July 28, 2014 at 4:00 pm
Steve Jones - SSC Editor (7/28/2014)
GoofyGuy (7/28/2014)
Steve Jones wrote:Bad design, bad decisions, mistakes, even poor security practices will occur. However it's usually not your company, and it's not your place to prove that there is a flaw in a system. It's especially true that it's not your place to prove things without having been given permission to do so. Proving a point on your own is something children do, not professionals.
I'm not sure I agree with this. So long as one 'proves a point' in a diplomatic and legitimate manner, and the motive is positive, does this not show initiative on one's part?
you're a little out of context.
You do so in a legitimate manner by getting permission, which I would guess involves some diplomacy and basic polite social behavior. You ask.
I'd say it really depends on the situation; in most cases, it may be better to ask permission rather than to seek forgiveness; in rare cases, perhaps not so. Certainly one should carefully consider one's decision.
July 28, 2014 at 5:03 pm
Steve Jones - SSC Editor (7/28/2014)
Jeff Moden (7/28/2014)
djackson 22568 (7/28/2014)
David.Poole (7/28/2014)
And where does Edward Snowden fit into this piece?IMO Snowden is a hero. He broke the law in order to expose our government's illegal violation of every US citizen's rights. He chose to suffer the consequences knowing it was the only way to expose the abuse, while also recognizing we (our population) are too stupid to do anything about it.
IMO the person referenced in this thread is simply an idiot. Violating the law in order to force a company to do the right thing is different in that he had other options yet chose the method that was easiest. Snowden didn't have any options at all, and made up his own option to help the greater good.
Interesting take on that. Personnally, I feel that his actions put a lot more people at risk that what he "saved".
We can certainly debate that, Mr. Moden, but I suspect that is not true. It's the view of many people that fundamentally dislike exposure and want secrecy in government/military dealings.
I'd agree those are important, but Mr. Snowden showed many abuses, many of which continue today. Far, far too often, I'd say the fruits of surveillance efforts were unnecessary for security.
For those potential problems involving security, both Mr. Snowden and the Guardian attempted to work with the NSA to redact problem data.
It's certain secrets that keep us secure. I also think that, like Helkowski, he did things the wrong way or he'd have actually been a hero. But, you're right. It would be quite the debate and way too long for the likes of a forum post.
--Jeff Moden
Change is inevitable... Change for the better is not.
July 28, 2014 at 6:58 pm
Correct me here if I'm wrong, but Snowden did not try to hurt the same people he ideally was trying to please where the guy from the article did. That's the main difference. So, that basically boils down in Snowden's case as pleasing the people while screwing the government. On the opposite end, you have someone trying to please the people but also hurting the people and the company in one swoop, which is totally different.
On the topic specifically.
I believe that it's your responsibility to ensure issues are unearthed and brought to the right parties attention to be resolved in a professional manner if that's your job to do so. If not, then getting permissions is the correct steps to take BEFORE YOU step on another team members toes.
If you felt that your team members toes are of no concern of yours, then you have problems IMHO. Team members are not there for you to prove wrong and make them look bad regardless if they are management or not. God knows, if someone did that on my team, worlds would be shaking simply because we work together, not against each other.
That said, if all is right in the world and you can unearth some serious issues and get them reported, then do so. But, I agree, if the stars to not align in your favor, then as a professional, you can either drop it or leave.
BUT--BIG BUT HERE--if the issue results in the company as well yourself for being associated with that company in some type of criminal action, then you must take action with the appropriate channels outside the company. That's only if the company does not take action first. However, appropriate channels do not include releasing it to the public or trying to cause harm to prove a point. Appropriate channels would likely include someone a government organization that specializes in those matters.
July 28, 2014 at 9:46 pm
Jeff Moden (7/28/2014)
djackson 22568 (7/28/2014)
David.Poole (7/28/2014)
And where does Edward Snowden fit into this piece?IMO Snowden is a hero. He broke the law in order to expose our government's illegal violation of every US citizen's rights. He chose to suffer the consequences knowing it was the only way to expose the abuse, while also recognizing we (our population) are too stupid to do anything about it.
