|
i am a moron posted:Client is having this problem with a bunch of body shops they work with. Fake resumes AND fake LinkedIns. poo poo is wild out there, and I honestly figured it was the recruiters doing this not the candidates lol If you interview well and have some fake IDs tied to a few bank accounts, there's good money on literally doing that exact thing, getting hired, and coasting/loving off/loving up/outsourcing the job and pocketing a month or six of pay. Or playing the 'my disability that I won't let you verify is preventing me from working until you send me $expensive thing' card.
|
# ? Feb 17, 2022 03:05 |
|
|
# ? Jun 4, 2024 17:54 |
|
Counter point - There are only so many ways you can describe a specific task and I have no problem with you cribbing off of some online description if you can actually do the thing you're claiming to be able to do. Bonus comedy option - have you checked the job posting to see if they aren't just all using the verbiage from your job posting? That's a really common thing to do and there's nothing wrong with it. Granted, the obvious typos give away the real game but in theory there's nothing wrong with it.
|
# ? Feb 17, 2022 03:20 |
|
It's not just the individual lines, the whole CV follows a set template, with just minor font changes between them. Just a huge bullet list of "professional skills" that your eyes quickly glaze over, with random words in bold. And yeah, repeated grammar mistakes across different CVs, top quality generator.
|
# ? Feb 17, 2022 04:50 |
|
NZAmoeba posted:It's not just the individual lines, the whole CV follows a set template, with just minor font changes between them. Some times thats the only way to get pass some HR resume bots.
|
# ? Feb 17, 2022 06:10 |
|
poo poo pissing me off: my boss and my boss's boss were both out of office today, when numerous things decided to catch fire and I had to basically be acting person in charge with basically a month under my belt at this new position. Not pissing me off: people actually took me seriously, respected that I am still green as hell with regards to specific internal policies and our product's unique nuances, and were okay with "I'm going to make note of this in Jira and escalate to $BOSS and $BOSS_BOSS when they're back tomorrow" I also got to de-escalate a hostile customer call and flex my title at them which is funny as poo poo because at $JOB-1 I was on a PIP for "failure to demonstrate customer empathy". No, I just get pissed off when shitters actively feed me wrong information, ask the same question multiple times trying to get me to give a different answer, or outright lie to me and refuse to own up to it when I catch them out in the lie.
|
# ? Feb 17, 2022 06:19 |
|
NZAmoeba posted:It's not just the individual lines, the whole CV follows a set template, with just minor font changes between them. Guess they took "kindly share your resume" literally
|
# ? Feb 17, 2022 12:34 |
|
speaking of fake resumes i read about this absolute king in the new york times today
|
# ? Feb 17, 2022 15:43 |
|
wargames posted:HR resume bots. Pisses me off and breaks my brain. I'm picturing one of these scanning my resume and going "...nope, no degree in Python, no degree at all!" and throwing me out despite (hypothetically) me having published 3 open-source projects and contributed meaningfully to half a dozen others, having a PEP under review, etc.
|
# ? Feb 17, 2022 16:26 |
|
D34THROW posted:Pisses me off and breaks my brain. I'm picturing one of these scanning my resume and going "...nope, no degree in Python, no degree at all!" and throwing me out despite (hypothetically) me having published 3 open-source projects and contributed meaningfully to half a dozen others, having a PEP under review, etc. https://twitter.com/mxcl/status/608682016205344768?lang=en
|
# ? Feb 17, 2022 16:37 |
|
xzzy posted:I once had a password that I had no idea what it actually was. When I was doing a reset I somehow made the same typo twice from typing too fast. The only way I could get around it was to turn off my brain and type what I wanted the password to be as fast as I could and hope I repeated the typo. I'm dealing with this right now. I somehow fat-fingered a change to the master password for my password manager, and now have no idea what it is.
|
# ? Feb 17, 2022 17:53 |
|
During my MSP stint, we had a backup admin that was setting the encrypted backup password via remote session and copy/paste. It took not being able to do two very important restores for two different clients to realize that when they were copying and pasting the password, clipboard was broken. So all of our client's backup chain passwords were wrong. That was a lot of fun.
|
# ? Feb 17, 2022 18:01 |
|
GreenBuckanneer posted:Our users don't typically have internet access outside of internal websites And this is exactly what I do for all the passwords for our credit card gateway website because it has quite possibly the most stupid password requirements I've ever seen. They actually limit the amount of possible passwords. Exactly 3 upper case letters, no more, no less. Exactly 3 lower case letters, no more, no less. 2 numbers 1 special character (but can't be < > " ' ; : or &) No repeating characters (66, 77, AA, etc..) No sequential characters (12, 34, ab, etc..) Far as I can tell it remembers at least the last 20 or so passwords, likely more. It forces a change every 30 days. Of course this still isn't as dumb as our credit card processors' website that has "2 factor" authentication that is bypassed with a single click. And it has been this way since it was introduced years ago. I've reported it multiple times and they just don't give a gently caress. You login, it asks for the code it sent to you. All you have to do is click the "User Settings" option that is for some reason on the 2FA code screen and it takes you right in. Entering the code is not required.
