Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Porn-Surfing Execs Infecting Corporate Networks With Malware

Soulskill posted about 10 months ago | from the IT-admins-know-your-secrets dept.

Security 151

wiredmikey writes "According to a recent survey of malware analysts at U.S. enterprises, 40% of the time a device used by a member the senior leadership team became infected with malware was due to executives visiting a pornographic website. The study, from ThreatTrack Security, also found that nearly six in 10 of the malware analysts have investigated or addressed a data breach that was never disclosed by their company. When asked to identify the most difficult aspects of defending their companies' networks from advanced malware, 67% said the complexity of malware is a chief factor; 67% said the volume of malware attacks; and 58% cited the ineffectiveness of anti-malware solutions."

cancel ×

151 comments

Sorry! There are no comments related to the filter you selected.

Very disappointing article. (5, Funny)

Anonymous Coward | about 10 months ago | (#45406617)

It doesn't even include any of the URLs to go to!

Re:Very disappointing article. (1)

Anonymous Coward | about 10 months ago | (#45408181)

Execs always demand administrative rights to their machine... No surprise!

malware and porn (1, Insightful)

Anonymous Coward | about 10 months ago | (#45406627)

last time i saw an article about that on /. it was stating how most porn sites have very little malware and most malware comes from stupid wholesome crape like smileys and bars and other retarded crap the mouth breathers think they need to install

Re:malware and porn (5, Funny)

ZombieBraintrust (1685608) | about 10 months ago | (#45406673)

executives must be in to weirder stuff than most mouth breathers

Re:malware and porn (4, Interesting)

Opportunist (166417) | about 10 months ago | (#45407421)

You don't think executives don't NEED those super important "power bars", do you?

And of course execs have admin privs on their PC. They don't know what to do with it, they don't know why they got it, but don't you dare even suggesting taking it from him!

Even as the CISO you get shouted down at the management meeting when you suggest something outrageous like that. What cheek! Those dumb techdroids having higher privileges on his PC than the CEO!

Yeah, we had a good laugh.

Re:malware and porn (2, Insightful)

Anonymous Coward | about 10 months ago | (#45408813)

Most CEOs don't even have all the keys to the factories and plants, and when they need access for whatever reason, they go in with someone who knows what they are doing- just in case they screw something up - press the wrong button etc.

But when it comes to IT - they just love logging in with an account with full domain admin privileges (you could create a different account for them to use if they ever need it - which could be rarely, but no, it has to be their main account).

Safe Surfing (1)

Anonymous Coward | about 10 months ago | (#45406633)

The obvious solution is for corporation to provide safe porn on their internal networks. What could possibly go wrong?

Re:Safe Surfing (4, Funny)

TWX (665546) | about 10 months ago | (#45406983)

The obvious solution is for corporation to provide safe porn on their internal networks. What could possibly go wrong?

I shudder to think of how this'll impact the BYOD policy...

Re:Safe Surfing (2)

Opportunist (166417) | about 10 months ago | (#45407431)

I am more afraid of the sexual harassment problems looming over our heads with the BYOD crap.

Occam's Razor (0)

Anonymous Coward | about 10 months ago | (#45406635)

The razor hard at work.

Re: Occam's Razor (0)

Anonymous Coward | about 10 months ago | (#45407127)

So execs surf porn. And that makes them different ... how?

Re: Occam's Razor (0)

Anonymous Coward | about 10 months ago | (#45407429)

Government Regulations/Sexual Harresment!

Re: Occam's Razor (5, Insightful)

Opportunist (166417) | about 10 months ago | (#45407435)

They don't get fired for it.

It's good to be the king. (3, Insightful)

themushroom (197365) | about 10 months ago | (#45406643)

-- Mel Brooks, "History of the World pt 1"

Re:It's good to be the king. (4, Interesting)

DavidClarkeHR (2769805) | about 10 months ago | (#45406999)

It's good to be the king. -- Mel Brooks, "History of the World pt 1"

Agreed. I'm one of the fortunate ones - my boss actually follows the rules, but I've worked in places where the boss is exempt from basic network security. One was a small business where the boss 'pays the bills', so he got to 'make the rules'.

When his customer database was deleted he fired his IT guy in a fit of anger. He lost a lot of money in a wrongful dismissal settlement, and lost all of his business. It might have been the IT guy who did it - but the lawyers obviously felt that 'I don't need a slow virus scanner' was more likely the cause. Or at least, reasonable doubt.

Re:It's good to be the king. (1)

binarylarry (1338699) | about 10 months ago | (#45407309)

How fucked up was the IT infrastructure that one douche bag running windows without a virus scanner managed to nuke a database and all the offsite backups?

Must have been one hell of a virus.

Re:It's good to be the king. (4, Interesting)

Opportunist (166417) | about 10 months ago | (#45407445)

"Why do we need backups, we have it all here, right? So why do you want to have it there, too? Do you want to steal our customers?"

I was actually asked that once.

