|
the secfuck-e/n crossover we never asked for
|
#
?
Aug 17, 2019 18:37
|
|
|
|
| # ? Apr 28, 2024 13:57 |
|
|
Carbon dioxide posted:https://twitter.com/virginmedia/status/1162756227132198914 holy poo poo
|
|
#
?
Aug 17, 2019 21:55
|
|
|
Might as well get rid of passwords altogether and just make it illegal to access somebody else's account.
|
|
#
?
Aug 17, 2019 22:02
|
|
|
Richard loving Branson
|
|
#
?
Aug 17, 2019 23:27
|
|
|
the virgin brightline vs. the chad tri-rail
|
|
#
?
Aug 17, 2019 23:58
|
|
|
Someone should try to see if they can get Virgin Media to tell them the email addresses that are using a certain password. "My password is 12345 but I just can't remember what email I used. Can you look it up for me?"
|
|
#
?
Aug 18, 2019 00:46
|
|
|
hot poo poo, luv 2 advertise to the world that i, a genius, store plaintext passwords
|
|
#
?
Aug 18, 2019 01:17
|
|
|
https://twitter.com/virginmedia/status/1162643986013708288
|
|
#
?
Aug 18, 2019 01:30
|
|
|
social media person: hey how do we get users to reset their passwords? tech: there's a form you fill out, that gets sent to the server as a POST request, and then we mail them the recovery password social media person: say no more
|
|
#
?
Aug 18, 2019 01:57
|
|
|
Oh hey it's Austrian TMobile 2: Branson Boogaloo
|
|
#
?
Aug 18, 2019 01:57
|
|
|
i've started following this thread again for less than a week and this goddamn cavalcade of incompetence is already making me feel like poo poo for somehow being stuck where i am while there's apparently organizations with more than 2 digits users willing to pay people to store passwords in plaintext like what the gently caress i can make you a db schema with text fields for both users and passwords. i'll even throw in an index or two for free. give me a bonus and i'll throw that poo poo in mongodb or an open s3 bucket if that's what you want how do you even get the critical mass of incompetence required for this these days
|
|
#
?
Aug 18, 2019 03:07
|
|
|
because there is no incentive to do better. it doesn't matter if you do or don't
|
|
#
?
Aug 18, 2019 03:10
|
|
|
ok then how do i get in those "get paid to not give a gently caress" jobs? that might not be infosec per se but i'd expect people here to know their nemesis
|
|
#
?
Aug 18, 2019 03:19
|
|
|
Do you have any relatives that are around VP level?
|
|
#
?
Aug 18, 2019 03:23
|
|
|
cram cissp
|
|
#
?
Aug 18, 2019 03:25
|
|
|
taqueso posted:Do you have any relatives that are around VP level? no guess that's the problem Potato Salad posted:cram cissp what in the name of gently caress would make you thing i want anything to do with actual infosec work? you get shat on by managers looking to trim their budgets in the best of times, you get torn apart by execs when something gets breached i know enough to stay away from that whole dumpster fire. all i'm saying is i know how to google "how to store passwords" which apparently puts me above a whole lot of people yet i'm stuck figuring out how best to shove vertices and bump maps up some gpu's rear end for less than i'd like
|
|
#
?
Aug 18, 2019 04:03
|
|
|
bcrypt
|
|
#
?
Aug 18, 2019 04:04
|
|
|
Change gotta be management driven. Gotta get that governance and policies in place to push real, meaningful security.
|
|
#
?
Aug 18, 2019 04:37
|
|
|
you gotta be the sticky note with this quarters password on it
|
|
#
?
Aug 18, 2019 04:38
|
|
|
Deep Dish Fuckfest posted:i know enough to stay away from that whole dumpster fire. all i'm saying is i know how to google "how to store passwords" which apparently puts me above a whole lot of people yet i'm stuck figuring out how best to shove vertices and bump maps up some gpu's rear end for less than i'd like hi graphics buddy, is your place hiring
|
|
#
?
Aug 18, 2019 05:14
|
|
|
Deep Dish Fuckfest posted:i've started following this thread again for less than a week and this goddamn cavalcade of incompetence is already making me feel like poo poo for somehow being stuck where i am while there's apparently organizations with more than 2 digits users willing to pay people to store passwords in plaintext i just applied for a job with a large organization and updated my profile on their job website they helpfully emailed me my password in plaintext in the email confirming the changes i made
|
|
#
?
