|
Lightning Jim posted:From a co-worker on me showing him this I read that in my best David Attenborough voice, as it should be.
|
# ? Jul 6, 2020 20:49 |
|
|
# ? Apr 19, 2024 00:04 |
|
Yeah, when that happens I immediately call my manager and let her know what's going on, then send an email to the infosec director, then usually resolve it so that someone would have to go looking for it in the ticketing system in order to run across it. Maximum CYA. Also if someone requests that I reset someone else's password so that the requester can log on to the other person's account, that gets a denial and email to my manager. This is almost always clients that we help with some aspect or another of their company sending it to us, so our HR can't do anything. Also I don't trust any HR people to not look at it and say "I don't see the problem, I gave my assistant/boss my logon in case I was out of the office."
|
# ? Jul 6, 2020 20:53 |
|
In bad MSP days I had a client that maintained a spreadsheet of everyone’s passwords, then printed it out and gave copies to everyone, so literally everyone knew everyone else’s password. I had another client that made us turn off the password complexity rules so they could make everyone’s password “pass” There were a couple other clients that made all of their employees use the same password, but at least they followed the default complexity rules. My wife’s work has the office manager “manage” everyone’s passwords and the employees aren’t allowed to change their own passwords. This is so the office manager can log into anyone’s email at will. All but one of these examples are doctors offices. The other is a law practice.
|
# ? Jul 6, 2020 21:05 |
|
OMFG I loving LIVE for this poo poo, having a pretty contentious relationship with infosec and trying to navigate the alternate idiocy and malicious intent they waffle between. loving Mitch, man. We all know one. AlexDeGruven fucked around with this message at 21:16 on Jul 6, 2020 |
# ? Jul 6, 2020 21:08 |
|
silicone thrills posted:lol my company has dongles for licenses that are tens of thousands of dollars. holy poo poo I could not imagine just randomly destroying one with out reaching out to every business owner in the company even it it wasn't well labeled. That’s the backstory for the dongle drawing. Civil engineering firm, had to have a specific piece of expensive as gently caress software on an individual’s computer. I was sick the week it arrived, so I emailed the dude installation instructions. I did not specify that the USB dongle should be inserted somewhere that it wouldn’t have to be touched, like the back of the computer. He plugged it into the port on the bottom front of his desktop, which was kept under his desk. I got a call a couple weeks later saying he bent his dongle and could I run to Staples and get a new one? Like it’s that fuckin easy? Just a 20 dollar part at the office supply store lol? gently caress you, Kurt. That poo poo is two grand and it’s gonna take a week to get a replacement shipped to Bumbfuck, Montana because you’re too loving stupid to not kick your loving computer.
|
# ? Jul 6, 2020 21:12 |
|
Dirt Road Junglist posted:That’s the backstory for the dongle drawing. Civil engineering firm, had to have a specific piece of expensive as gently caress software on an individual’s computer. I was sick the week it arrived, so I emailed the dude installation instructions. I did not specify that the USB dongle should be inserted somewhere that it wouldn’t have to be touched, like the back of the computer. Step one: don't put your computer on the floor where all the dirt is, not to mention your (apparently uncontrollable) feet.
|
# ? Jul 6, 2020 21:21 |
|
WE GOT HIM!
|
# ? Jul 6, 2020 21:45 |
|
|
# ? Jul 6, 2020 22:37 |
|
sfwarlock posted:USB Mass Storage Device ("thumbdrive") not even close to the funniest thing about this but this is maybe the most convoluted way to write out USB flash drive. why is it capitalized
|
# ? Jul 6, 2020 23:04 |
|
an actual dog posted:why is it capitalized Lemme tell you a little bit about people like Mitch... Probably Asperger's.
|
# ? Jul 6, 2020 23:12 |
|
Thumbs Drive™
|
# ? Jul 6, 2020 23:23 |
|
AlexDeGruven posted:Lemme tell you a little bit about people like Mitch... There's no way that everyone that Capitalizes Letters More Than Necessary To Make Them Sound Important has aspergers.