Re:It's good to be the king. (1)

mysidia (191772) | about 10 months ago | (#45407433)

'I don't need a slow virus scanner' was more likely the cause.

Wait... that's a true statement. Nobody needs a slow virus scanner. Go get an application whitelisting solution such as Bitlocker, Lumension, or Bit9.

The slowest/most user-annoying of signature-based av such as Mcafee or Symantec have piss-poor detection rates anyways ---- I find possibly 90% of scans of malware yield false negatives (failure to detect). Often, virus signatures will never recognize the malware variant you happened to have gotten, OR.... by the time they're updated; the malware is still there, but no longer detectable.

Agreed. I'm one of the fortunate ones - my boss actually follows the rules, but I've worked in places where the boss is exempt from basic network security. One was a small business where the boss 'pays the bills', so he got to 'make the rules'.

This is when you need to have a discussion with that 'boss'.

Come pre-armed with material to show him/her how he/she is the primary target of hackers, and how extra paranoid security for his/her workstations, is necessary for the organization's success in the long run, and help ensure the computers run smoothly.

Including plans for super hard drive encryption, backups, and software restriction policies, to ensure that only software that's been investigated, will be able to run.

Solution (5, Interesting)

girlintraining (1395911) | about 10 months ago | (#45406653)

and 58% cited the ineffectiveness of anti-malware solutions."

So the majority of experts agree the existing solutions are ineffective. And yet the solution remains the same: Buy more of it.

Re:Solution (0)

Anonymous Coward | about 10 months ago | (#45406711)

When god gives you lemons you FIND A NEW GOD

Or just isolate risky users and computers in an "executive" DMZ

Give 'em a fax/printer and remote access to sharepoint (or whatever the fuck) but otherwise isolate them in a super happy ball pit you can re-image at the drop of a hat

Re:Solution (1)

muphin (842524) | about 10 months ago | (#45406847)

Have you EVER tried to get time on execs machine? good luck, let alone removing their access to their network drives... yeah you will be out of a job.. they would say, your our IT you fix it.

Re:Solution (0, Funny)

Anonymous Coward | about 10 months ago | (#45406993)

I'd rather be out of the job than stuck between "I need access to EVERYTHING for no goddamn reason" and "ME COMPOOTER IS BOKE-BOKE AGAIN FIX IT A+ PRIORITY ONE"

Re:Solution (4, Funny)

girlintraining (1395911) | about 10 months ago | (#45407073)

I'd rather be out of the job than stuck between "I need access to EVERYTHING for no goddamn reason" and "ME COMPOOTER IS BOKE-BOKE AGAIN FIX IT A+ PRIORITY ONE"

Ah. The naitivity of youth. So refreshing. And yet they wonder why nobody hires them.

Re:Solution (0)

Anonymous Coward | about 10 months ago | (#45407109)

30+ years infrastructure teaches you not to give power to dumb people; be they execs or network engineers...

Re:Solution (1)

Billly Gates (198444) | about 10 months ago | (#45407301)

This is your bank. You gonna pay me or what!

You have until the end of the month to come up with the money or I will repo your car.

Maybe you shouldn't of told that guy who paid your bills to fuck himself when he demanded it high priority? Not my problem as I get your car and will auction it either way at the end of the month if I do not have my money etc.

Re:Solution (1)

TWX (665546) | about 10 months ago | (#45407021)

Why would you ever have to touch their computer? Put up a sacrificial server with a virtual host running Samba, and modify their login script and group to have them interface to this virtual host. Have something on the virtual host analyze and sanitize their crap, and physically isolate their network services so that they're not on the same network as everyone else. Give them their porn and keep them off of the corporate network.

Re:Solution (2)

Billly Gates (198444) | about 10 months ago | (#45407319)

Why would you ever have to touch their computer? Put up a sacrificial server with a virtual host running Samba, and modify their login script and group to have them interface to this virtual host. Have something on the virtual host analyze and sanitize their crap, and physically isolate their network services so that they're not on the same network as everyone else. Give them their porn and keep them off of the corporate network.

Right because executives never need to share files with the rest of the teams in the company. It is not like they have important things to do all day or anything

Re:Solution (1)

TheRealMindChild (743925) | about 10 months ago | (#45407583)

Where is that server going to come from? Thin air? Where is the time going to come from to implement that? Your free time. How about when it doesn't work so well and there is a sales meeting in 3 minutes?

Re:Solution (1)

Anonymous Coward | about 10 months ago | (#45407351)

Until you point out to the CFO how much those who are violating corporate policy are costing the company. Shit gets straightened out right quick then.

Re:Solution (1)

Billly Gates (198444) | about 10 months ago | (#45407345)

What a truly ignorant statement. 96% of infections are covered according to the experts. Just because 4% get in doesn't mean it is 100% ineffective and useless. I see many malware programs all the time from people who say they are clean.

It is not 10 years ago where an infection slows it down. Today it is quiet and quick on purpose as your bank account numbers and credit card info gets sent to Russia quietly.

