[Owasp-Malaysia] Social network sites: Block or not?

David Fetter david at fetter.org
Thu Jul 15 02:17:35 EDT 2010

On Wed, Jul 14, 2010 at 10:21:41PM -0500, Mohd Fazli Azran wrote:
> Hi guy!!,
> Long time not write something for your. Just wanna to share about
> this article. It about *"Should companies block Facebook, Twitter
> and LinkedIn?" . *Should your open or block for Social network. It
> up to you guy. On this article give some opinion.
> www.networkworld.com/community/tech-debate-block-social-networks?source=NWWNLE_nlt_daily_pm_2010-07-13

Whatever benefit you imagine you might derive from treating your
employees like children, you will lose all of it and more because they
resent your heavy-handed tactics.  You'll have created attackers
inside your trust boundary, and nothing's quite as nasty as that, from
every security perspective.

If you want to make a policy about which sites people visit, making
that policy written, clear, in advance, and with reasons enunciated
and questionable is *much* more effective than encouraging your
employees to punch you (and your firewalls, etc.) when you establish
silly and arbitrary network outages.  Trying to block ports and IPs is
stupid, wasteful, counter-productive, and, of course, ineffective.

That said, I find multiple threats and attack vectors from Facebook
itself, which acts pretty much an attacker when it comes to anything a
Facebook user ever connects to.  In the process of violating their
users' privacy, something they have an extensive track record of doing
as a matter of routine, they violate most access control policies.

Stated that way, it's much easier to convince people that Facebook is
a problem.

> Regards,
> Mohd Fazli Azran
> OWASP Malaysia Chapter Leader
> [image: OWASP Malaysia] <http://www.owasp.org/Malaysia>

> _______________________________________________
> Owasp-Malaysia mailing list
> Owasp-Malaysia at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-malaysia
> OWASP Malaysia Wiki
> http://www.owasp.org/index.php/Malaysia
> OWASP Malaysia Wiki Facebook
> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420

David Fetter <david at fetter.org> http://fetter.org/
Phone: +1 415 235 3778  AIM: dfetter666  Yahoo!: dfetter
Skype: davidfetter      XMPP: david.fetter at gmail.com
iCal: webcal://www.tripit.com/feed/ical/people/david74/tripit.ics

Remember to vote!
Consider donating to Postgres: http://www.postgresql.org/about/donate

More information about the Owasp-Malaysia mailing list