|
# ? Jul 6, 2020 23:53 |
|
22 Eargesplitten posted:There's no way that everyone that Capitalizes Letters More Than Necessary To Make Them Sound Important has aspergers. Never in the History of the World
|
# ? Jul 7, 2020 00:31 |
|
"You TAM's need to generate The Reports that I asked For." - a customer email
|
# ? Jul 7, 2020 00:31 |
|
AlexDeGruven posted:OMFG I loving LIVE for this poo poo, having a pretty contentious relationship with infosec and trying to navigate the alternate idiocy and malicious intent they waffle between. In some places it's a Jeremy, not a Mitch. (ugh)
|
# ? Jul 7, 2020 00:34 |
|
xsf421 posted:In some places it's a Jeremy, not a Mitch. (ugh) I've had more issues with a particular person that's not here anymore, personally. But yeah.
|
# ? Jul 7, 2020 00:35 |
|
|
# ? Jul 7, 2020 01:50 |
|
New thread title is
|
# ? Jul 7, 2020 02:05 |
|
Thanks Ants posted:Agreed, it could have been used to boot the server and run some sort of tor silkroad site from, pulling it out and shredding it is the dumbest thing you could possibly do if the aim is to actually improve security. Surely leaving it attached and alerting the security team so more investigation can take place is step 1. You do not want to be risky. ponzicar posted:What if it grows little robot legs and plugs itself into the CEO's laptop? Clearly taping a label to it that says "Found in server XYZ, do not use" and locking it into a desk drawer isn't good enough. Although in my datacenter days I saw a chain of adapters on a dongle to eventually convert it to USB at least a foot long that kept the cab from closing
|
# ? Jul 7, 2020 02:44 |
Back when they were parallel port passthru dongles they would sag and break off after three or four deep lol
|
|
# ? Jul 7, 2020 02:47 |
|
silicone thrills posted:lol my company has dongles for licenses that are tens of thousands of dollars. holy poo poo I could not imagine just randomly destroying one with out reaching out to every business owner in the company even it it wasn't well labeled. I got a USB dongle in the mail once that contained the floating Micromine license we relied on to run the models for seven underground mines. It came in the mail like this. That is how you treat a multi-thousand dollar USB dongle.
|
# ? Jul 7, 2020 02:54 |
|
Data Graham posted:Back when they were parallel port passthru dongles they would sag and break off after three or four deep lol
|
# ? Jul 7, 2020 03:01 |
|
Arquinsiel posted:Not if you cable tie the whole lot together and then to the rack! That reminds me of a dumb thing I did. Put a license USB on a keyring, put the keyring through one of the fan-hole perforations on the back of the server then brazed the ring together with plumbers solder and a propane torch and used a usb extension cable to plug it in.
|
# ? Jul 7, 2020 03:22 |
|
Memento posted:I got a USB dongle in the mail once that contained the floating Micromine license we relied on to run the models for seven underground mines. It came in the mail like this. The HP toner box just kills me, holy poo poo.
|
# ? Jul 7, 2020 05:20 |
|
DumbparameciuM posted:The HP toner box just kills me, holy poo poo. HP INK cart box. Off a $40 inkjet.
|
# ? Jul 7, 2020 07:01 |
|
DumbparameciuM posted:The HP toner box just kills me, holy poo poo. you give the printers in PDR Laos far too much credit
|
# ? Jul 7, 2020 07:04 |
|
Just for the heck of it, most servers and mid- to higher end workstations now have usb ports directly on the motherboard, inside the case. Mostly used for having a bootable ESX installation, but also for high-value dongle scenarios.
|
# ? Jul 7, 2020 07:28 |
|
GnarlyCharlie4u posted:That reminds me of a dumb thing I did. Put a license USB on a keyring, put the keyring through one of the fan-hole perforations on the back of the server then brazed the ring together with plumbers solder and a propane torch and used a usb extension cable to plug it in. That’s how my college’s graphic design labs did, more or less. There was a girthy metal strap thru the dongles on the back of every Mac that was looped thru the lock hole and soldered shut. You could unplug it, to troll someone mostly, but it wasn’t going anywhere. Expensive rear end tech debt, tho. Those things were already outdated by the time I got there and let’s be real, “trained on Quark Xpress” is not something I want on my resume these days. And motherfucking PUCK MICE.