Re:Solution (1)

mysidia (191772) | about 10 months ago | (#45407447)

So the majority of experts agree the existing solutions are ineffective. And yet the solution remains the same: Buy more of it.

Was the research study funded by security companies, that may be involved some way in the antimalware business?

Re:Solution (4, Insightful)

Opportunist (166417) | about 10 months ago | (#45407527)

Does Antivirus software get everything? Hell no. Is it useless because of it? No, far from it.

The world is not black and white and neither is security. I mean, by the same logic you could say that anti-drug laws didn't work, so let's abolish them. Police didn't arrest every murderer out there, away with it. And since doctors fail at saving every patient, shut down those hospitals.

Would that be stupid? Of course it would be. No, anti malware programs do not catch everything. But even the worst of them (interestingly named after its currently quite mobile founder) finds about 95% of the threats. Yes, that means that one out of 20 attacks could bet past it. But the other 19 do not!

Not to mention that the best security system is powerless against user stupidity. I think I pull that link every time we're discussing this, but it just was true, is true and probably will be true forever until I find a way to kill clickmonkeys via internet: Given a choice between dancing pigs and security, users will pick dancing pigs every time [wikipedia.org] . There is exactly NO way how you can secure a system against a clickmonkey that has admin privs. And those idiotic execs do! Not that they need them or know how to wield them, but they want that "in control" feeling. Needed or not.

The very LAST thing I want is any kind of privileges beyond the bare minimum to do my job. Simple reason: Credible deniability. What I could not do, I most certainly did not do. Your database is missing? Could not have been me, I can only enter data but I can't delete or edit anything. Go look elsewhere for your culprit.

But back on topic. Statistic is a multi-layer system. Relying on only one part of security is simply dumb. There is no such thing as 100% security. It's a myth. Like 100% uptime. You can lower the chance for a security breach, with technology (firewalls, antivirus), with policies (least privileges, secure processes) and a few other things. And yes, hence the solution to security is more security. Well, within reason and at sensible points, of course, but the solution can't be "can't stop it, so why bother trying?"

Re:Solution (2)

triffid_98 (899609) | about 10 months ago | (#45408583)

No, anti malware programs do not catch everything. But even the worst of them (interestingly named after its currently quite mobile founder) finds about 95% of the threats. Yes, that means that one out of 20 attacks could bet past it. But the other 19 do not!

If my own corporate experience with antivirus/antimalware tools is any indication they actually find 120% of the threats.

How do they do that you say? By flagging legitimate files as malware and trojans. It's a very real problem for small software development houses. Even if you can get your application whitelisted by the offending scanners (not easy), chances are the next revision of your build will get flagged the same way.

That doesn't mean that they won't let malware through, it just means that they use fairly conservative heuristics in addition to file signatures. It's definitely possible to fool them.

Re:Solution (0)

Anonymous Coward | about 10 months ago | (#45407677)

Of course buy more of it - hey, 58% + 58% = 116%, doesn't it?????

Re:Solution (0)

Anonymous Coward | about 10 months ago | (#45407989)

And yet the solution remains the same: Buy more of it.

Says who? The guy with the beard never tells you stuff like that.

So, in other words, they violate basic IT policy (5, Insightful)

generic_screenname (2927777) | about 10 months ago | (#45406679)

The top threats listed in TFA are all common-sense things to avoid with work machines. (Visiting porn sites, letting family members use equipment, installing malicious mobile apps, and falling for phishing emails.) There is a reason us IT folks tell people not to do these things at work.

Re:So, in other words, they violate basic IT polic (4, Insightful)

idontgno (624372) | about 10 months ago | (#45406829)

And there's a reason why the executive suite doesn't listen:

"You're not the boss of me!"

(Supported by "If anything does happen, it's your fault anyway.")

Re:So, in other words, they violate basic IT polic (2)

boristdog (133725) | about 10 months ago | (#45406917)

I was the execs personal IT support (not my job, but hey) in the last company I worked for.
One day the CEO brought his "wife's" laptop for me to fix because it was really slow.

I had never seen so much and so varied porn on one persons computer before. I learned so much back then...

Re:So, in other words, they violate basic IT polic (1)

mysidia (191772) | about 10 months ago | (#45407497)

(Supported by "If anything does happen, it's your fault anyway.")

No... this is when you bring them a paper; "Please sign here that you agree that you will have exclusive responsibility for the security of this workstation which will be excluded from the security rules --- you understand the risk, and the concerns of the IT department, attempting to maintain due care with regards' to the security of the organization's assets and proprietary and sensitive information."

Copy in triplicate; keep a copy for your personal files.

Re:So, in other words, they violate basic IT polic (1)

Opportunist (166417) | about 10 months ago | (#45407563)

What you need in this case is a CISO with a hell of a backbone who cares more about doing his job than about keeping it.

In other words: Good luck.

Re:So, in other words, they violate basic IT polic (1)

mysidia (191772) | about 10 months ago | (#45407459)

There is a reason us IT folks tell people not to do these things at work.

