Home > IT Blogs > Enterprise IT Watch Blog > IT Security: Oversharing in the Forums?
>>VIEW ALL POSTS  

Enterprise IT Watch Blog

«
»
Feb 3 2011   3:38PM GMT

IT Security: Oversharing in the Forums?



Posted by: MelanieYarbrough
Security

Member Batye recently reviewed Stealing the Network: The Complete Series Collector’s Edition for our Bookworm Blog. It’s a collection of fictional stories that takes a look at the possibilities available to hackers with some time and bad intentions. While the collection is meant to be an aid to ethical hackers and security professionals looking to be proactive, it brings up a moral dilemma. How can you ever ensure that the knowledge you’re passing on will be used for good rather than evil?

A question was recently posted in the IT Forums regarding embedding executable files into a JPEG, a common tactic for spreading malware to unsuspecting end users. The community responded with mixed feelings toward the intentions of the asker. Who draws the line between helping out your fellow IT professionals and providing ill intent with the recipe for possible harm?

The simple answer is that no one draws that line except for you. IT Knowledge Exchange doesn’t expect you to provide any information you feel uncomfortable disclosing, and that goes for answering deceivingly innocuous questions. Member Chippy088 shares his own philosophy on the dilemma:

[It's] not a good idea to help everyone without thinking about their reason for the question first.

Have there been circumstances in your tech career that have made you uncertain about passing on your own knowledge? What are some nuggets of advice you’d want to pass on to those who are new to IT Knowledge Exchange or IT in general?

Melanie Yarbrough is the assistant community editor at ITKnowledgeExchange.com. Follow her on Twitter or send her an email at Melanie@ITKnowledgeExchange.com.

  Bookmark and Share     Comment     RSS Feed     Email a friend

Comment on this Post

Leave a comment:

TomLiotta  |   Feb 3, 2011  8:45 PM (GMT)

Simple contributions to ITKE can pose questions of ethics in varying degrees.

This appeared in ITKE recently — [A href="http://itknowledgeexchange.techtarget.com/itanswers/sql-command-question/"]SQL command question[/A].

The comment that was eventually accepted was a direct implementation of the ‘Answer’ that was rejected earlier. The reason for the rejection was unclear. It seemed as if the submitter was unfamiliar with SQL and databases.

So, was this person a student asking a ‘homework’ question? The ITKE site discourages answering homework, but some details didn’t seem to quite fit with homework.

So, was the submitter a non-IT person trying to develop an application? Maybe this was a small-business person trying to do some work without adequate staff.

What ethics come into play? Should we provide answers that eliminate a need to hire a DBA? Is that the mission of ITKE, to reduce the IT job demand? Should we blindly provide work-product for free when qualified people are out of work?

In the discussion under that thread, I mentioned that a DBA (or someone knowledgeable in SQL) would normally be able to fulfill the request that was in the question. The comments in reply from the submitter were negative towards a suggestion of hiring someone.

There is no good way to know the consequences of sharing knowledge. The question that I linked above is an example of when I stopped to consider my effects on others. It’s not an isolated example from me at all, but maybe it’s one that matches the question you asked.

Tom