|
# ? Jul 7, 2020 07:32 |
|
Dirt Road Junglist posted:That’s how my college’s graphic design labs did, more or less. There was a girthy metal strap thru the dongles on the back of every Mac that was looped thru the lock hole and soldered shut. You could unplug it, to troll someone mostly, but it wasn’t going anywhere. Expensive rear end tech debt, tho. Those things were already outdated by the time I got there and let’s be real, “trained on Quark Xpress” is not something I want on my resume these days. I took some graphic design courses in 2004 like that too—we even had Zip drives to save our work on for the extra laughs.
|
# ? Jul 7, 2020 08:25 |
|
You youths. For one of my modules, and I am not joking on this, we handed in hand-written assembly printed on greenbar on a dot matrix printer. At best we handed stuff in on 3.5" floppy.
|
# ? Jul 7, 2020 10:38 |
|
We still have a dot matrix with green bar used to print off system/36 code but it’s been a long time.
|
# ? Jul 7, 2020 13:19 |
|
poo poo, it's not even an old person thing. In my college course on MS SQL, the instructor required a handwritten final. Handwritten. SQL.
|
# ? Jul 7, 2020 14:17 |
|
All my finals were handwritten, though it wasn't that long ago, like 15 years?
|
# ? Jul 7, 2020 14:44 |
|
My finals were handwritten when I went back to finish in 2017. It's the standard here.
|
# ? Jul 7, 2020 14:55 |
|
My introductory programming course in 2004 was COBOL.
|
# ? Jul 7, 2020 15:24 |
|
Kurieg posted:My introductory programming course in 2004 was COBOL. If you stuck with it you'd be a super hot commodity making serious bank.
|
# ? Jul 7, 2020 15:25 |
|
My C & C++ midterms and finals were handwritten as well. 2013/14 somewhere in there I think.
|
# ? Jul 7, 2020 15:48 |
|
Thanks Ants posted:Agreed, it could have been used to boot the server and run some sort of tor silkroad site from, pulling it out and shredding it is the dumbest thing you could possibly do if the aim is to actually improve security. Surely leaving it attached and alerting the security team so more investigation can take place is step 1. This is correct. You don't just take immediate action because the bad actor will know about it and cover their tracks. Sheep posted:My C & C++ midterms and finals were handwritten as well. 2013/14 somewhere in there I think. So this is why so many interviews insist on doing coding questions by hand. KillHour fucked around with this message at 16:01 on Jul 7, 2020 |
# ? Jul 7, 2020 15:50 |
|
Dirt Road Junglist posted:I dunno if I shared it here already, but have an autobiographical drawing from a time when I also had to deal with dongles I had to make this call once. At OldJob, I was migrating a server to new hardware. The old server, an ancient behemoth, had a serial dongle for software licensing, but I had gotten a USB dongle for the new server. During the data migration and setup, I had plugged the USB into a front panel port on the new server, with the intention of walking around to the back of the cabinet and plugging it into one of the rear ports when I was done. So hours later, I finished the migration, new server up and running, software humming along, and without thinking, I swung the cabinet door closed. It promptly rebounded back at me. "Hmmm," I thought, "Latch must be stuck." So I lifted to cabinet door latch and shoulder butted it closed - to the sound of breaking plastic. Turns out the licensing dongle was just a little too long to fit in the front panel with the door closed. I had quite effectively shortened the dongle, but alas, I had also messed up whatever circuitry was inside. I had to make a meek call to our account rep to have another dongle sent (free of charge, provided I mailed them the remains of the old dongle).
|
# ? Jul 7, 2020 16:10 |
|
|
# ? Apr 19, 2024 00:04 |
|
sfwarlock posted:An IT Saga, in three acts plus a coda. sfwarlock posted:Act IV sfwarlock posted:Act V I usually only lurk this thread, but this story is wonderful and I simply must re-quote the whole thing for the benefit of future generations.
|
# ? Jul 7, 2020 16:13 |