|
I got roped into a call with a client mid... call (Im our lead developer) because our support guy couldn't answer some api questions. That's wierd because he is real good at it. Turns out I walked into a loving lions den. These people, like 5 of them on the phone, start asking me about our process for being deleivered an xls file for importing: "you transmit the file to us via our restful api, and we process it on our side." They ask about encryption: "The file is sent through https and uses SSL so it's encrypted while transmitting and on our systems via the data layer" I heard the smuggest condescending laughter in a professional setting ever "uhhh so WAIT, your saying its NOT encrypted???" Bruh I just said that its loving encrypted as you send it to me. Do you not trust the computer you are sending it from? Then they start talking about PGP keys for some reason, then talk about ftp. LOL Yea with ftp, or email, I see why you would wanna do pgp encrpytion. But get with it my dudes I got a restful api over https. OH, then they said "Well I'm sure you know MITM attacks could let you peer in the stream" yea sure, that sounds like a different loving problem though with your info sec people if your network is getting MITM
|
# ? Feb 10, 2018 08:23 |
|
|
# ? May 25, 2024 15:14 |
|
KoRMaK posted:I got roped into a call with a client mid... call (Im our lead developer) because our support guy couldn't answer some api questions. That's wierd because he is real good at it. God I hate that “I’m going to ambush” bullshit. A few years ago, I was on a call with one of our customer’s CISO and acting CIO (which should have been a warning sign right there) and some of their other executives. Apparently he was asking “hard questions” the accounts team couldn’t answer. I jump on and he starts grilling me about all the different wireless stuff we can detect and monitor. He asks for details between how we differentiate between events that look similar. I give him as much detail as I can without revealing secret-sauce type stuff. He seems satisfied. He then asks if there are certain types of wireless activities that “the Hacker” would do that we can’t see. And I replied “Sure, for instance if someone sat in your parking lot passively collecting all wireless packets that leak out of the building, short of looking out a window and seeing some sketchy dude in a car you won’t see that.” Dude blew up. That’s unacceptable! How are you unable to detect a completely passive act that doesn’t interact in a meaningful way with the RF profile at this location? (Not his words, but what his argument boiled down to) I told him no vendor is going to be able to do this.* I have friends and previous co-workers who are CISOs, and I’ve been offered that position at a smaller firm recently (offering less money than you would think, so pass). So at first I thought he was joking. He was not. He also kept using the phrase “soup to nuts” which almost annoyed me more than the WHY CAN’T YOU DO MAGIC explosion. At this point I pretty much realized he was probably new to the field and given the position because “he’s a good manager”. * - theoretically you *could*. But it would require some luck, really sensitive measurements, and the ability to eliminate all the typical attenuation and interference seen in an RF saturated business campus. So no, I can’t. Proteus Jones fucked around with this message at 09:06 on Feb 10, 2018 |
# ? Feb 10, 2018 09:04 |
|
The most valuable thing I learned in the last year is the difference between "threat" and "risk". Sometimes it's just not worth worrying about aliens hacking your gibson via laser guided dust bunnies.
|
# ? Feb 10, 2018 11:25 |
|
KoRMaK posted:I heard the smuggest condescending laughter in a professional setting ever "uhhh so WAIT, your saying its NOT encrypted???" We're in the process of deploying a web portal where customers will enter some information which will be put in an XML message and sent into our integration platform, and our "security" department is riding our rear end about sensitive information and how it has to be encrypted ALL the way. The client connection is https of course, and so is the connection between the web server and the ESB. Nothing is stored on the web server's file system, but they argue that because the information is unencrypted in the web server's memory it's completely insecure. This is the same security department who approved some random non-IT dude's (accidental) request for Domain Admin rights without questioning. Fortunately another team caught it and nixed the request before it could be fulfilled.
|
# ? Feb 10, 2018 13:56 |
|
Don't forget Slenderman.
|
# ? Feb 10, 2018 14:11 |
Weatherman posted:Don't forget Slenderman. Ignore me, I'm stupid. BlankSystemDaemon fucked around with this message at 17:36 on Feb 10, 2018 |
|
# ? Feb 10, 2018 15:30 |
|
D. Ebdrup posted:That's far from the only meme that SA has had a hand in: AYBABTU springs to mind as one of the first that got really big -I don't remember the whole story anymore as it's been way too loving long and I have chemo-brain now, but at the very least, Invasion Of The Gabber Robots is goon-made. It’s more people killing in the name of Slenderman.
