This Space for Rent

Security Theatre

It's a significant security risk. You can catch malicious links from it (even though the malicious link report was almost six months ago), you can download software from it, and there may be some nudie pictures there.

In any case, it's a serious threat, and my corporate masters are going to drop livejournal into the netnanny "you can't get there from here" content firewall.

In two weeks.

When my corporate masters decided that being able to use outbound ssh was a security risk, they didn't bother to send out a notice. They just blocked all traffic on the spot and didn't say anything until the employees started to howl about it, at which point they fabricated an excuse and sent out a piece of mail saying "we blocked this traffic because it's a security threat."

But I guess it wasn't a serious threat, because if it was they'd be running around saying "we're going to block this traffic Real Soon Now™, so you'd better watch out!!!"

Now, if it was me and I found a serious security threat (like the time I realized that hackers had completely infiltrated the Columbia University network and were harvesting passwords to get onto my network [and from my network into other domains, including ones that ended in .mil,) I'd block access to that security threat immediately, inform my manager, and only then send out a general bulletin that said why I did it.

I was not the most loved network administrator at that job, but by g-d the network was secure. There was none of this stupid strutting about boasting "we're going to make the network safe by restricting access to a single weblog hosting company, but we're not going to do it just yet. So go ahead and download those 3v1l links, software, and nudie pictures for the next couple of weeks, okay?"