Kisama's Techdirt Profile

Kisama

About Kisama

Kisama's Comments comment rss

  • Apr 26, 2018 @ 05:44am

    This is what it looks like when your cops are not assholes

    Const. Ken Lam in Toronto was also recently in a tense, uncertain and rapidly evolving, situation. He apprehended his suspect without firing a shot.

  • Jun 15, 2016 @ 10:01am

    I used to agree...

    But now I think this is a brilliant idea. My thinking here is if this opens the door to suing the manufacturers of the AR-15 rifle for the Orlando attack and all the other mass shootings for their "material support" then it's for the greater good.

  • May 12, 2016 @ 11:06am

    Re: Let's fix the blame where it belongs

    Good points. Yahoo, Gmail and Hotmail are much better now than they were 10 years ago.

    Regardless, their license agreement is pretty clear: use our services at your own risk.

    The IT Security guy at the House can only assume that those sites are "mostly harmless" for the most part until evidence presents itself which points to the contrary. Thus he will take precautions accordingly to mitigate the risk.

    He can't hold them accountable for malware infecting the House network any more than I can blame my ISP for my home computer being infected by my 10 year old.

  • May 12, 2016 @ 10:59am

    Wait I almost forgot.

    With respect to those users who elected to turn off their wifi to bypass the website block.

    If they were using their own personal phones, then they are doing so at their own risk. If they are not using them to access corporate data then the best case scenario is their personal phones get hit with malware and they have only themselves to blame.

    On the other hand, if they were using corporate phones and opted to turn off their wifi so they could access the blocked site, that opens up a whole can of worms.

    Because if they were notified that the site was being blocked and still went ahead and bypassed the network security AND that turns out to be a vector by which the corporate network gets infected, then those employee risk losing their jobs.

    If they did so after reading Ted Henderson's message which gave them instructions on how to bypass their network security, --- see the language I'm using here, yes that's exactly what might have just happened --- he may be held liable. Techdirt might also be partially liable thanks to your sage advice Mike. We'll let the lawyers figure it out.


    If Ted Henderson is reading this, he better damn well be writing an email to all his users that reads:

    "FOR THE LOVE OF ALL THAT IS HOLY IN THIS WORLD, PLEASE LISTEN TO YOUR CORPORATE IT SECURITY STAFF AND DO WHAT THEY TELL YOU."

    Because that's what I would be doing right now if I were him.

  • May 12, 2016 @ 10:43am

    This is probably one of the worst articles I've ever read.

    1. APT is pretty nasty stuff to have to deal with. You don't want that getting into your environment.

    2. One cannot selectively block yahoo accounts in yahoo mail, gmail or Hotmail for that matter. You either allow access to the whole domain or no access at all.

    3. This is not going nuclear as you call it. Going nuclear is shutting down all access to the internet completely.

    4. Users in any government office are granted access to personal mail websites as a courtesy. It is not their right. They are made well aware of this in the form of an network acceptable usage agreement they must read and sign prior to being given access to the corporate network. They have no right to bitch.

    5. Obviously you're some kind of expert in holistic Security and Threat management if you can deem this situation is a case of over-reaction without any knowledge of the tools at their disposal, or their processes and procedures.

    5a. Hell you don't even know if they've already encountered infected systems at this point.

    5b. Anyone with a shred of IT security knowledge will tell you anti-malware is always behind the detection curve. Any IT manager worth the paper their resume is printed on is going to operate their shop from that stand-point and err on the side of caution. BECAUSE...

    5c. While you likely don't have any accountability for anything you write, the IT Security Manager at the House of Representatives probably will have to answer to his boss for the entire environment getting hosed with a zero-day APT.

    5d. I will also guarantee there is a threat and risk assessment in said manager's hands that says the House of Representative's network is a target rich environment with a whole list of hostile actors with high motivation. See where I'm going with this? No you don't because you're not an IT security expert. See point 6.

    6. If we replace the words "it seems odd to me" in this article with "Now I don't know anything about this field other than what I just read in Wikipedia ten minutes ago" that pretty much sums up the content.

  • Aug 13, 2013 @ 10:32am

    To put this in another context, let's say the copyright industry wanted to obtain a complete copy of firewall logs from an ISP because they suspected some of the ISP users were pirating movies. The request to obtain all of the firewall logs would be thrown out by the judge because while there may be some data in the logs that is relevant to the investigation (maybe one or two users were in fact pirating movies) there would also be a ton of other information (the majority of the regular data from the rest of the users) that they would also obtain that is not relevant at all to the complaint.

    What's the difference between the Government and the Copyright Industry? The Government is in a position to enact legislation that bypasses the legal process and the Copyright Industry is not.