|
# ? Feb 10, 2018 15:38 |
|
I think his point was About the girls who killed their friend because of slender man related mental problems.
|
# ? Feb 10, 2018 15:39 |
Oh gently caress, yeah, that happened.
|
|
# ? Feb 10, 2018 17:36 |
|
The girl they tried to kill survived. Still hosed up, but at least nobody actually died.
|
# ? Feb 10, 2018 17:39 |
fishmech posted:The girl they tried to kill survived. Still hosed up, but at least nobody actually died.
|
|
# ? Feb 10, 2018 17:40 |
|
fishmech posted:The girl they tried to kill survived. Still hosed up, but at least nobody actually died. I actually didn't know that and it makes it significantly better Still horrible of course
|
# ? Feb 10, 2018 17:54 |
Yeah, it's obviously not as black and white as I was making it out to be. I should know better, too.
|
|
# ? Feb 10, 2018 19:13 |
|
Collateral Damage posted:Are you one of our outsourcing partners?
|
# ? Feb 11, 2018 09:59 |
|
A study in X Y problems came in: Lady accidentally unplugged Ethernet cable from computer. It connected to the public WiFi. Because it's on public WiFi, she can't print anything. Lady is requesting internal WiFi key so she can print. It never crossed her mind to solve the problem by figuring out how to plug the computer back in.
|
# ? Feb 11, 2018 18:05 |
|
Ghostlight posted:I mean, it's stupid, but in all fairness it's barely been a month since a vulnerability that granted arbitrary access to the contents of a server's memory was widely publicised. I'm not sure what you could do to satisfy them, is it even possible to keep the information encrypted in memory in a way that is not immediately defeated by someone who has potential full access to all memory content?
|
# ? Feb 11, 2018 18:18 |
|
Judge Schnoopy posted:A study in X Y problems came in: I've started ripping the WiFi cards out of desktop PCs I set up for customers that have them because this always happens. Somehow the wired network gets disconnected, the user knows how to connect to WiFi, and the obvious happens from there leading to inevitable problems some time down the road.
|
# ? Feb 11, 2018 18:46 |
|
Speaking of that, companies that buy laptops instead of proper workstations. RAGE
|
# ? Feb 11, 2018 19:07 |
|
I have had to exclusively buy laptops the last two years. Everyone wants a laptop. Everyone. Out goes a desktop in comes another laptop. OH I NEED TO BE MOBILE I NEED TO WORK AT HOME I NEED TO WORK WHEN I TRAVEL I NEED TO WORK DURING MEETINGS. Then they come to me and complain that their laptop is "slow" when they perform crazy stat analysis. I now configure laptops with 16 gigs of RAM and 500-1TB SSDs, i7 whenever possible. O365 64 bit for everyone. Go ahead and open 20 emails and 30 pdfs and 40 spreadsheets you dumbfucks. I just want to earn more points on my credit card for buying all this poo poo! I have a few hundred bucks saved up on my Amazon account. I need to enjoy it before they finally implement a purchasing card program. Here's hoping it takes them a long time.
|
# ? Feb 11, 2018 19:35 |
|
I hope you use eBates too for the poo poo you buy on Newegg, or Dell, etc.
|
# ? Feb 11, 2018 19:43 |
|
I feel sorry for people working on reception desks who have to sit at a laptop all day at a desk chosen because it looked nice rather than for any ergonomic benefits at all.
|
# ? Feb 11, 2018 19:45 |
|
Those people get docking stations and eleventy monitors.
|
# ? Feb 11, 2018 20:52 |
|
Work gave me a quad core Xeon desktop workstation with 24GB of fast RAM and about 6TB of SSD+spinners. They also gave me a quad core workstation laptop because of on-call responsibilities. I use the laptop to RDP into the desktop to RDP into servers.
|
# ? Feb 11, 2018 21:12 |
|
I'm phasing out desktops for laptops. Our CRM is web based, our folders are redirected, and other line of business apps don't require heavy resources. For my users it's way more productive to take their laptop to a meeting than to have a beefy desktop.