PERHAPS; it would be more credible if IT folks would actually explain a plausible reason, every time they tell people not to do something.

People will assume you're telling them not to surf porn, because it's against the rules, or because you in IT feel that is immoral, and maybe you warn them about "malware" as a scare tactic to try and keep them doing what you want them to do, instead of what they want to do.

Re:So, in other words, they violate basic IT polic (0)

Anonymous Coward | about 10 months ago | (#45408175)

This sounds great on theory, but in practice the users think you re jet making risks up to scare them into complying. The reality is that most users who are in positions that earn the company money do not know or care how their computers work.

Re:So, in other words, they violate basic IT polic (1)

LoRdTAW (99712) | about 10 months ago | (#45407609)

Management and bosses aren't peons and want carte blanche when it comes to IT. At my work we had a problem with people using facebook and porn. Its a small shop with about 20 PC's and there were only two culprits: the office "manager" who spent her entire day on FB and a skeevy shop worker who used his PC for porn. The office manager tried to hide her addiction but she was caught time and time again with FB open. She once had the nerve to tell an overworked and overloaded secretary that she was too busy to help her when in reality she was on FB. At least the skeevy shop guy didn't give a shit. You could walk by his machine and see him sitting there watching the sickest shit imaginable. The worst was when he showed me this clip of a quad amputee getting gangbanged by 10 or so guys. He had no shame.

So those two clowns earned the entire shop a Barracuda internet filtering device (a total PoS) at the bosses demand. I opted myself out of it and gave the general manager a very relaxed filter which I think only blocked porn. The boss wanted to "play with it" so I had to give him the password (how can I say no when he paid for it)? So he granted himself full access and of course I was in his office a week later cleaning malware off his PC (because you know, he is the boss and locked down security policies don't apply to him). My money is on porn.

And the barracuda was no picnic. It crapped out every week needing a re-image. And there were times when the filter blocked legit sites because they were listed as a blocked category when they weren't (eg a commercial vendor site marked as entertainment). Then there were times it simply needed a reboot when the internet speeds came to a crawl. They fired or should I say forced out the office manager and the skeevy shop guy got paranoid when he thought the boss was watching him watch porn. So after only six months I canned the barracuda as all it did was create more problems than it solved and the problems went away.

Big Picture (1)

TheCarp (96830) | about 10 months ago | (#45408777)

Lets not forget the big picture here. While they may be violating IT policy, possibly opening the network up to many infiltration risks, and potentially costing many hours of lost productivity across many departments; this is all true.

The fact is, before internet porn, they were spending their time between meetings giving HR headaches with torrid office affairs and sexual harrasment lawsuits.

Believe it or not, this is cheaper.

Flash Update Scam (1)

Anonymous Coward | about 10 months ago | (#45406703)

It gets 'em every time.

Re:Flash Update Scam (1)

Anonymous Coward | about 10 months ago | (#45406911)

Well, when even Google tells people that their software needs to be updated, without being asked, then of course people will eventually believe that a web site is an acceptable channel for that kind of information. You can tell people that they should never heed the warnings of a web site as often as you like: Your authority does not come close to Google's clout. It is like banks embedding links in their emails: When the good guys make themselves look like the fraudsters, then the fraudsters start looking legitimate.

"in bed" (0)

Anonymous Coward | about 10 months ago | (#45406747)

When I read these stories on slashdot about some random drive by viruses/malware these users are picking up it always reminds me of the joke where you add "in bed" to the end of a sentence because all these stores are for windows and not linux and probabaly not apple either.

So if the submitter won't doi it, or the slashdot editors won't do it, the next time you read about malware infecting a bunch of users computers don't forget to add "in windows" to the end.

Re:"in bed" (1)

internetcommie (945194) | about 10 months ago | (#45407221)

Of course, the pr0n-surfing executives who cause the malware infestation are exactly the same executives who decided the company will not switch to Linux. Probably because they're afraid there's fewer boobies to look at there? ;-)

The real problem (1)

shentino (1139071) | about 10 months ago | (#45406815)

Is executives trying to claim sovereign immunity to IT regulations.

I doubt those of lower rank would be given anything but a pink slip if they were caught doing the same thing.

Re:The real problem (2)

Opportunist (166417) | about 10 months ago | (#45407619)

Pretty much this.

One of the core reasons this problem exists in the first place is that execs insist that the rules don't apply to them. Oh sure, we have insanely tight corporate rules concerning computer usage... but of course not for C-Levels, certainly not. And their secretaries (who are collectively ignorant enough to be a security crisis all by themselves) have to be exempt, too. And while we're at it, we not only need to bypass the firewall entirely but we also need administrative privileges on our machines.

Trying to explain to them that it is a security nightmare what they're asking for doesn't help at all. This isn't about rational, logical reasons. It's purely about entitlement. Rules only apply to the plebs beneath me, but never to me. And when (not if, when) the crap backfires eventually, we'll certainly find some scapegoat to sacrifice.