Aug 18, 2019 05:22
|
|
|
There *are* incentives to be better. If European companies pulled this poo poo they'd be in for huge fines. That's why >90% of the 'companies are stupid' stuff in this thread isn't European.
|
|
#
?
Aug 18, 2019 07:25
|
|
|
Deep Dish Fuckfest posted:no see also: why I’m just gonna stick to being a software dev and make all the security holes instead of even attempting to join the club of hackers
|
|
#
?
Aug 18, 2019 07:37
|
|
|
Deep Dish Fuckfest posted:what in the name of gently caress would make you thing i want anything to do with actual infosec work?
|
|
#
?
Aug 18, 2019 08:03
|
|
|
Carbon dioxide posted:There *are* incentives to be better. the uk is still part of europe for now
|
|
#
?
Aug 18, 2019 08:22
|
|
|
Carbon dioxide posted:There *are* incentives to be better. it just means it's harder to see the elementary secfucks the euros are making. plus small orgs are still immune by virtue of no one giving a poo poo
|
|
#
?
Aug 18, 2019 10:16
|
|
|
Wiggly Wayne DDS posted:they mentioned cissp though
|
|
#
?
Aug 18, 2019 13:10
|
|
|
holy poo poo cissp
|
|
#
?
Aug 18, 2019 14:59
|
|
|
Deep Dish Fuckfest posted:no learn how to make apps with javascript and nodejs and get a job doing that if you want to spend your time being incompetent and contributing nothing of value to anyone like me
|
|
#
?
Aug 18, 2019 19:09
|
|
|
if you're looking to update your testing phones, the unc0ver jailbreak just updated to work on the current version of iOS (12.4)
|
|
#
?
Aug 18, 2019 21:41
|
|
|
Deep Dish Fuckfest posted:ok then how do i get in those "get paid to not give a gently caress" jobs? that might not be infosec per se but i'd expect people here to know their nemesis if you have a degree its super easy. i wandered into mine with no effort.
|
|
#
?
Aug 19, 2019 14:54
|
|
|
unless you meant like, being actively negligent.
|
|
#
?
Aug 19, 2019 14:57
|
|
|
surprising no one: https://twitter.com/faker_/status/1163187161652506624
|
|
#
?
Aug 19, 2019 17:00
|
|
|
Wiggly Wayne DDS posted:surprising no one: oh hey webmin is still a thing, i remember using that when i was like, 14 and didn't know how to linux at all  though even back then i was smart enough not to expose it to the external internet
|
|
#
?
Aug 19, 2019 17:15
|
|
|
lol nice, open source managing to be owned such that auditing the code won’t find anything (nobody will ever audit the code either)
|
|
#
?
Aug 19, 2019 19:37
|
|
|
Special Characters are dumb (ambiguous characters is my main complaint, also the inconsistency is allowed characters), just make a longer minimum length and use numbers+upper/lowercase.
|
|
#
?
Aug 19, 2019 23:58
|
|
|
ate poo poo on live tv posted:Special Characters are dumb (ambiguous characters is my main complaint, also the inconsistency is allowed characters), just make a longer minimum length and use numbers+upper/lowercase. Excluding basic punctuation from passwords is dumb. But so is their 10 character max.
|
|
#
?
Aug 20, 2019 00:36
|
|
|
Trabisnikof posted:Excluding basic punctuation from passwords is dumb. But so is their 10 character max. I no longer regret that time someone said we should limit passwords to 250 characters and I didn’t push back
|
|
#
?
Aug 20, 2019 09:43
|
|
|
https://twitter.com/GossiTheDog/status/1163753873351356417?s=20 Hmm what's the over/under this is a secfuck or just an IT outage.
|
|
#
?
Aug 20, 2019 12:47
|
|
|
|
| # ? Apr 28, 2024 13:57 |
|
|
Shame Boy posted:oh hey webmin is still a thing, i remember using that when i was like, 14 and didn't know how to linux at all i suddenly started getting regularly asked for "access to the cpanel" by a few of our clients in tyool 2019 and i'm like  every time1. i don't have that poo poo are you insane 2. i can give you ssh access if you supply me a static ip for the firewall and a public key https://www.youtube.com/watch?v=NGPHFNR5Gms&t=45s
|
|
#
?
Aug 20, 2019 13:07
|
|
