If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(SFGate)   Click here to learn this one weird trick to steal the trade secrets of American industries   (sfgate.com) divider line 27
    More: Fail, U.S. Steel, United States, United Steelworkers, campus network, Chinese military, computer networks, Hong Lei, case citation  
•       •       •

2969 clicks; posted to Geek » on 21 May 2014 at 5:34 PM (31 weeks ago)   |  Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



27 Comments   (+0 »)
   
View Voting Results: Smartest and Funniest
 
2014-05-21 12:00:58 PM  
LGT to Mossad training signup.
 
2014-05-21 03:30:10 PM  
pretty easy to fix isnt it ?
block internet access to employees that dont need it
FFS, you work on spreadsheets all day, you dont need facebook and google.
lol

/The amount of spam that I still get at work is ridiculous and that is just counting the email from network admins about the servers being up or down.
 
2014-05-21 05:24:35 PM  
LGT the word "gullible" at Dictionary.com
 
2014-05-21 05:45:49 PM  

namatad: pretty easy to fix isnt it ?
block internet access to employees that dont need it
FFS, you work on spreadsheets all day, you dont need facebook and google.
lol

/The amount of spam that I still get at work is ridiculous and that is just counting the email from network admins about the servers being up or down.


Why do you hate Fark, freedom, bacon and boobs?
 
2014-05-21 05:51:15 PM  

namatad: pretty easy to fix isnt it ?
block internet access to employees that dont need it
FFS, you work on spreadsheets all day, you dont need facebook and google.
lol

/The amount of spam that I still get at work is ridiculous and that is just counting the email from network admins about the servers being up or down.


I was thinking maybe its time to crack down on shady/shiat ad engines on major websites
 
2014-05-21 05:53:28 PM  
And this is why China is buying into Africa. So they can pretend to be Nigerian princes and get some of that sweet Nigerian scam money. I'm just glad I got my $35,000,00 coming before the zips screw it up.
 
2014-05-21 06:29:51 PM  
This is why you don't trust your most closely guarded secrets to idiots.
 
2014-05-21 06:38:20 PM  
serious why keep your top secret information that make money for your company on a computer connected to the internet?

Seriously if it not connected to the internet it can't be remotely stolen via the net.

Also restrict access to it to as few as possible as that way you have the smallest possible chance for breaches.

Its not a 100% guarantee they can't be stolen but it would require alot more effort then just hacking in to steal it.
 
2014-05-21 06:46:55 PM  

grimlock1972: serious why keep your top secret information that make money for your company on a computer connected to the internet?


IT, especially IT security, is a cost center. Most companies will do as much as possible to drive those costs down. Hiring cheap kids from the bottom of their class, outsourcing to Mudistan, hiring a hobo from the back alley, putting up a Barney Fife poster in the break room are all considered viable IT security strategies. And whoever goes that way and saves the company money gets a big bonus and is probably gone by the time it's a problem.
 
2014-05-21 06:47:39 PM  
This "Local mom angers CEOs after stealing trade secrets with one weird trick" ad has been around a while.
 
2014-05-21 07:04:43 PM  

namatad: pretty easy to fix isnt it ?
block internet access to employees that dont need it


Better solution: Anything, ANYTHING that's even remotely proprietary stays on a closed network completely isolated from any outside connections. No routers filtering things, no wireless to allow devices to connect to the closed network, no USB ports left open on PCs or other necessary network hardware (fill em with krazy glue or something), etc. So separated and remote from the web that it gives *outer space* a run for its money.

Then for employee access to data on the web and communications with other sites/offices, they get a second PC with just enough horsepower to do just that connected to the intarwebz. If you need info from the web computer to go onto the isolated network, you get a dispensation from IT and even then it's limited to things like images and non-executables. Heavy scanning on everything too.

/probably other things you could do too, but this would be a start
 
2014-05-21 07:36:37 PM  
You know that annoying as fark personality test by unicru mosts companyies use now a days? Why not just add another 45 farking minutes to a job application filled with internet common sense questions?

If you are presented with an attachment from an unknown address it is probably safe to open and run

Strongly Agree
Agree
Neutral
Disagree
Strongly Disagree
 
2014-05-21 08:25:13 PM  
I bet 80% of those are the HR drones (hotties) who do need internet but are stupid as hell.  The other 20% are the managers/ceo/coo/etc that shouldn't be allowed on a computer in the first place.
 
2014-05-21 08:27:43 PM  

EngineerAU: grimlock1972: serious why keep your top secret information that make money for your company on a computer connected to the internet?

IT, especially IT security, is a cost center. Most companies will do as much as possible to drive those costs down. Hiring cheap kids from the bottom of their class, outsourcing to Mudistan, hiring a hobo from the back alley, putting up a Barney Fife poster in the break room are all considered viable IT security strategies. And whoever goes that way and saves the company money gets a big bonus and is probably gone by the time it's a problem.


so yet another problem caused by investors picking short term gains over long term growth.
 
