I just posted a reply in the thread Is SMS 2FA Sufficient Login Protection ?
However, before the Community site allowed the post, i had to remove one identified “bad word” from the content: p0?# (only actually spelled out). I substituted “adult entertainment magazines and videos” for that word and the post was allowed.
You have got to be kidding me!
Who in the world populated the “bad words” filter list for the site, and what do they think they are protecting us from ?
Focusing on the specific case, neither p0?# nor p0?#ography are inappropriate words, even though content that meets the definition of such may be improper here. In fact, in the infosec business we have specific need to discuss how to establish enterprise policies against p0?# in the workplace, how to enforce such policies, as well as how to inspect and filter for p0?3ography at network boundaries and inside enterprise data storage.
Come on, folks, how about the site administrators acting like professionals here and also treating the community members as professionals!
Like @Baechle, I did not take your use of "if..." to indicate a straw man argument. Monday-morning quarterbacking, a change as simple as "For example, if this forum were..." would have prevented this miscommunication. Other than a couple of solicitations to visit pirated movie sites (which were removed), all other censorship allegations have been disproven as Baechle has earlier suggested.
Pulling this back to a "security" discussion... my company blocks certain web sites that are NSFW (not safe for work). Do you feel this inappropriate and if so, what recommendations do you have to offer to help prevent Hostile Work Environment accusations? Taken a step further, we also block sites that are "Known malware infected". Is it appropriate for us to take central defensive actions so that the users can focus on being accountants, sales-critters and executives?
I'd be the first to agree that some form of "censorship" is important, partly to protect us from stumbling into bad stuff but equally so that we can be seen to be taking due care. My allusion above to blocking certain English counties was less of a complaint and more of an observation of the sort of well-meant thing that can trip us up. We still meet things like that and when we do the right thing is to give a wry grin, sort it out (if necessary) and move on.
In our line of work we are more likely than most to bump into the sort of preventive measures that we put in place for the protection of others. Happens to me all the time at work - it comes with the turf.
I quite like this community, as it happens...
> Baechle (Contributor III) posted a new reply in Customer Support on 08-06-2018
> This Community is still your Community
> even if you chose to deride it or abandon it. It represents (ISC)^2, its
> certifications, and certification holders whether you choose to participate or
That is *really* interesting statement ...
It has a certain perspective, does it not?
You're going to come across "the p word" in relation to phishing,
malware, drive-by downloads, all kinds of stuff that we need to look into.
... Time card fraud investigations ... Forensics ...
Ummm, I know you're generally on the "open" side, but even making this point
seems to be out of left field. Or indicates you're in the wrong field. We are the
professionally paranoid. We *look* for bad stuff. (At least, if we are any good at
I know you were making a point here about an overall security mind set with Tim. I think the word Paranoia can adequately describe folks in a state of mind that maybe need to take a break from the CompuSec/InfoSec world for a while. Proverbially, when we start seeing the face of hackers in our soup and pr0n on our toast, we have lost the ability to rationally explain risk.
It's absolutely healthy to evaluate someone's opinion on the impacts of censorship from a place of skepticism and test its legitimacy. All of our professional experiences, occupational activities, risk appetites, and security needs are different. Even if I didn't start out or end up agreeing with Tim in this application, I don't think it's very professional to accuse anyone that offers a position for discussion that doesn't agree with us as being bad at their job.
Maybe if you took all of your experience wrapped up with biases and paranoias to someone else's job, you'd be bad at it? I know it would be extraordinarily bad for my job.