[Owasp-Malaysia] Social network sites: Block or not?

BRIAN RITCHIE esqbrianritchie at gmail.com
Thu Jul 15 02:20:56 EDT 2010


I am gonna echo David on this. Trust me, if you have me as an employee and
you block Twitter/FB, I'll find a way through and probably puncture more
holes in your infra. I'd rather you allocate certain hours/time limits per
day for stuff like this like Creative Malaysia ( Sound system) does. Very
interesting approach.

-BRIAN RITCHIE

On Thu, Jul 15, 2010 at 2:17 PM, David Fetter <david at fetter.org> wrote:

> On Wed, Jul 14, 2010 at 10:21:41PM -0500, Mohd Fazli Azran wrote:
> > Hi guy!!,
> >
> > Long time not write something for your. Just wanna to share about
> > this article. It about *"Should companies block Facebook, Twitter
> > and LinkedIn?" . *Should your open or block for Social network. It
> > up to you guy. On this article give some opinion.
> >
> >
> www.networkworld.com/community/tech-debate-block-social-networks?source=NWWNLE_nlt_daily_pm_2010-07-13
>
> Whatever benefit you imagine you might derive from treating your
> employees like children, you will lose all of it and more because they
> resent your heavy-handed tactics.  You'll have created attackers
> inside your trust boundary, and nothing's quite as nasty as that, from
> every security perspective.
>
> If you want to make a policy about which sites people visit, making
> that policy written, clear, in advance, and with reasons enunciated
> and questionable is *much* more effective than encouraging your
> employees to punch you (and your firewalls, etc.) when you establish
> silly and arbitrary network outages.  Trying to block ports and IPs is
> stupid, wasteful, counter-productive, and, of course, ineffective.
>
> That said, I find multiple threats and attack vectors from Facebook
> itself, which acts pretty much an attacker when it comes to anything a
> Facebook user ever connects to.  In the process of violating their
> users' privacy, something they have an extensive track record of doing
> as a matter of routine, they violate most access control policies.
>
> Stated that way, it's much easier to convince people that Facebook is
> a problem.
>
> Cheers,
> David.
> >
> > Regards,
> > Mohd Fazli Azran
> > OWASP Malaysia Chapter Leader
> > [image: OWASP Malaysia] <http://www.owasp.org/Malaysia>
>
> > _______________________________________________
> > Owasp-Malaysia mailing list
> > Owasp-Malaysia at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp-malaysia
> >
> > OWASP Malaysia Wiki
> > http://www.owasp.org/index.php/Malaysia
> >
> > OWASP Malaysia Wiki Facebook
> > http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
>
>
> --
> David Fetter <david at fetter.org> http://fetter.org/
> Phone: +1 415 235 3778  AIM: dfetter666  Yahoo!: dfetter
> Skype: davidfetter      XMPP: david.fetter at gmail.com
> iCal: webcal://www.tripit.com/feed/ical/people/david74/tripit.ics
>
> Remember to vote!
> Consider donating to Postgres: http://www.postgresql.org/about/donate
> _______________________________________________
> Owasp-Malaysia mailing list
> Owasp-Malaysia at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>
> OWASP Malaysia Wiki
> http://www.owasp.org/index.php/Malaysia
>
> OWASP Malaysia Wiki Facebook
> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-malaysia/attachments/20100715/47b8f34c/attachment-0001.html 


More information about the Owasp-Malaysia mailing list