2014-05-21 08:28:44 PM  

Argonreality: namatad: pretty easy to fix isnt it ?
block internet access to employees that dont need it

Better solution: Anything, ANYTHING that's even remotely proprietary stays on a closed network completely isolated from any outside connections. No routers filtering things, no wireless to allow devices to connect to the closed network, no USB ports left open on PCs or other necessary network hardware (fill em with krazy glue or something), etc. So separated and remote from the web that it gives *outer space* a run for its money.

Then for employee access to data on the web and communications with other sites/offices, they get a second PC with just enough horsepower to do just that connected to the intarwebz. If you need info from the web computer to go onto the isolated network, you get a dispensation from IT and even then it's limited to things like images and non-executables. Heavy scanning on everything too.

/probably other things you could do too, but this would be a start


The downside is that in that scenario, a lot of smart people who know how to secure their shiat are denied the info they need to do their job. For people like me, you'd be sending us back to 1980 with that policy and our productivity would be shiat, especially when you have people on teams that are scattered all over the country. There needs to be a balance between productivity and security, but that plan would turn any modern organization into a dinosaur that would be picked off by more agile competitors.
 
2014-05-21 10:04:24 PM  
Remember, it's wrong for China to hack into private corporate networks, but it's totally cool when the NSA does the same thing because they're protecting our freedoms.
 
2014-05-21 10:05:55 PM  

Argonreality: namatad: pretty easy to fix isnt it ?
block internet access to employees that dont need it

Better solution: Anything, ANYTHING that's even remotely proprietary stays on a closed network completely isolated from any outside connections. No routers filtering things, no wireless to allow devices to connect to the closed network, no USB ports left open on PCs or other necessary network hardware (fill em with krazy glue or something), etc. So separated and remote from the web that it gives *outer space* a run for its money.

Then for employee access to data on the web and communications with other sites/offices, they get a second PC with just enough horsepower to do just that connected to the intarwebz. If you need info from the web computer to go onto the isolated network, you get a dispensation from IT and even then it's limited to things like images and non-executables. Heavy scanning on everything too.

/probably other things you could do too, but this would be a start


Or better yet, just migrate away from windows for people with sensitive data.
 
2014-05-21 10:19:47 PM  

styckx: You know that annoying as fark personality test by unicru mosts companyies use now a days? Why not just add another 45 farking minutes to a job application filled with internet common sense questions?

If you are presented with an attachment from an unknown address it is probably safe to open and run

Strongly Agree
Agree
Neutral
Disagree
Strongly Disagree


Anyone who applies for a job should be sent an email a couple of days later with a generic "Your application" heading, an unknown email address and an attacked zip file. If they open it they get a message saying "If you opened this then you don't get the job"

Anyone emailing the correct company email and asking about the attachment without opening it should be hired.
 
2014-05-21 10:26:52 PM  

Argonreality: Then for employee access to data on the web and communications with other sites/offices, they get a second PC with just enough horsepower to do just that connected to the intarwebz. If you need info from the web computer to go onto the isolated network, you get a dispensation from IT and even then it's limited to things like images and non-executables. Heavy scanning on everything too.


Then the junior VP of widgets for the southern North Dakota district finds out that he can't use his phone to browse the latest TPS Report digest while waiting for the beer girl to come by in her cart on the golf course and an exception is made for him... and for everybody else in a position of power who finds security inconvenient. The last place I worked did this with physical security. To get in the building past the lobby you had to go through an id check and manned security gates. All visitors had to be pre-approved and escorted at all times. Or you could park on the 12th floor of the publicly accessible parking deck and use the stairwell in the northwest corner to get to any floor you wanted. Someone in the C level suite didn't like going all the way down to the lobby and back up so that stairwell near where he parked his car had the security removed. But it was ok because only employees knew about it and no ex-employee would ever come and shoot up the place, right?
 
2014-05-21 11:30:39 PM  

namatad: pretty easy to fix isnt it ?
block internet access to employees that dont need it
FFS, you work on spreadsheets all day, you dont need facebook and google.
lol

/The amount of spam that I still get at work is ridiculous and that is just counting the email from network admins about the servers being up or down.


It sounds like either your IT dept sucks, or your company isn't devoting enough money to them.  Could be both.

Seriously, if spam is still an issue you're doing it wrong.
 
2014-05-21 11:33:05 PM  

Sudo_Make_Me_A_Sandwich: Argonreality: namatad: pretty easy to fix isnt it ?
block internet access to employees that dont need it

Better solution: Anything, ANYTHING that's even remotely proprietary stays on a closed network completely isolated from any outside connections. No routers filtering things, no wireless to allow devices to connect to the closed network, no USB ports left open on PCs or other necessary network hardware (fill em with krazy glue or something), etc. So separated and remote from the web that it gives *outer space* a run for its money.