Re:The real problem (2)

mysidia (191772) | about 10 months ago | (#45407663)

Is executives trying to claim sovereign immunity to IT regulations.

Perhaps.... but this is one of the reasons IT security cannot be built from the bottom up.

IT security inherently requires management buy-in, and management has to be made to understand about leadership by example. They must be sold on it. If they themselves can't adhere to it, then they sure aren't sold on it! How could they expect their hired help to be sold on it, if they don't even agree with it?

If the manager or their family don't follow the same rules, then they are teaching other people not to follow the rules either.

Just like the family grocery store, that lets the owner's wife do her shopping, and take the goods out the back door without having to pay retail price.

The cost to the store is much higher than the price of the goods; it includes the opportunity cost, lost chances to make up for the cost, lost profit.

Customers will see it. Employees will see it. It will lead to more losses.

It will instill in the manager, their family, and those around them, an attitude that will destroy the business.

Note that Slashdot can be just as dangerous (0)

Anonymous Coward | about 10 months ago | (#45406819)

Remember, the spooks don't care what site they spoof to infect your system when they're doing industrial espionage.

Not necessarily the executives (0)

Anonymous Coward | about 10 months ago | (#45406873)

I know many executives who let their family use their company computer for home use.

Porn! (1)

wrackspurt (3028771) | about 10 months ago | (#45406901)

As old as graffiti as new as twitter. Ubiquitous, indomitable, insatiable.

OS Design failure (2, Interesting)

ka9dgx (72702) | about 10 months ago | (#45406931)

So, none of this mentions the lack of a proper security design in the Operating System. When someone says run a program, it let it use this much ram, this much cpu, and this folder.... that should be it.

But no existing commodity OS lets you do that, does it? Until capability based security becomes the norm, this will never be fixed, and information security jobs will flourish.

Re:OS Design failure (0)

Anonymous Coward | about 10 months ago | (#45407227)

If you're using *nix, you can put processes in chroot [wikipedia.org] jail, which is exactly what you're describing.

In Windows, browsers can run in sandboxed mode with effectively does the same thing. If they're compromised, theoretically the attack is limited in its abilities. It's unfortunate how many people cry "LOLZ UAC ON WINDOZE IS DUMB U SHUD TURN IT OFF," because having UAC enabled does a shitton more than just prompt for admin privileges. Disabling UAC also disables sandboxing for the browser (which is a decision I don't fully understand or agree with).

Re:OS Design failure (0)

Anonymous Coward | about 10 months ago | (#45407239)

Indeed...no commodity OS protects absolutely from infection or data leakage either. That Capability-based security will have to be extensible, too, with flexible response by the system owner when policy is violated.

Re:OS Design failure (0)

Anonymous Coward | about 10 months ago | (#45407493)

So, none of this mentions the lack of a proper security design in the Operating System.

Yep, that's a big problem. Modern OSes (particularly Windows, OS X, iOS, and Android) are all DESIGNED to leak personal information to corporate harvesters. With OSes that are DESIGNED to be insecure, malware isn't going away any time soon.

Re:OS Design failure (1)

Nemyst (1383049) | about 10 months ago | (#45407557)

I hope you realize most malware these days uses exploits... You know, bugs which were not planned for and thus can mean the circumvention of the entire security system. Your solution is no less vulnerable to a simple bug which, until it gets squashed, could let a malicious application through the net. Despite sandboxing, multiple security layers, countless detection algorithms and heuristics, malware still manages to go through, so I doubt the solution is as easy as what you're claiming.

Re:OS Design failure (1)

Kielistic (1273232) | about 10 months ago | (#45407569)

Perhaps it doesn't exist because making a usable system "secure" in every variable definition of the word is impossible.

Re:OS Design failure (1)

TheRealMindChild (743925) | about 10 months ago | (#45407627)

How well is that going to work for your file browser? If it is sandboxed/chrooted to its own folder structure, there isn't much to browse, is there? Ok, so open it up a bit, you say? Share it with the folders of app x, y, and z? But app x shares folders with app a, b, and c! And app y shares folders with d, e, and f...

Re:OS Design failure (1)

Opportunist (166417) | about 10 months ago | (#45407643)

No OS can protect you against user stupidity. When the user says "execute program", the OS can yell ten times how unsafe it is and how much this is a virus, when the user overrides it all it accomplishes is to annoy the user.

He needs administrative privileges to do that you say? And he doesn't need them to do his job you say? I agree. The C-Level in question does not. Since you can't fire him but he can fire you, guess who gets his way.

Re:OS Design failure (0)

Anonymous Coward | about 10 months ago | (#45408523)

Virtual machines allow you to do all of that and more. This comment written inside a VM with a fixed disk image with 1 processor and 2GB of RAM allocated to it.

Re:OS Design failure (0)

Anonymous Coward | about 10 months ago | (#45408655)

So, none of this mentions the lack of a proper security design in the Operating System. When someone says run a program, it let it use this much ram, this much cpu, and this folder.... that should be it.

But no existing commodity OS lets you do that, does it?

iOS and Android support this.

