He tweeted this article which talked about this: http://devcentral.f5.com/weblogs... - Robert Scoble

Seems like people who know nothing about technology can never get too paranoid. - Amit Morson

it should have been titled "Corporate Paranoia and Web2.0" - Chris Rogers

For some industries, it's a real threat that they have to treat the same with all. - Patricia

that's ok, I just had to explain why keeping an inventory of all portable equipment ON our extranet is a bad thing(tm) >.< - alphaxion

Patricia: Which industries, how can Twitter post a threat that doesn't exist with email or blogs? - Amit Morson

a guy in my firehall doesnt give out his email cuz he thinks he will get a virus in his computer - johnpiercy

The only _new_ threat Twitter posts is how the information is distributed, but it's a greater threat only if you have a substantial number of followers. - Amit Morson

I recently interviewed at a place that wouldn't allow it's employees to talk to the media, which the them included blogging, commenting on blogs, using twitter, facebook, etc.. (http://earlyreiser.net/content...) - Bastard Operator From FF

The insurance industry is very, very cautious about any information leaking off a computer to the point that "locked" desktop tools like Kidaro exist. They can't afford to have any potential leaks, period. The same with finance, other markets. I'm not surprised to read these things. Twitter can probably seem as a threat because it allows information to be broadcast out. - Patricia

@sean I don't ever give my personal details to my full time work beyond my home phone number. Unless I'm getting paid for the interruption, they get no help from me. - alphaxion

i (@jakks) am a she... it's cool though☺ do you have any experience with socialcast? - Jaica Kinsman

I agree with @Amit in that due to the fact that Twitter is a broadcast medium it could be easier for an employee to inadvertently pass information to the public. Especially if they have their Twitter posts echoed on FF. - Kenton

ironically, FF is not blocked. am trying to make sense of the logic. - Jaica Kinsman

@johnpiercy Understanding risk _even when_ a domain of complex systems are well understood is hard, not intuitive. For instance I didn't know til 2 minutes ago that a Farmer's risk of death (occupational hazard-wise) is higher than that of a Firefighter (at least according to this study: http://www.laurelvfd.org/Firefig... ) - Micah Wittman from twhirl

140 characters or less certainly puts a limit on the scope of exposure. - Jon Price

@alphaxion that's why I didn't take the job... - Bastard Operator From FF

@Jon it depends ... at an insurance company you could leak out something like "XXX has terminal cancer" where XXX is some major politician or public figure and have major issues - Bastard Operator From FF

Reading that devcentral.f5 article, I come off somehow feeling like I just got trolled. - Chris, Taskerrific Guy

You know, I've found that the F5 Bloggers really, really like spreading FUD. - ax0n

@michah Interesting stats michah : http://www.laurelvfd.org/Firefig... )However I would argue that firefighters , dont die on the job the current trend is dieing from cancer "According to the International Association of Firefighters, more union firefighters died of cancer in 2007 than from heart attacks or fire-related injuries combined. Nationally, there were 38 union firefighters who died last year from cancer, 16 from heart attacks and 10 from fire-related causes. That trend is continuing in 2008.It is assumed that if a Washington firefighter who was on the job for 10 years develops prostate cancer before age 50, or brain cancer, bladder or kidney cancer, malignant melanoma or several others, it was in the line of duty." http://www.organicconsumers.org/article... - johnpiercy from twhirl

sorry @robertscoble for messingup your thread - johnpiercy from twhirl

I actually blogged a response to "twitter security threat" the day it was posted. http://tinyurl.com/5dlwfv - ax0n

@ax0n "Data Loss Prevention suites, Network Access Control, filtering web proxies and other technological solutions are only masking the problem while making it harder for your employees to work efficiently." Thank you for pointing me to your article. I couldn't agree with you more. - Jaica Kinsman

I love any company which worries about the loss of company information through electronic means but never looks after the information that leaves every company at the end of each day, only to return the next morning - the employee. - Ian D. Nock

I dealt with NAC during a windows 2008 course earlier this year. It's actually very interesting from a networking point of view in the way you can quarantine systems that aren't meeting your minimum requirements while on the same LAN. Of course, it's down to how strict you want to be but I would implement NAC on my network and limit it to requiring all network communications in IPSec. - alphaxion

Also, my ethos regards security on any network I run is that your biggest threat comes from those already on your network. This is where auditing and logs in combination with laying down the law of the company rule supreme rather than overly restrictive security policies. Inform staff they will be held personally accountable for data leaks and list what you consider a data leak. The balance then becomes providing enough security so that those who shouldn't be there can't run amock yet keeping useability. - alphaxion

@johnpiercy Well, I don't think @scobleizer minds rollicking streams/threads, he said on the election night he was visually scanning 3,600 RealTime FF Friends comfortably. Nevertheless your consideration toward others in the community is welcome and makes this a great place in which to participate. Anyway, thanks for fire-related injuries info - great point. - Micah Wittman

Great, Robert, you got me thinking - here's a how-to on stealing corporate data... http://enrique-gutierrez.com/2008... - Sociosophy Reviews from twhirl

you've forgotten things like IM clients, RDP connections with drive mapping, corporate externally facing HTTP servers where you can dump a few files on for transfer on the sly, VNC with file transfer, IRC with DCC, VPN connections, FTP servers running on tcp port 80 or 445 (won't work if they use DPI and IDS). - alphaxion

The point i made in my response to the article is that breach is a human problem, and any way a human can communicate or store data is a potential avenue of breach. Forget your RDP, DVD-Rs and secret encrypted tunnels. Think about printed documents, facts people remember in their head, and things of that nature. The same thing goes for "Twitter Terrorism" and the FUD about new communications technology being used by "the enemy". CB Radios or smoke signals might be the next terrorist threat! - ax0n

In short: Train and discipline employees instead of taking the defense after a breach. Hunt down and stop terrorists rather than monitoring for the same things they were doing two years ago. - ax0n

Yup, even something as simple as storing customer contacts on personal mobiles. Of course, the biggest security risk is your IT department. We control the gateways, the givers and takers of access. I knew one guy who got shafted by the company he worked for so in a fit of revenge he stole a copy of the CRM database and sold it onto their leading competitor. Treat employees as humans and afford them some trust. - alphaxion

@ax0n Train and discipline employees......Couldn't agree more! - Sheila Bailey