IMO the person referenced in this thread is simply an idiot. Violating the law in order to force a company to do the right thing is different in that he had other options yet chose the method that was easiest. Snowden didn't have any options at all, and made up his own option to help the greater good.
Interesting take on that. Personnally, I feel that his actions put a lot more people at risk that what he "saved".
The government sends our men and women to war far too often. When they do, losses of our soldiers and civilians are viewed as collateral damage, acceptable losses, and other terms that disgust me. Yet most people view these losses as acceptable in order to secure our freedom.
Snowden attempted to convince those he reported to that our government was violating the law, and our constitution. While some may debate that they are violating the law, any serious review of the facts can only conclude that they were, and continue to. The most common argument to the contrary is it is OK if you have nothing to hide. Sigh.
So on one hand we had someone who broke the law, but had avenues available to him to expose the wrongdoing legally. I can't justify what he did at all. On the other hand Snowden had no choice left, he had tried the legal avenues and was told to shut up. If our government was at all trustworthy what he did would be rewarded. Of course, it would never have been necessary.
Dave
July 29, 2014 at 7:40 am
I would not Describe Edward Snowden as a hero - anyone who flies off to countries like RUssia and China with flash drives full of his countries espoinage secrets is a traitor by any definition. And the enemy isn't just traditional powers - fighting an asymmetric war against people who will willingly plant a bomb in a public waste bin as happened not far from where I live , and kill a couple of 10 year olds , requires intelligence and sometimes the line has to blur if you want to prevent tragedy. In the UK we suffered from a 25 year war conducuted against the UK civilian population by the IRA , of which the 1996 South Quay bombing affected me personally . Inalienable rights are little use to a corpse , and now the the islamic world is now targeting the UK and US this is the wrong time to expose survaillance methods to potential mass-killers . As an Aside the Guardian Newspaper only agreed to redact/destory the hard drives smuggled out of moscow because the UK government threatened arrests under anti-terrorism law otherwise
July 29, 2014 at 8:23 am
Seriously,
I have known about the NSA for decades.
The Chinese and the Russians infiltrated the NSA years ago. All Snowden did, at best, was confirm what they already knew.
Seriously, the ONLY people who did NOT know this was going on was the American public. (You know, the people whose taxes were paying the NSA to spy on them.)
So, who was Snowden to tell? His superiors who were telling him to do it? The government who was telling his bosses to do it? The media (who is in the pocket of this administration)?
July 29, 2014 at 8:28 am
geoffrey.sturdy (7/29/2014)
I would not Describe Edward Snowden as a hero - anyone who flies off to countries like RUssia and China with flash drives full of his countries espoinage secrets is a traitor by any definition. And the enemy isn't just traditional powers - fighting an asymmetric war against people who will willingly plant a bomb in a public waste bin as happened not far from where I live , and kill a couple of 10 year olds , requires intelligence and sometimes the line has to blur if you want to prevent tragedy. In the UK we suffered from a 25 year war conducuted against the UK civilian population by the IRA , of which the 1996 South Quay bombing affected me personally . Inalienable rights are little use to a corpse , and now the the islamic world is now targeting the UK and US this is the wrong time to expose survaillance methods to potential mass-killers . As an Aside the Guardian Newspaper only agreed to redact/destory the hard drives smuggled out of moscow because the UK government threatened arrests under anti-terrorism law otherwise
Thank you. I was trying to figure a way to explain my feelings on the subject and you not only nailed it but you have some up close and personal experience with the problems that have affected many.
--Jeff Moden
Change is inevitable... Change for the better is not.
July 29, 2014 at 8:37 am
kevinbwood (7/28/2014)
Raising your concerns and documenting the concerns and that you have communicated them are crucial.If/When TSHTF, management will look for a scapegoat or someone to blame and it is easy for them to 'forget' you warned them. YOU become the convenient scapegoat because it was YOUR responsibility.