Mac OS allows a program to do this (Google for "mac seatbelt"), but the program must opt-in. Some day they might allow you to run only programs that opt in, but not today.

This is very hard to do on Windows. The Chrome sandbox does it, but only by hooking semi-documented NT API calls (such as NTCreate(), NTOpen(), etc.

Solaris and AIX have had this forever. Linux has not caught up. The best you can do is a chroot jail to limit file system access, and there are known ways to break out of one.

Do different rules apply to senior managers? (5, Insightful)

grahamsaa (1287732) | about 10 months ago | (#45406937)

I've never understood why people do stuff like this. Years ago I recovered data from a CFO's laptop, only to find the thing filled with porn. Senior managers generally make enough money to have personal devices to look at porn on -- why do they risk the embarrassment of being discovered misusing company resources? I guess now that I think of it, the CFO in question wasn't fired (or even really disciplined) for this, as far as I can tell, so maybe senior managers just think that they're important enough that rules and common sense don't matter. If the laptop had belonged to a lower-level employee, he or she probably would have been disciplined.

Re:Do different rules apply to senior managers? (1)

Anonymous Coward | about 10 months ago | (#45407513)

Because they can.

Re:Do different rules apply to senior managers? (1)

Opportunist (166417) | about 10 months ago | (#45407701)

My guess would be a misplaced feeling of entitlement combined with turf war mentality. Combined with a pretty comfy security that they won't get fired over something as trivial as surfing porn.

Senior managers are a bit like little kids. They have no real worries in life and they have nothing really important to do, so they start a bling war. Who got the better car, who gets the better parking space at work, who has the secretary with the bigger hooters and so on. Of course this entails the feeling of needing certain privileges. If the rules do apply to others but not to you, you're "better" than them. He does not need administrative privileges on his PC, he also wouldn't know what to do with it anyway, but not having it is out of the question because the other manager one door down from him got his IT-goon to give it to him, so he needs them too! Plus, it is totally out of the question that some lowly IT-admin has the right to do anything that he has not.

If you're looking for the reason why industry espionage is so successful, this is your answer. Because he has it all. He has the time to surf around, he has the privileges to infect his computer and he has access to the juicy information about the company.

Re:Do different rules apply to senior managers? (1)

Patent Lover (779809) | about 10 months ago | (#45408151)

Oh you silly Slashdotters. The CFO certainly has a reasonable golden parachute. He probably has gold digging wife at home that would be really pissed off if he were caught watching porn. Thus, just watch it at work. Worst case, he gets fired and paid off. He'll move on to another company. Rinse and repeat.

Re:Do different rules apply to senior managers? (0)

Anonymous Coward | about 10 months ago | (#45408195)

-- why do they risk the embarrassment of being discovered misusing company resources?

Because a large percentile of them are sociopaths who believe they are immune to discovery or punishment(they'll just lei convincingly that it's your problem to his boss), since they are "above you".

Re:Do different rules apply to senior managers? (0)

Anonymous Coward | about 10 months ago | (#45408595)

I think you're making a big assumption that they would be "embarrassed" by it. My CTO literally called a company-wide meeting* once to show everyone some nude/sex pics that were emailed to him.

* "Hey everyone, come look at this shit someone just sent me!". We're a one-room company (although we have moved to a bigger room than when this happened). Since we're such a small company, we have no HR department - the CTO has been (jokingly) recommended for the position.

Leadership? (0)

Anonymous Coward | about 10 months ago | (#45406953)

member the senior leadership team

Bwahaha! "Leadership". That's a good one.

NP (0)

Anonymous Coward | about 10 months ago | (#45407019)

And executives visiting suspicious porn websites is, obviously, not a problem whatsoever

Lets turn this around... (2)

wjcofkc (964165) | about 10 months ago | (#45407069)

If employees were bypassing security, and getting their machines and the network infected en-mass via porn. One of two or both would happen:
A. A very stern email would go out to all employees regarding the issue.
B. A whole lot of employees would get canned.

Since it's executives, there will be no scolding or even talk of it. Not to mention their security for no good reason is low, so they access anything they want on the internet. It will just keeping going on. After all, this is hardly news. It's well known (at least in support) that executives have been infecting their machines and the network by the sackful for ages. When I did internal corporate IT support, I personally saw it. Over and over and over. The standard course of action? Remote into their machine, silently remark at the sheer number of porn related icons on their desktop, start removing things (toolbars too), climb around in the registry fixing all the damage the porn did, patch anything I had to, and then disconnect - walking away from the whole matter without a word. Also, these events were never properly documented to protect the executive, and therefor my job. The funny thing is, a lot of the higher ups would watch me while I was remoted into their machine, seeing everything they had been up to - they truly didn't give a shit due to their level of authority. I sometimes wondered if they got off on it. No shame at all.

