Now that I have your attention

enable the usb ports moron

/thread

are you a retard?

>what is email?

are you a retard?
>what is email monitoring software?

Pretty much this

That's the thing is that they never actually approve things for you to put in you portfolio because they don't want you to leave and go to a competitor. Its kind of common practice for designers to violate company policy like this because in a way you are looking out for number one.

so you thik they have emial software that can identify the contents of a file and match it to one thats not allowed to leave their network?

its fairly obvious why you are a designer. you actually are retarded.

also...

>what are encrypted and passworded zip files?

For example: I have friends who are designers at Faraday Future. At the end of every day they get files off their work computer because the company could collapse at any second. In the meantime they can apply at other OEMs and have a backup plan for when the company inevitably crashes and burns.

You should have addressed this before you signed your contract

some us army faggot got thousands of the most sensitive files ever stolen out of the army on a CD labeled "celine dion" and you cant even get some sketches out of some third rate company?

how does it feel to know some transgender cocksucker is smarter than you?

1. I am not OP.
2. I do work in a confidential environment (automotive)
3. Any company sharp enough to switch off USB ports can be assumed to be smart enough to realise that emails can have attachments. You don't have to match files, you just have to look which accounts are sending attachments and where to. Cross-match destination email domains to legitimate client domains and anything that is not on the approved database could be industrial espionage or theft.

You're new at this computer and email thingy, aren't you?

also...
>what are encrypted and passworded zip files?
Se above

Thats standard in the auto industry and with the limited places you can actually work as a designer you would be an idiot for turning a job down because of that.

>disconnect Ethernet cable, block wireless board
>zip what you want, put a password
>reconnect
>mail it using your personal mail to a temp mail

now all you have to do is justify why you were disconnected briefly and why the stuff you want is in your disk and not the server

Eyy decent idea

yeah we used to disconnect like that when the usb ports were enabled. Might could work.

mostly what I've expected from Sup Forums thus far but there are some inklings of ideas here

and you seem to have bought into the bullshit your employer tells you.

>confidential
>automotive

amateur.

come back when you have government clearance.

and trust me. a single encrypted zip file on a single email will make it out of the network. anyone responsible for running the monitoring software will not bother to check single files.

youve seen far too much mr. robot to actually realise that IT security in the real world is shit, the monkey paid to monitor it couldnt care less and theres that much noise on a company email server shit gets missed all the time.

email monitoring, especially personal accounts. For example, the company I do consultancy work has blocked access to popular email clients like Gmail, even on guest accounts.

so you send it from your work email account and pick it up at home.

noone is talking about using a third party client.

OP here:

I've thought it was actually like this for a while. better to be safe I guess

eh, have you tried:
bluetooth
ip (LAN/WLAN whatever, get your own router & encryption so that tracking is less likely)
take picture of screen with other device(it's stupid but cannot be tracked without filming you)

...

Oh, that's interesting.

I wonder why a few months ago I was told that one of the suppliers working with us had used their email to mail an attachment (just the one) out of the business? Caused quite a stir; they knew when, what address it went to and the IP and location of the computer that sent it. Didn't know what was in it when it went out of the firewall, though, but as soon as it was flagged the file was opened and examined by IT.

Perhaps I imagined it, because you clearly know what you are talking about, what with government clearance, and all.

your pretty much retarded

if it is your job, IT will help you solve your problem. dont try to "fix" anything and just visit the IT dude thats in charge of your stuff.

tell him that you need access to your design stuff and he might even setup a remote accessable storage (possibly even with vpn) where you can store your files that you need to "share" between work place and home.

there are plenty of solutions that you dont need to do anything for.

dont fuck things for yourself up and just go to the IT department/dude/admin

>told

yeah sure, anecdotes are evidence.