Even with documentation, you might still be the convenient scapegoat, but it becomes harder to paint you as the negligent one.
+1
Jason...AKA CirqueDeSQLeil
_______________________________________________
I have given a name to my pain...MCM SQL Server, MVP
SQL RNNR
Posting Performance Based Questions - Gail Shaw[/url]
Learn Extended Events
July 29, 2014 at 8:48 am
Jeff Moden (7/28/2014)
From the article:
However it's usually not your company, and it's not your place to prove that there is a flaw in a system. It's especially true that it's not your place to prove things without having been given permission to do so. Proving a point on your own is something children do, not professionals.I totally disagree as written above especially when it comes to private information such a Social Security Numbers. It [font="Arial Black"]MUST [/font]be proven if it exists and action must be taken. I consider it to be one of those unwritten laws that is the responsibility of every IT worker.
I'm gonna take this from a different angle. I agree with Jeff that it is your responsibility. If there is a critical flaw that could cause serious errors, cost the company big money, or even place peoples lives at risk - it is your right and responsibility to say and do something about it.
How you go about proving the flaw is a different story. Proving the point can be as simple as providing visibility via reports that are already being run or that were to be implemented anyway.
If there is a serious design flaw in the braking system of that new car - you need to say something about it instead of letting it go to production where lives are in danger and excessive cost to the company will occur.
If the use of nolock could cause a double dose of morphine to be given (or no medication given at all), then it is your responsibility to raise that concern and prove that nolock could cause those funky results.
Just because you are proving something doesn't mean you have to be a putz about it. And when you are right, act like you've been there before - don't gloat.
Jason...AKA CirqueDeSQLeil
_______________________________________________
I have given a name to my pain...MCM SQL Server, MVP
SQL RNNR
Posting Performance Based Questions - Gail Shaw[/url]
Learn Extended Events
July 29, 2014 at 11:30 am
Jeff Moden (7/29/2014)
geoffrey.sturdy (7/29/2014)
I would not Describe Edward Snowden as a hero - anyone who flies off to countries like RUssia and China with flash drives full of his countries espoinage secrets is a traitor by any definition. And the enemy isn't just traditional powers - fighting an asymmetric war against people who will willingly plant a bomb in a public waste bin as happened not far from where I live , and kill a couple of 10 year olds , requires intelligence and sometimes the line has to blur if you want to prevent tragedy. In the UK we suffered from a 25 year war conducuted against the UK civilian population by the IRA , of which the 1996 South Quay bombing affected me personally . Inalienable rights are little use to a corpse , and now the the islamic world is now targeting the UK and US this is the wrong time to expose survaillance methods to potential mass-killers . As an Aside the Guardian Newspaper only agreed to redact/destory the hard drives smuggled out of moscow because the UK government threatened arrests under anti-terrorism law otherwiseThank you. I was trying to figure a way to explain my feelings on the subject and you not only nailed it but you have some up close and personal experience with the problems that have affected many.
I understand the concerns, and I am always sorry to hear when someone has been affected by any personal loss like this.
Ethically we need to consider things in a different manner. If millions are being harmed by our government, and stopping that means they have to work within the law to fight terrorism, then the only ethical answer is to put a stop to it. You start within the system, but if that fails, you do what has to be done. Evil gains more and more control, because we allow it. If our government wasn't violating the law, what Snowden did would be wrong. I don't think it as clear cut as saying he was wrong, when his only choice was to ignore it or report it.
Further, even the NSA has admitted that not a single attack has been identified or stopped by their illegal activities. They make claims that can be seen through by a 6-year old.
What Snowden did is not at all comparable to the original post Steve made. We may never agree on Snowden's methods, but I would hope we would all agree that the other person had legal options available to put a stop to something that absolutely needed to be stopped. Snowden didn't.
Dave
July 29, 2014 at 11:52 am
geoffrey.sturdy (7/29/2014)
As an Aside the Guardian Newspaper only agreed to redact/destory the hard drives smuggled out of moscow because the UK government threatened arrests under anti-terrorism law otherwise
The Graun isn't (or shouldn't) be anyone's idea of a public-minded newspaper. It seems a vehicle for promoting opinions from the furthest reaches of the political margins.