Not 40% of Execs (1)

neonv (803374) | about 10 months ago | (#45407151)

This is not 40% if executives infecting phones. In fact, based on the article, we don't know how many execs get malware on their phone. However, out of that total unknown percentage of execs with malware, 40% of them get their malware from porn sites. The summary is using a method of lying with statistics, letting the reader infer something that isn't true by showing a similar true statistic.

This statistic wasn't even the point of the article, but rather that breaches are not being reported by companies.

http://yourbrainonporn.com/ (2)

blahbooboo (839709) | about 10 months ago | (#45407213)

http://yourbrainonporn.com/ [yourbrainonporn.com]

All that needs to be said...

Good God (1)

sjames (1099) | about 10 months ago | (#45407339)

I really want to say "UNBELIEVABLE", but it's all too believable.

Apparently it's just too much to ask that some jackass making over a million a year show a tiny little bit of emotional maturity and/or professionalism and NOT view porn at work. More is expected of teenagers at their first minimum wage job than that.

Why porn sites and malware? (1)

swb (14022) | about 10 months ago | (#45407343)

Why do porn sites have more malware than other sites?

It stands to reason that porn on the internet shouldn't have any more to do with malware than sports on the internet. Both are popular with about the same demographic and both are providing an entertainment product.

By now, considering the money associated with porn and the relative competiton, porn sites should be like any other site selling entertainment, wanting to maintain a "safe" shopping experience for their customers lest they take their entertainment dollar to a competitor who will provide that experience.

Is it all tied to the shame of sex? You can rip someone off looking for erotica because it's dirty and they won't tell, but if you rip them off selling them something else they'll bitch to their friends but not be embarassed about watching sports, for example?

This kind of makes sense, but at the same time, it runs against the profit motive of a porn site operator who has more incentive to sell you a recurring subscription and keep you as a customer than earn 10 cents providing a malware download and chase you away.

Re:Why porn sites and malware? (1)

anyanka (1953414) | about 10 months ago | (#45407401)

It's because execs don't want to pay for porn, so they end up on the bad side of the webs, where free porn is used to lure people to malware sites.

Re:Why porn sites and malware? (1)

Zapotek (1032314) | about 10 months ago | (#45407631)

Seems easier to setup a porn website to serve malware than a sports one. Not much need for coherence of content in porn, just random pictures/videos of naked people; plus, it really catches the eye.

Re:Why porn sites and malware? (1)

Opportunist (166417) | about 10 months ago | (#45407741)

My guess is that with porn sites and infections it is much like in RL with STDs. There are not really that many infected porn sites, but people tend to move around and switch frequently, hence eventually catching something.

Stay faithful to your porn page and you will be fine. Ramen.

Re:Why porn sites and malware? (1)

Cajun Hell (725246) | about 10 months ago | (#45408071)

Why do porn sites have more malware than other sites?

Simple, really. Tell a sports fan, "Save as. Wait. Type 'mount' and press enter. No, in the other window. Mount. Yes. Does your /home say noexec next to it? Yes, in parenthesis. I don't care about nodev, I asked about noexec. Oh, good. JUST A MINUTE, this won't take long if you just do what I say. Save as, malware.sh in your home directory. Your home directory. Now, type 'chmod +x malware.sh' Yes. Yes. No, chmod. C as in Catcher. H as in Halfback. M as in Mitt. O as in Outfield? What?! Too much work? Look, I'm sorry, but if you want your sports, then you -- hello? HELLO?"

Now tell a porn surfer, "Save as. Wait. type 'mount' and press enter. Does your /home say noexec next to it? Ok. Save as, malware.sh in your home directory. Now, type 'chmod +x malware.sh' C as in Cunt. H as in Hot. M as in MILF. O as in Orgasm. D as in Dirty. Yes. Plus X. Now type 'sudo ./malware.sh'. Yes. Your password. No, your own password. Yes. Yes. AHA!!! GOT YOU! YOUR COMPUTER IS MINE!!!"

See the difference?

Let's create a list (0)

Anonymous Coward | about 10 months ago | (#45407353)

Let's create a list of malware free porn sites and call it executive porn-hub ~^x^~

Re:Let's create a list (1)

Opportunist (166417) | about 10 months ago | (#45407751)

OMG, we'll make billions with the targeted ads.

You get the domain registered, I hire the coders. Maybe we should find a few execs to harvest the pages.

Oh. And there go our billions...

what exactly is a "visit" to a porn site (1)

sribe (304414) | about 10 months ago | (#45407379)

I was once googling for "evacuated cylinder solar collector", and cmd-clicking all the links to open a batch of tabs to vendors of such. A few dozen tabs in, I looked over at my secondary monitor, and it was filled with a porn site. So you see, I "visited a pornographic site" that day.

Re:what exactly is a "visit" to a porn site (2)

Opportunist (166417) | about 10 months ago | (#45407759)

Well, if you're googling for such perverted stuff, it's your own damn fault!

Re:what exactly is a "visit" to a porn site (1)

TheNastyInThePasty (2382648) | about 10 months ago | (#45408139)

I was once googling for "evacuated cylinder solar collector",.

Holy cow, that's some nasty porn!