So, what's your profession exactly? Using confidential shit for your portfolio may get you fucked even if the management doesn't find out directly. Anyone who sees that material may suspect something, and tip the original company off. Also, if you work with computers, why don't you just know, or at least try searching for, how to reenable the USB ports?
Unless you're working in security (which it doesn't sound like) or military/high tech, high profit it's probably just a matter of user accessible settings. It's still a fucking stupid idea, you're going to get caught, and your material is probably kept secret for a reason.

deep package inspection is nothing new and if your company has a half good firewall it should run on all traffic you got

OP here:
Just for future reference; we used to put all of our images into one photoshop file with every image as a separate layer and put something like a dentist form as the top layer and then save it out as a photoshop PDF. This made it so that when you opened the PDF with adobe acrobat, then you would only see that top layer. Once you opened it in photoshop later, then you could get all of the images in the >200mb PDF file.

Not anecdotal. I was told by IT that the supplier had done it - I was the nominated contact for that particular supplier. I had to speak to the manager of the supplier to tell him that one of their staff had breached the T&Cs they had signed up to.

But carry on not believing if you want - no skin off my nose and it clearly makes you happy

thats monkey level security
if you want something secure you encrypt

I'm a car designer at a major american manufacturer. Reenabling copying files from the hard drive to a flash drive via usb requires an admin password.

Precicely. I've no idea what technology the IT guys use (I'm mech eng)

You tell this fuckwit, will you? He doesn't want to believe me

really like this gal.

OP here:
It is totally monkey level security haha but it made us feel better. Will encrypt next time. Thanks for making me realize that was dumb.

...

if you have something worth to hide one should always expect that someone knows what they are looking for. security through obfuscation is a meme. if your security doesnt rely proveable factors that work even if everybody knows the mechanics its useless.

So what you're trying to leak is production designs when it comes to cars? You don't see the danger of this, more than financial burden on the company?
I get what you want to do, but if you want to use that shit for your portfolio you'll have to do some designs that aren't contractually owned by the company. You will get fucked in the ass.

As to how to get this going, assuming you're willing to risk your job, your future career and everything to 'put together a portfolio' (no, I don't believe this is your motive, but I'm not here to tell you the moral reasons not to, you might want to leak something that actually deserves leaking) you'll have to get access to the admin account, which probably is a lot easier than you think, considering you're already established at the company in question.
Social engineering will get you a long way, but you may have to spend some time figuring out some minor hacks to get enough material for you to work with.
>newly employed at an IT security company

Call me stupid or whatever..

But why don't you just print that shit on the office epson, roll it up and take it home. If you're going for a real life job you can take it with you. Or you can use a scanner to get it back to digital format.

That said, if you're going for a job and one of the things you outline in your portfolio is that you don't respect confidential material, maybe it's best you don't go there.

This

And change the file extension to .mov or .wmv (don't pack it in a binder it could flag as threat in the firewall), send it from the personal email at lunch break under some innocuous email like "fred's new hunting cabin" something boring like that.

>youve seen far too much mr. robot to actually realise that IT security in the real world is shit, the monkey paid to monitor it couldnt care less and theres that much noise on a company email server shit gets missed all the time.

Can confirm, but you have to imagine the possibilities of outsourced security.
>currently working for a company only dealing in security
>making sure your refrigerators aren't getting malicious software updates, turning them into zombies
>part of our daily routine is facepalming at our customers previous security solutions

how do you have the rendering software at home if the company won't let you take home the work?

The production stuff is whatever because the actual car will be out. Most of the stuff that I'm interested in are things like sketches for a concept car that got cancelled or sketches that were proposed for a program(car) that were not chosen as a theme. It's not exactly like I'm giving away secrets when I send off my portfolio. Thanks for the tip on getting an admin password though.

Thats not crazy at all, just very time consuming.

>rendering software

it's photoshop, dude. Not exactly hard to get. I'm just talking about jpgs.

You serious?
You poor?
You stupid?
You stupid and poor?
Torrent last years version.

see
Who cares if it's time consuming, you've just wasted an hour talking on here about it.

