[Ilugc] Breaking blocked access in my office

[Pothuraju, Naga Deepak]

Well..you guys came really hard on me, but never mind cuz I was kind of expecting this as it happens frequently on this list. First of all let me make my intentions clear - It was to learn & not exactly to break/hack something that the company owns. You people should have answered the question & then disclaimed not to hold you responsible for, even if not in the public mailing list.

>> OMG.. OP is using his company email id.. :o

You are probably not reading the email properly. I have NO access to any kind of email, what were you thinking when you said that?

It is totally fine not to help or answer about something, I thought, you guys were good at. Rather than hitting the nail on its head, you guys were beating around the bush repeatedly. And I am not drunk when I sent this email to the list & I am grateful for all those guys so very concerned about my job & career. A special mention to somebody who has even spoken about being jailed. :) You should have realized that I would learn how to do it some way or the other.

> This thread interested me just out of curiosity to know if someone had mailed a technical answer to the question asked. I have broken e-mail accounts, >reverse engineered the DES cryptosystem  and generally played a lot with crypto.I am also very good at physically breaking locks and entering a house >without a key. ;) Anyway it calls for ingenuity and resourcefulness and of course purity of intent. If you are sure that you are doing something >conscientious and meaningful then just go ahead. ;) So what if they fire you? Find another job. I got fired from every job for no fault of mine. Anyway >lest us focus now. (Most likely they won't even know any of this)

The summary of the lines mentioned above was my intention. Thanks Girish to have at least said something rather than just giving FREE advice about my career like the others did [though they were being nice to me..err..my career! ;)].

> What if the OP is not just a frustrated teen in an office but anti-social enough to cause harm ? what if ...
Nothing much would have happened...then we would have had one less topic to learn - 'Ethical Hacking'! Have you asked the same question to yourself before learning things?


>also don't send emails from your corporate email ID which always carry a big tail called "disclaimer", better to think before act on something
The whole email was asking to suggest something else!

I guess we could drop this off right here & delete it off the mailing list if my idea's still feels murky on your minds. Putting the mailing list at risk has never been in my mind. Thanks to all those who tried to at least discuss & not advice.


Regards
_________________________________________________________
N Deepak P


-----Original Message-----
From: ilugc-bounces at ae.iitm.ac.in [mailto:ilugc-bounces at ae.iitm.ac.in] On Behalf Of Prem Kurian Philip
Sent: Thursday, June 10, 2010 8:51 AM
To: ilugc at ae.iitm.ac.in
Subject: Re: [Ilugc] Breaking blocked access in my office


> On Wed, Jun 9, 2010 at 4:27 PM, Girish Venkatachalam
> <girishvenkatachalam at gmail.com> wrote:
>> Rule? What rule? Why should you care about it? You can get around
>> every such rule if you are clever and know the big picture. And of
>> course you should have access to the right tool and have lot of
>> perseverance.
>
> Stop misleading others.  Encouraging someone to break the rules
> is immature and irresponsible.
>
> Organizations don't arbitrarily create rules.  They are made because
> of 1) govt compliance regulations, 2) IT security policies enforced
> by their customers, and 3) industry best practices.
>
> It may be a prank for you, but breaking company security policies also
> harms the entire organization as the company's reputation and business
> is at stake.  Eg. would you trust your money with a bank that has a poor
> security policy?

Good point.

To the original poster - please refrain from doing this. You can always go
home and check your emails what not.

If you want to learn how to hack, please do it on your own infrastructure
or get a clearance in writing from your boss to test the corporate
network's security.

If you are trying to bypass your companies security without written
permission, please be forewarned that these sorts of hack attempts are
usually logged and it will be very easy to trace the hack back to you.

If an hack attempt is detected (especially originating from within the
company's network), it can be very expensive for the company to determine
if the hack was successful, if any computers have been compromised, what
data has been stolen/manipulated etc, to close all loop holes etc.. So you
will be in a LOT of trouble if you are seen as the perpetrator and you
could easily face jail time and stiff fines.

NO ONE is going to be believe you when you say that you went to all that
effort to just check email and chat. The assumption will always be that
your hack was to steal or manipulate sensitive information and that you
may very well have accomplices both within and outside the organization.

Regards,
Prem




_______________________________________________
ILUGC Mailing List:
http://www.ae.iitm.ac.in/mailman/listinfo/ilugc






This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is 
intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to 
read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message 
in error, please notify the sender immediately and delete all copies of this message.