Re:what exactly is a "visit" to a porn site (1)

zippthorne (748122) | about 10 months ago | (#45408797)

The problem is the latency - you needed to cmd click all those pages because clicking and hitting the back button to click the next link doesn't work. First, your browser wants to refresh the original page every time because...why again?

Then, each page has a ton of 3rd party includes that break the page layout if they don't load in the right order (and have their own... 4th party, I guess.. includes, which are computed on the fly, so you have to run some of the js before you can even find out you're missing stuff, and it's always the slowest ad servers, too) to slow things down nice and good.

So you did what anyone with half a brain would do upon discovering tab functionality. Abuse it as a pre-fetch and pre-render system to maximize the resource you care most about - your own time.

Throw the bums out (1)

TheloniousToady (3343045) | about 10 months ago | (#45407419)

Any executive who gets a virus from a porn site instead of a hooker is grossly incompetent and should be fired.

Oh yes. (2)

clickclickdrone (964164) | about 10 months ago | (#45407499)

I work in a major Bank and the support staff tell me the senior execs are all kept in a separate isolated LAN, not because of the security of the documents they work on but because they access so much porn and torrents etc that their bit of network is riddled with crap that needs daily cleaning up. And some of the porn is very much in the jail time category.

Re:Oh yes. (2)

z0idberg (888892) | about 10 months ago | (#45407893)

The support staff are either full of shit (which is the most likely scenario) or breaking the law themselves by not reporting this "jail time category" porn.

And if they are more concerned with keeping their job than reporting it they are in the same low-life category as the execs accessing the stuff.

Tyrants (1)

Anonymous Coward | about 10 months ago | (#45407531)

Yep, above the law, above company policy...these modern lords "tax" by paying woefully less to the peons than their labor is worth (usually less than half the profit created by said peons is returned to them) . A majority provide only the "leadership" of following the latest trends from books or from successful start-ups...except the execution is typically poor because they try to do it cheaper. Anyone who has worked for a corporation probably recognized the enthusiastic rantings every time some new initiative comes down the line...full of bluster, slogans, posters...and little substance.
The primary qualification for most executive positions is to be found on their facebook/rolodex/speed dial list: who they know.

And for this, they seem to ever more see themselves as superior.

And so they jack off to internet porn behind a desk that costs more than they're willing to pay their employees in a year.

Mangagement style (5, Funny)

PopeRatzo (965947) | about 10 months ago | (#45407545)

These porn-surfing execs are just taking a more "hands-on" approach to management and want to make sure they have a firm grasp on their critical infrastructure.

It gives new meaning to The Peter Principle.

df (-1, Flamebait)

sdsfdsfsd (3428663) | about 10 months ago | (#45408395)

Support Athos perspective Dousheng, effortless days which thrown the layer regarding fantastic lighting broke, Fengrui severe. (See part Gladius planet the most up-to-date improvements, make sure you Baidu look for, or one on one insight) (have a look at your specialist about the novel,) online world. Relate Articles: [url=http://www.bagguonline.com/]VintageGucciBags[/url] [url=http://junuoman.com/]DiscountFendiHandbags[/url]

Re:df (-1, Flamebait)

sdsfdsfsd (3428663) | about 10 months ago | (#45408415)

"Boom, mastery rolling, your situation out of the blue modified, in fact horizon Huoshao gated off with a level of Phnom Penh, the particular summit of Mount Athos eyesight Dousheng, straightforward nights whom shoved any level associated with glowing light burst open, Fengrui intense. (Notice part Gladius entire world the most recent updates, please Baidu search, as well as immediate input) (please see the particular specialist on the story,) www.
Relate Articles:
christianlouboutinoutletstore [bagguonline.com]
cheapguccibags [junuoman.com]

I'm guilty as charged; but not infected (0)

Anonymous Coward | about 10 months ago | (#45408493)

I was smart enough to ensure my technical advisor was competent and would refuse to support Mac OS X or MS Windows.

hmm and for that matter any and all non-free software.

get a linux box (3, Insightful)

cyfer2000 (548592) | about 10 months ago | (#45408495)

For the pron, get a linux box please!

It's been this way for longer than a decade (0)

Anonymous Coward | about 10 months ago | (#45408573)

middle management execs are nasty.

True. (1)

Anonymous Coward | about 10 months ago | (#45408691)

I have a family member who is a VP at a top 100 company. I've spoken to him and he mentions that they don't worry about IT coming
after execs that high up and porn. I was shocked and tried to warn him that it just gives the company a good out if something should
happen, yet he continues to surf porn. As I work in IT and as one of my former jobs was to monitor the midnight biology lessons that
would take place and report on them, I found this both disturbing and pissed me off. Here I am busting my ass to keep the company
safe yet these blue chip twats were sodomizing the company and my work.

Is this because of downloaded executables? (1)

Animats (122034) | about 10 months ago | (#45408819)

Is this because porn sites are serving actual exploits that use Flash or browser bugs, or because people downloaded and ran .exe files?

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>