Then for employee access to data on the web and communications with other sites/offices, they get a second PC with just enough horsepower to do just that connected to the intarwebz. If you need info from the web computer to go onto the isolated network, you get a dispensation from IT and even then it's limited to things like images and non-executables. Heavy scanning on everything too.

/probably other things you could do too, but this would be a start

Or better yet, just migrate away from windows for people with sensitive data.


Linux will never make any ground in the corporate desktop area.  Seriously, if you believe so, or even advocate for it, you're a deluded Linux nerd, but in your case, I already knew that ;)
 
2014-05-21 11:55:27 PM  

tripleseven: Linux will never make any ground in the corporate desktop area.  Seriously, if you believe so, or even advocate for it, you're a deluded Linux nerd, but in your case, I already knew that ;)


If I wasn't so lazy, I'd edit the  Buck Rogers show opening to have everyone using Linux on the desktop in 2491. It must have caught on by then.
 
2014-05-22 12:35:57 AM  
Have you or do you know anyone who has actually clicked on one of those "weird trick" ads?
 
2014-05-22 12:48:21 AM  

Argonreality: namatad: pretty easy to fix isnt it ?
block internet access to employees that dont need it

Better solution: Anything, ANYTHING that's even remotely proprietary stays on a closed network completely isolated from any outside connections. No routers filtering things, no wireless to allow devices to connect to the closed network, no USB ports left open on PCs or other necessary network hardware (fill em with krazy glue or something), etc. So separated and remote from the web that it gives *outer space* a run for its money.

Then for employee access to data on the web and communications with other sites/offices, they get a second PC with just enough horsepower to do just that connected to the intarwebz. If you need info from the web computer to go onto the isolated network, you get a dispensation from IT and even then it's limited to things like images and non-executables. Heavy scanning on everything too.

/probably other things you could do too, but this would be a start


That's what is supposed to be done, with the air gap physically separating those nets/hosts from the outside world. Doesn't always happen, though.
 
2014-05-22 02:57:40 AM  

EngineerAU: grimlock1972: serious why keep your top secret information that make money for your company on a computer connected to the internet?


IT, especially IT security, is a cost center. Most companies will do as much as possible to drive those costs down. Hiring cheap kids from the bottom of their class, outsourcing to Mudistan, hiring a hobo from the back alley, putting up a Barney Fife poster in the break room are all considered viable IT security strategies. And whoever goes that way and saves the company money gets a big bonus and is probably gone by the time it's a problem.


Having worked at giant companies for years, and having seen some of the toppest secrets leaked, I offer you an alternative theory.  "C" level executives know that (a) the 'secret' information of lower employees is of little practical value to anyone, (b) most of it is in incomprehensible jargon,  and (c) the useful bits have a half life measured in hours.  So they give data security lip service and get on with the business of manipulating the stock price by telling lies to the good old boy channels.
 
2014-05-22 04:03:55 AM  
me: i don't appreciate your ruse internet

internet: my 'ruse'?

me: your cunning attempt to trick me

styckx: If you are presented with an attachment from an unknown address it is probably safe to open and run

Strongly Agree
Agree
Neutral
Disagree
Strongly Disagree



subject line: v1ag4r@ = strongly disagree, lolcats = strongly agree

/what's the worst that could happen?
//oh
 
2014-05-22 08:02:16 AM  

tripleseven: Sudo_Make_Me_A_Sandwich: Argonreality: namatad: pretty easy to fix isnt it ?
block internet access to employees that dont need it

Better solution: Anything, ANYTHING that's even remotely proprietary stays on a closed network completely isolated from any outside connections. No routers filtering things, no wireless to allow devices to connect to the closed network, no USB ports left open on PCs or other necessary network hardware (fill em with krazy glue or something), etc. So separated and remote from the web that it gives *outer space* a run for its money.

Then for employee access to data on the web and communications with other sites/offices, they get a second PC with just enough horsepower to do just that connected to the intarwebz. If you need info from the web computer to go onto the isolated network, you get a dispensation from IT and even then it's limited to things like images and non-executables. Heavy scanning on everything too.

/probably other things you could do too, but this would be a start

Or better yet, just migrate away from windows for people with sensitive data.

Linux will never make any ground in the corporate desktop area.  Seriously, if you believe so, or even advocate for it, you're a deluded Linux nerd, but in your case, I already knew that ;)


Sad but true.  The f'd up part is people would have an easier time learning XFCE, Cinnamon (Gnome2), or KDE over Windows 8....and the IT guys probably run some sort of Linux for personal use so it's not like you'd have to train them that much.
 
Displayed 27 of 27 comments

View Voting Results: Smartest and Funniest


This thread is closed to new comments.

Continue Farking
Submit a Link »
On Twitter





In Other Media


  1. Links are submitted by members of the Fark community.

  2. When community members submit a link, they also write a custom headline for the story.

  3. Other Farkers comment on the links. This is the number of comments. Click here to read them.

  4. Click here to submit a link.

Report