Assuming the ports are disabled via group policy or other software, boot from a linux distro and copy the files to a USB stick.

If the software doesn't run, it can't block the ports.

Thats not a bad idea actually. Would they be able to tell if I ran linux for a bit?

Disconnect from network.

It will simply be like you shutdown your computer.

Can the USB ports be activated with the jumpers on the motherboard? Passwd protection could be still on but doesn't matter anymore. Reseal the screws afterwards.

...

Could you run the linux with liveCD?

brilliant. thank you sir.

Yep

my work does this. no restrictions on burning CDs though so I copy data that way.

Attach artwork to email with no recipient
Save as draft.
Log into email profile off site and download

I've heard of other guys doing this as well but wouldn't IT be able to tell that you uploaded something?

you can run a livecd but you can't burn the pictures on a cd? wat?

Well, if they've got absolute admin control of their email domain they'll be able to tell what ip address the download was made to, do you have access to a vpn?

I never mentioned burning pictures to a CD.

Once in linux, the USB ports should work.

OP here:
I don't but that wouldn't be a bad thing to have anyway.

But they'll still see the vpn access your email profile, unless you open a vpn connection from inside to an outside device, they'll see packets going out but won't be able to see what it is.

Also setting up a vpn on a ddwrt router is super easy and free.
I do residential IT on the side and have a vast array of vpn's if I need to obscure my location

The admin can disable burning option without disabling the CD/DVD player. Player is now read-only.

If you go through this much trouble, try Teamviewer portable and transfer the files to your home computer.

Thats a good tip, actually. Thanks.

I use Evernote all the time for docs. It syncs flawlessly across devices. If management asks, just tell them it's a to do list

CBA to read so idk if this was mentioned but every time you insert or remove any USB device, it's logged. If you did it before, you already left a trail.

Are you sure it's not a broken USB device or a broken USB port? Do your keyboard and mouse still work?

If your employer isn't ok with you moving your own work from the workplace to your house, my primary suggestion would be to just recreate it at your house and not risk losing your job over it.

Short of that, best deniability bet would be to rent a Russian-hosted VPS and a serve malware from it via a spoofed email to your address. Make it something akin to what Eastern European spear-phishing malware campaigns look like (fake job application with infected PDF/DOC, url to a JDB or similar victim-initiated attack vector). "Fall for it" and play dumb if you're caught.

This guy fucks!

>rent a Russian-hosted VPS and a serve malware from it via a spoofed email to your address.

They did exactly that just some years ago.

Doesn't work that well anymore because instead of ID'ing incoming shit, the scanners have advanced low level AI based blocks for sorting the incoming traffic. It's quite good nowadays and if the admin knows what he is doing, chances are this doesn't work anymore.

They upgrade our computers every couple of years so the new ones won't let you copy to a flash drive via usb. When I copied stuff it was from another person's machine that hadn't been swapped for a new one.

I can recreate how I laid images out on a page but recreating the actual sketch is pretty damn difficult. Remember this is artwork we are talking about here.

That last part is probably a little beyond my capabilities. I'm an artist/designer, not an engineer/programmer

krasivaya!

yes. this.

then hex encode your entire image file and send 1Kb blocks of it as a get parameter to a site you own that seems innocent and work-related (won't be on any blacklists provided the domain wasn't previously registered and is served from a reputable host) and reconstruct from apache logs later. E.g.

www.blahblahengineering.org/{first 1kb of your file in hex}
www.blahblahengineering.org/{second 1kb of your file in hex}
www.blahblahengineering.org/{third 1kb of your file in hex}
www.blahblahengineering.org/{Nth 1kb of your file in hex}

set the page to set a cookie and increment cookie each visit. have different content (all relevant to work) for each counter # in this cookie

Fucked once when I was 17 and haven't since then, so no, I've fucked, as in past-tense singular.

ok, makes sense
still surprising that third party boot is not protected/disabled in the bios then

he was quoting Silicon Valley but at least you're honest

problem with
?