Well if it involves...
..an attractive 6ft+ seductress and a huge wad of cash...sign me up.
Yes I'm that shallow.
MI5 has warned that foreign spy agencies are targeting IT workers within big organisations as a means of gaining privileged access to sensitive data. The security service's warning about spy-infiltration tactics is a bid to encourage corporations to bolster their defences against such attacks, the FT (via the Daily Mail) …
"Yes I'm that shallow."
And for the GCHQ strategy of "stiff upper lip" to succeed, we need *every* IT admin to be "not that shallow". Hmm ... I think I see a teensy-weensy flaw in this plan.
Meanwhile, other parts of the Establishment are trying to increase the numbers of women in IT.
Are they all Chinese/Russian/American spies too? Gosh darn it. But then it's a bit sexist to assume woman in IT wouldn't just as likely be swayed by a handsome well financed young man. Or homosexuals, or anyone else for that matter. Modern world - a very connected place but often a very lonely one too.
On the other hand in the modern world where every government agency is harvesting information from every interconnecting pipe they can get their black boxes into I think the need for foreign governments to infiltrate is lower then people like to make out.
Maybe companies should pay their staff better and treat them better and be loyal to them and stop having the annual pdr a useless box ticking enterprise where you can put down anything you like as nobody but your line manager will ever read it and they already know the score. Ah well.
I totally wouldn't mind that barista at the train station who was interested in what kind of job I had, to try and extract some more info from me.
An acceptable alternative would be a svelte SE Asian. Either to be accompanied by a worthwhile amount of moolah, of course.
"The security service's warning about spy-infiltration tactics is a bid to encourage corporations to bolster their defences against such attacks.
MI5 and their colleagues in GCHQ can play their part in developing good solid strategy in defending against this kind of attack by not allying themselves with the foreign spy agency responsible. Just an idea I thought I'd throw out there
"MI5 and their colleagues in GCHQ can play their part in developing good solid strategy in defending against this kind of attack "
Hopefully they are, but a few months back GCHQ & MI5 sent some people round to our offices, and interviewed me along with a group of (supposedly) random colleagues, asking what we thought suspicious activity would look like, as part of an information gathering and awareness raising session. The "right" answers were all the obvious old school stuff - the employee who has changed their habits, the employee who wants to work alone in the office at weekends, the bloke in accounts payable who insists on letting in strange visitors without signing them in etc etc.
Admittedly the "random" group had few IT people, and mostly people from high value functional target teams, but there was nothing about data security, about protecting information, recognising phishing and spear scams, nothing about how users can minimise their chances of admitting APTs, nothing about proper use of access rights, encryption, or how to monitor suspicious activity on network shares, or audit file access activity.
All in all a very poor show, and I could have done better myself.
If false/stolen/copied credentials are the 'next frontier', what have all those Admins been bitching about for the last two decades? Are they involved in some sort of anti Post-It long game?
On that note, what has the Quote Droid who said 'next frontier' been doing with his work time? I'm going to guess it doesn't involve any ongoing reviews of security related news. Nor has he studied any part of history, watched Dr. Who or any of the hundreds of films where false credentials allow some plucky hero, or plucky anti-hero, to gain passage through otherwise impenetrable defenses. Saying things like that isn't a confidence builder you know.
Well, I am against sticky notes for all manner of reasons, not least of all their sub-par adhesion.
The problem is trying to convince people that usernames aren't bound to specific PCs* and so they should just log in with their own password rather than that of whomever normally sits at the PC.
That's always been the weakest link and there are very few IT solutions. Sure you can have 2-factor auth but that assumes that a user wont record their passkey with the card/usb-key. At some point, It's up to management to actually ENFORCE the relevant policies!
* - At least in most systems we manage, though some PCs are obviously restricted.
When that guy at 3M developed the not-so-sticky sticky stuff he had no idea what hell he was creating.
I've found one method that works for even the most stubborn password haters.
Get them to print out a page that they might normally have on their desk or work area, pick a long phrase, sentence, number or combination from that and use that as the password. Passwords left in plain sight still but a whole lot harder to grab as a casual passing set of eyes. Sure you could photograph and OCR every bit of visible text in the area then try to guess the bits used and in what order but really you probably are going to try something easier, stick a typpo or two in theyre and it gets better.
AC for obvious reasons.
Captain Darling: So you see, Blackadder, Field Marshall Haig is most anxious to eliminate all these German spies.
General Melchett: Filthy hun weasels, fighting their dirty underhand war!
Captain Darling: And fortunately, one of our spies...
General Melchett: Splendid fellows, brave heroes risking life and limb for Blighty!
Normal people and abnormal people who want to look normal begin a Monday morning by asking how your weekend was, but now there is a new class of people, normal people who ask about your weekend to put it in a spy database. statistics show that any given IT worker is 40% likely to be a spy.
If you are not paranoid you should be. Everyone should be at least 40% paranoid.
"The concept of Anna Chapman types flirting with the likes of Moss from the IT Crowd in order to gain access to sensitive information sounds absurd"
Not at all. My housemate (think Moss with much less hair) had a fit leggy blonde who was buttering him up (with homemade carrot cake, no less) at his last site, and was very suspicious. I would have thought something was up too, since the attention of attractive women isn't something I normally attract.
Now us ugly, socially inept repulsive individuals will have added value in the market place, oh yeah bring it on, kerching.
"Can you imagine how much it would cost to get someone to befriend him? not going to happen" I bet the crooks are saying, might start attaching my photo to the CV again.
make sure i post this anonymous... oh the phones ringing..
* I have admin access to a growing number of servers in my area.
* I quite liked that Russian spy girl in season 7 of Burn Notice.
* I live in Australia.
* I enjoy long walks along the beach.
Wait... Instead of listing all that here, is there some sort of official spy dating service that matches us nerds to our preferred spy-ladies?
Biting the hand that feeds IT © 1998–2019