US Missile Defense Staff Told To Stop Watching Porn

An anonymous reader writes "John James Jr., director of the U.S. Missile Defense Agency, who is responsible for the nation's missile defense system, recently sent out a one-page memo warning employees and contractors to stop using agency computers to visit pornographic Web sites. That's right; apparently they were watching the wrong type of bombshells."

it became a problem

[phantomfive]

It because a problem when some of the computers started getting viruses and trojans from the porn sites.

That's what the first article says. The second article says that wasn't the reason. I guess this is why it's a waste to read the articles.

Re:Why?

[jhoegl]

The real question is, why arent these less than half a dozen getting fired?
If they have time to watch porn, then the position they are filling is not required.

Re:Why?

[kubernet3s]

actually, yeah, most of us would be out on our asses if our employers caught us looking at porn. The reason people tag links NSFW is because you can get fired for even accidentally clicking on non-pornographic nudity.

Re:Why?

[jank1887]

because of this tidbit in the Bloomberg article:

"Using what is called steganography, Cunningham said, a programmer can embed malicious computer code that infects computers, opens ports, steals data or gains access to networks when photos, videos or other files are downloaded."

Now, THAT's news. So, now, instead of malware writers using steganography to hide commands or payload data accessed by normal executable malware code, we have steganographic malware that autoexecutes just by being downloaded! I'll get started on the GIMP payload filter...

Re:Why not?

[Anonymous Coward]

Then they can buy their OWN computer to do it on cant they?

Or are you comfortable with missile defense computers looking at porn sites (which have been consistent virus vectors in years past)? Even if those are not hooked up to the main computers all it takes is one mistake...

Also when you sign up to the military you sign away rights. You also sign on for people telling you 24/7 what to do and where to pee.

When I used to run a network. I told people do what you want on your own time and on your OWN hardware. I do not care what you do then. On this network we do not do that, its not work related unless you are in the porn industry...

There is nothing wrong with telling people NO sometimes...

Re:Why?

[magarity]

The people who need to be fired are the network administrators who aren't filtering external traffic properly in the first place. And why not fire this director who doesn't see that's the true source of the problem?

Re:Why?

[AliasMarlowe]

actually, yeah, most of us would be out on our asses if our employers caught us looking at porn. The reason people tag links NSFW is because you can get fired for even accidentally clicking on non-pornographic nudity.

So these guys might have just been looking at Wikipedia [wikipedia.org], or perhaps at Wikipedia [wikipedia.org]? Caution, some Wikipedia pages (like those two) might actually be considered NSFW in really incredibly prudish places, simply because they contain photos of human genitalia (but non-prurient photos).

Re:Why?

[ganjadude]

Why blame the network admin? He didnt make you go to those sites. Sure you could say that if it was filtered they wouldnt go to the sites but that is not the point. These are adults, working in what is a pretty important function with major security concerns. There is no one to blame but those who typed in the address and clicked enter.

Re:Why?

[v1]

The people who need to be fired are the network administrators who aren't filtering external traffic properly in the first place.

That doesn't really fix the problem. It sounds like a good idea until you realize you're pitting the network admin against the users. His job isn't to get involved with a game of cat and mouse. Most admins grow tired of being expected to have an airtight physical defense when there's no complementary policy in place.

A better response is to have the network admins place reasonably good filtering in place. Not airtight. Not filters that interfere with legitimate traffic. Filters with a zero-false-positive. Then if someone is still watching porn, it's easy to demonstrate that they're taking steps to bypass the filtering. Make it clear to the staff that deliberately bypassing the filters is a fireable offense.

This solves most of the problem all at once. No collateral damage, no borderline unfair calls, reasonable expense, and accountability where it belongs.

It also makes the perps easier to catch, since they don't have to spend hours trying to different things before they finally find the inevitable crack in the armor. They'll try basic things like proxy or direct IP etc. Those are easy to prove as deliberate while at the same time being easy to detect. If you're placing the entire onus on the net admin, the users can dig at your defenses all day long without so much as a wrist-slap, and when they finally discover another way, they've' not only beat you, you may have a difficult time noticing you've been beat. And then you are the bad guy for having "allowed" them to violate policy.

I've been in charge of cat and mouse before. I'd set something up, they'd find a way around it. I'd add another net. They'd stop for a bit and then they'd find a way around it. Rinse and repeat. All the while the manager wouldn't bother to yank one of them into the office and discuss the perils of working hard to break company policy. The filters finally got tight enough that the manager started having problems with some of his downtime, and then things really got weird. You don't want to be here.

"against company policy" needs to mean "you don't do that here", not "we're going to try to stop you from doing that here".

Re:Why?

[dgatwood]

I don't think the GP was claiming that it doesn't happen. Image formats are relatively complex, and compressed audio and video formats doubly so. If you're going to have a security hole in an OS or a browser, odds are good that it will be in a codec somewhere.

That said, what we have here is a pretty egregious misuse of the term steganography. Steganography refers to hiding data inside other data. A trojan image file that exploits a bug in your browser to load malware isn't steganography because there is no actual image. There's no hiding. It is merely the misrepresentation of one type of data as another type of data, which is a trojan horse, not steganography.

Steganography would be Chinese dissidents using image files that contained a subtle watermark in the least significant bits to send coded messages to one another, or someone embedding a piece of software in the low order bits of an MPEG stream. Those examples meet the core requirement that the enclosing data be at least ostensibly plausible data. Note that opening such a photo or MPEG stream reveals a photo or a movie. It does not execute anything, because if it did, the secret payload wouldn't be very hidden, now would it? :-)

Re:Why?

[Tom]

It sounds like a good idea until you realize you're pitting the network admin against the users. His job isn't to get involved with a game of cat and mouse.

I don't only agree, I'd go a step further: The admins job is not to filter content, but to keep the network running.

Filter malware, yes. Content? Why should the admin care if that image shows a tit or a cat?

Maybe I'm too open-minded but I don't get what the fuss is all about. If I came upon a co-worker or even a subordinate watching porn, I'd be more worried that he's not working than what he is watching. Sure it's not very tasteful, but as long as his hands stay out of his trousers (or skirt, let's stop pretending only men watch porn), I don't care all that much. Maybe if our society were a little less sexually repressed, we could focus on what actually matters instead of political correctness?

Re:Why?

[ultranova]

The real question is, why arent these less than half a dozen getting fired?
If they have time to watch porn, then the position they are filling is not required.

There are quire a few positions where periods of activity and waiting alternate. Trying to "remove the slack" in such scenarios typically results in small savings in periods of passivity and huge disasters in periods of activity. This is especially true in scenarios like missile defense where activity periods depend on some unpredictable external factor - it's too late to hire staff when the air raid sirens start blaring, and having enough staff to handle a missile attack means that you'll have more than you need when an attack is not incoming.

But even beyond that, human beings aren't capable of giving 100% 8 hours a day. If you try to make them, those who can leave for greener pastures and those who can't concentrate on looking busy, rather than doing their job. The end result is that you'll end up with incompetent, unmotivated people trying their best to deceive the management.

But perhaps this isn't about wasted time but porn. If so, then please remember that this is a position that likely requires quite a bit of highly specialized training. Is punishing people for being impure sinners a good enough reason to justify the cost of training their replacements? Maybe, maybe not - but since this training would come out of taxpayer money, it would probably be best to not pay to enforce any moral code that doesn't absolutely have to be.

Re:Why?

[drkim]

Well put.

It's like saying, "We found that 80% of the time, the firefighters were just sitting around the fire station doing nothing. So we're going to reduce the fire department by 80%."