linux box please!
There is a spark in every single flame bait point.
middle management execs are nasty.
I have a family member who is a VP at a top 100 company. I've spoken to him and he mentions that they don't worry about IT coming
after execs that high up and porn. I was shocked and tried to warn him that it just gives the company a good out if something should
happen, yet he continues to surf porn. As I work in IT and as one of my former jobs was to monitor the midnight biology lessons that
would take place and report on them, I found this both disturbing and pissed me off. Here I am busting my ass to keep the company
safe yet these blue chip twats were sodomizing the company and my work.
Lets not forget the big picture here. While they may be violating IT policy, possibly opening the network up to many infiltration risks, and potentially costing many hours of lost productivity across many departments; this is all true.
The fact is, before internet porn, they were spending their time between meetings giving HR headaches with torrid office affairs and sexual harrasment lawsuits.
Believe it or not, this is cheaper.
"I opened my eyes, and everything went dark again"
Is this because porn sites are serving actual exploits that use Flash or browser bugs, or because people downloaded and ran .exe files?
Reading from the article: Visiting a pornographic website (40%) Clicking on a malicious link in a phishing email (56%) Allowing a family member to use a company-owned device (45%) Installing a malicious mobile app (33%) Are these numbers cited from each individual that was polled or from the entire group of 200 people? Furthermore, they don't seem to add up. Finally, I remember when some 20 years ago when I installed my first proxy cache with site blocking capabilities and it blocked almost all porn sites. Are you telling me that major corporations with over 500 people or for that matter even 50, don't have a site blocking package installed today? I call shite on a report paid for by a malware company whose primary goal is to sell the same crap that apparently doesn't work today.
What, that the "wife" was a dirty little whore that failed to keep her personal photos secret?
PHB: Alice, my laptop is slowing down. Can you take a look at it?
She's a killer man!
Chas - The one, the only.
THANK GOD!!!
The "well known" paid for and free porn sites try hard to keep their servers free from malware. It's the ad servers they use to generate income that usually get infected. The other way to get malware from going to porn sites, is going to malware sites that use the promise of free porn to get you to click on stuff.
The best way to prevent this from happening if you can't do anything about the browsing habits of your users, is to block all ad servers, regardless of what site they serve ads on on your firewalls and web proxies. We all have seen regular stories of some big "normal" web site spreading malware because the company they use for serving ads has slipped up or got hacked. As long as ad services aren't careful enough, they deserve to be blocked. That may mean that websites that have a business model that provides content paid for by ads, will not have any income. They can solve that by selling ads served on their own servers again, until the ad serving businesses get the message and start paying serious attention to malware.
That still leaves you with people going to malware sites. There are filter lists and appliances for that, but they are never 100%, just like virus scanners are. It takes people getting infected and the industry reacting to those before some form of block can be established. If you can't educate your users, this will always remain a problem, until someone comes up with some smart technology to prevent it.
I was promised a flying car. Where is my flying car?
As has long been show, the prevalence of malware is far, far higher on religious sites than on porn sites. You've got the WRONG GUYS!!!!
The more I get older, the more I realise that the majority of adults are essentially still children.
May the Maths Be with you!
So I guess we can add one more thing to the list of benefits for bossless offices: A more secure network.
When it comes to corporate IT, they're idiots at removing viruses. I'm head IT manager but also run a mostly residential computer repair shop. I know how to remove a virus! Anyone who doesn't remove viruses for a living does not. Its as easy as can be to delete any virus manually then clean up with other tools if you know what you're doing. Unfortunately, they do not.
Did he get caught when someone noticed an increase in loads on the equipment?
Yeah, all the old behaviors still exist from childhood. Maturity just takes off enough of the rough edges to not be continually abrasive. Well, in those that have matured anyway. About a third of population didn't made it past puberty personality wise. And, about 9% never made it past the terrible twos. That latter group frequently clusters at the extremes of society, for example, in positions where they make and/or break the rules.
Any sufficiently advanced influence is indistinguishable from control.
You cite a BIG part of why I built this (it blocks malicious sites/servers serving malware/malscript, botnet C&C Servers, + ads w/ malicious script) & updates DAILY by 12 reputable sites in the security community with very current data:
---
APK Hosts File Engine 9.0++ 32/64-bit:
http://start64.com/index.php?option=com_content&view=article&id=5851:apk-hosts-file-engine-64bit-version&catid=26:64bit-security-software&Itemid=74
(Details of hosts' benefits enumerated in link)
Summary:
---
A. ) Hosts do more than AdBlock ("souled-out" 2 Google/Crippled by default) + Ghostery (Advertiser owned) - "Fox guards henhouse", or Request Policy -> http://yro.slashdot.org/comments.pl?sid=4127345&cid=44701775
B. ) Hosts add reliability vs. downed or redirected DNS + secure vs. known malicious domains too -> http://tech.slashdot.org/comments.pl?sid=3985079&cid=44310431 w/ less added "moving parts" complexity + room 4 breakdown,
C. ) Hosts files yield more speed (blocks ads & hardcodes fav sites - faster than remote DNS), security (vs. malicious domains serving mal-content + block spam/phish), reliability (vs. downed or Kaminsky redirect vulnerable DNS, 99% = unpatched vs. it & worst @ ISP level + weak vs FastFlux + DynDNS botnets), & anonymity (vs. dns request logs + DNSBL's).
---
* "A fool makes things bigger + more complex: It takes a touch of genius & a lot of courage to move in the opposite direction." - Einstein
(Addons are more complex + slowup browsers in message passing (use a few concurrently - you'll see))
---
** "Less is more" = GOOD engineering!
(Vs. slowing down SLOWER usermode browsers layering on MORE in addons which slow them down more: I work w/ what you have in kernelmode, via hosts - A tightly integrated PART of the IP stack itself)
APK
P.S.=> "The premise is, quite simple: Take something designed by nature & reprogram it to make it work FOR the body, rather than against it..." - Dr. Alice Krippen "I AM LEGEND"
...apk
...that companies don't use 3rd party browsers w/ AdBlock an NoScript installed. At the very least all ad servers should be blocked by proxy, but no company i've worked even does that.
I caught a VP of one of my former employers surfing tumblr for pics of women that flash their tits in public and ONLY that. He was very consistent when looking for these pics. I got wind of it when I was given access to our Solera Deep See box right after being brought in. I monitored his activity for a week then checked his past activity and, sure enough, big tits flashed in public. Used a tool to capture his IE history: Big tits flashed in public.
I've seen execs that liked to search for wierd stuff, and they're all usually very specific on what they surf for.
Fifty watts per channel, baby cakes.
Why are we paying these jackasses so damn much when the average worker is a far better investment?