When it has 'parlour progressives' supporting the likes of Hamas, you have to doubt the publication's credibility.
July 30, 2014 at 8:41 am
On March 14, Helkowski made his point rather dramatically by posting the university president’s Social Security number and phone number to reddit. He then sent an anonymous e-mail to the members of the university’s newly formed security task force, telling them in no uncertain terms just how horrible their security was.
Though he claims the message was not meant to sound threatening, it included lines like, “Out of politeness I’ll give you a chance to respond directly about this to me, and I’ll consider pulling it off the public Internet...Your internal IDs are listed below to get your attention.” If the security task force wouldn’t work with him, Helkowski told them to “consider this your fair warning and last contact from me.”
If this guy had played his cards right, he could have been seen as a hero and gotten a promotion (perhaps replacing the whomever is currently head of IT security at the university). Instead he mucked it up big time.
Posting in a public forum and pretending to be a hacker was a very bad idea. The FBI had a digital trail leading back to Mr. Helkowski, and his messages could be construed as actual threats.
If this guy felt he was being ignored, then he could have approached the university president privately in person and verbally inform him what was going on (providing no data or printouts). That would have been more to the point, and allowed the president opportunity to resolve the problem discretly. At the very least, there would have been enough plausible deniability to cover his *** in the event that the president misconstrued his intent.
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho
July 30, 2014 at 9:00 am
Eric M Russell wrote:
If this guy had played his cards right, he could have been seen as a hero and gotten a promotion (perhaps replacing the whomever is currently head of IT security at the university). Instead he mucked it up big time.
He definitely didn't handle matters well at all, although I wonder if he would have been given any time at all to meet with the university president, as you had suggested he should have sought. But he didn't ask, that's for certain.
One thing about the story does disturb me, and that's having the door to one's home kicked in and one's possessions ransacked by the FBI. I'm not sure there is a more respectful, less violent way to obtain information and materials against a crime suspect; but I still feel one's home should remain inviolate against the power of the State, except in the most dire circumstances.
July 30, 2014 at 9:07 am
GoofyGuy (7/30/2014)
Eric M Russell wrote:If this guy had played his cards right, he could have been seen as a hero and gotten a promotion (perhaps replacing the whomever is currently head of IT security at the university). Instead he mucked it up big time.
He definitely didn't handle matters well at all, although I wonder if he would have been given any time at all to meet with the university president, as you had suggested he should have sought. But he didn't ask, that's for certain.
One thing about the story does disturb me, and that's having the door to one's home kicked in and one's possessions ransacked by the FBI. I'm not sure there is a more respectful, less violent way to obtain information and materials against a crime suspect; but I still feel one's home should remain inviolate against the power of the State, except in the most dire circumstances.
But that is how Nazi governments work. "We'll show those evil citizens not to mess with us!"
Dave
July 30, 2014 at 9:10 am
GoofyGuy (7/30/2014)
Eric M Russell wrote:If this guy had played his cards right, he could have been seen as a hero and gotten a promotion (perhaps replacing the whomever is currently head of IT security at the university). Instead he mucked it up big time.
He definitely didn't handle matters well at all, although I wonder if he would have been given any time at all to meet with the university president, as you had suggested he should have sought. But he didn't ask, that's for certain.
One thing about the story does disturb me, and that's having the door to one's home kicked in and one's possessions ransacked by the FBI. I'm not sure there is a more respectful, less violent way to obtain information and materials against a crime suspect; but I still feel one's home should remain inviolate against the power of the State, except in the most dire circumstances.
Posting the president's personal information on the web was a very bad move. I'm sure that university officials took the hacking incident as a personal offense; an invasion of their privacy and the university's reputation. No doubt the president made a lot of phone calls and raised a big stink.
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho
Viewing 15 posts - 31 through 45 (of 55 total)
You must be logged in to reply to this topic. Login to reply