|
# ? Feb 11, 2018 22:56 |
|
redeyes posted:Speaking of that, companies that buy laptops instead of proper workstations. RAGE I guess it really depends on the work being done, but the places I've worked for the past 10 years have only provided laptops, at least at the corporate level. 100% of our services run "in the cloud" and users only work from the office three days a week, so desktop workstations just wouldn't cut it. Judge Schnoopy posted:I'm phasing out desktops for laptops. Our CRM is web based, our folders are redirected, and other line of business apps don't require heavy resources. For my users it's way more productive to take their laptop to a meeting than to have a beefy desktop. Yeah, this.
|
# ? Feb 11, 2018 23:25 |
|
KoRMaK posted:I heard the smuggest condescending laughter in a professional setting ever "uhhh so WAIT, your saying its NOT encrypted???" Reminds me of meetings with gov security but in general I was told to let them score their points because a) they don't understand how you secure stuff in the Now I just get to fix fun stuff like making an OOM event not take out all of our infrastructure on a single continent Also, as far as the forums being monitored, that's waaaaaaaaay small change compared to what happens on a certain social media site every single time anyone interacts with it Collateral Damage posted:True, but I argue that if you're in a position to exploit that it wouldn't matter what measures we take because the server is owned anyway. It blows my mind how many times I've had this argument (I agree with you)
|
# ? Feb 12, 2018 01:10 |
|
I just replaced my work desktop with a T470 + USB C dock, so I have 3 usable screens. (I still use the desktop for tooling around in VMware workstation)
|
# ? Feb 12, 2018 02:08 |
|
"Why are emails being delayed? <whoever> sent me an email at 8:47 and it just came in at 9:07a." Should I reply with: "It's not called instant messenger" "Your fat rear end didn't even get to work until 8:52" "Rackspace is looking into it"
|
# ? Feb 12, 2018 15:19 |
|
"The NSA is short staffed"
|
# ? Feb 12, 2018 15:27 |
|
The pipes are full. It's not a big truck. Sending less emails to me will help unclog the pipes thanks
|
# ? Feb 12, 2018 15:27 |
|
Go thank Bill Gates for not making email faster.
|
# ? Feb 12, 2018 15:56 |
|
*nixers can do 90-95% of our entire jobs on a Pi Zero W. So if course I have a 2017 MBP with the i7, 16GB of RAM, and a 500GB NVMe SSD.
|
# ? Feb 12, 2018 16:47 |
|
Our standard accounting laptop is: Lenovo P51 512GB NVME 16GB RAM Because otherwise Excel doesn't work.
|
# ? Feb 12, 2018 16:49 |
|
Bob Morales posted:Because otherwise Excel doesn't work. it probably still doesn't
|
# ? Feb 12, 2018 16:53 |
|
Renegret posted:it probably still doesn't Those specs will be fine for a 20 x 70 spreadsheet. It's fine.
|
# ? Feb 12, 2018 16:57 |
|
yeah i'm 100% okay with giving finance and accounting overpowered laptops so they can brute force their way through pivot tables rather than calling us in
|
# ? Feb 12, 2018 16:58 |
|
What's 16gb and 512gb in this day and age anyway? Pretty standard stuff imo.
|
# ? Feb 12, 2018 17:00 |
|
Bob Morales posted:Our standard accounting laptop is: Wow... We go bottom of the barrel, because no one needs an i7 for office work. Other than servers, We don't have a single machine, desktop or laptop, that has more than 8GB and anything faster than a i5. i3 is far more common. SSD at the least is standard though, I don't get machines with HDDs anymore. i3/i5 4-8GB 128GB SSD Thats all anyone here needs.
|
# ? Feb 12, 2018 17:01 |
|
I'm not sure I've seen anything other than a macbook in use by anyone in any company I've been in since.. 2012 when some people still used Mac Pros.
|
# ? Feb 12, 2018 17:04 |
|
|
# ? May 25, 2024 15:14 |
|
stevewm posted:Wow... We go bottom of the barrel, because no one needs an i7 for office work. We do that for everyone, but we do a 256GB SSD because Windows likes hogging space, huge local OST/PST files, blah blah
|
# ? Feb 12, 2018 17:06 |