|
# ? Feb 17, 2022 18:20 |
|
stevewm posted:And this is exactly what I do for all the passwords for our credit card gateway website because it has quite possibly the most stupid password requirements I've ever seen. They actually limit the amount of possible passwords. I'm halfway tempted to Python this out and see just how many possible passwords there are
|
# ? Feb 17, 2022 19:37 |
|
Spent a lot of time today coming up with different ways of saying "you are asking questions that are covered in the documentation, have you tried looking there?"
|
# ? Feb 17, 2022 20:39 |
|
stevewm posted:And this is exactly what I do for all the passwords for our credit card gateway website because it has quite possibly the most stupid password requirements I've ever seen. They actually limit the amount of possible passwords. Does it care if there are repeated or sequential characters that aren't adjacent, ie a1a or a1b?
|
# ? Feb 17, 2022 20:50 |
|
Thanks Ants posted:Spent a lot of time today coming up with different ways of saying "you are asking questions that are covered in the documentation, have you tried looking there?" I've taken to literal copy & paste for a couple of questions that come up again and again. I realized that nobody was going to notice some grammatical oddities that don't precisely line up with the exact question asked. It's a necessity for sanity preservation
|
# ? Feb 17, 2022 20:58 |
|
eszett engma posted:Does it care if there are repeated or sequential characters that aren't adjacent, ie a1a or a1b? Nope, those are fine.
|
# ? Feb 17, 2022 20:59 |
|
stevewm posted:Nope, those are fine. I've run into systems where that wasn't the case and you had to think about where you wanted that 'e' to be because you could only use it once. Yes, it DOES greatly reduce the entropy of the password to have requirements like that, why do you ask?
|
# ? Feb 17, 2022 21:16 |
|
That's how you get everyone using variations on the password "QWErty!91" because it's easy and can be incremented 7 times before having to come up with something different.
|
# ? Feb 17, 2022 21:37 |
|
PremiumSupport posted:That's how you get everyone using variations on the password "QWErty!91" because it's easy and can be incremented 7 times before having to come up with something different. You basically just guessed my passwords. Because that is the exact pattern I use
|
# ? Feb 17, 2022 22:15 |
|
increment the letter, not the number. They'll never know! Assword4! Bssword4! Cssword4!
|
# ? Feb 17, 2022 22:23 |
|
stevewm posted:You basically just guessed my passwords. Because that is the exact pattern I use Put your finger on the left shift key and drag it to the right shift. Boom - throwaway password that works on nearly everything and takes no time to put in. I used to use it as the default password on trash VMs I'm going to throw out anyways and it always astounded everyone who saw me do it.
|
# ? Feb 17, 2022 23:36 |
|
In my last job post it password were rife but someone had managed to convince all the staff to literally write P******1 instead of Password1 So I was pretty relaxed about it
|
# ? Feb 18, 2022 01:06 |
|
Huh, I was not expecting to come back to this. I'm not a security guy, I am happy to be wrong, but I thought the common wisdom was that "common words smushed together" passwords were bad because dictionary attacks had incorporated that stuff. If that's different now it's news to me. Password stuff is weird, it feels like the "good" advice changes often, but I guess that's unavoidable as threat actors evolve.
|
# ? Feb 18, 2022 02:25 |
Passwordless is so nice, it blows my mind it didn't catch on sooner
|
|
# ? Feb 18, 2022 02:28 |
|
At work we've got reasonable complexity requirements, mixed case, alpha & numeric, plus a symbol. One year expiration. For personal or secondary accounts it's an 8-character minimum. But for a generic account, like the ones every lab shares for all of their machines, it's 15 characters. Fun fact, we used to have an 8-character maximum until the old HP-UX machines got retired; they had an 8-char maximum and AD had an 8-char minimum.
|
# ? Feb 18, 2022 03:11 |
|
guppy posted:Huh, I was not expecting to come back to this. I'm not a security guy, I am happy to be wrong, but I thought the common wisdom was that "common words smushed together" passwords were bad because dictionary attacks had incorporated that stuff. If that's different now it's news to me. Password stuff is weird, it feels like the "good" advice changes often, but I guess that's unavoidable as threat actors evolve. something like "correcthorsebatterystaple" is easy for humans to remember and hard for computers to guess either character by character or word by word. for char-by-char, entropy beats it and the math is quite easy - the allowed character pool to the power of the number of characters possible combinations. so for that, assuming all characters on a US keyboard are allowed, 96^26 possible combinations. for word-by-word, it's still hard enough for a dictionary attack to work that it'll take ages to guess, because you have to guess the right words in the right sequence. there's math to it but i'm not smart enough to write it out. it's, uh, well, every combination of words that could have 26 characters. still pretty hard. dictionary attacks are only really useful if someone is using a password like "Blue23!" or "Tr0ub4d0r?" because the password only includes one word, effectively, which can be guessed at by length.
|
# ? Feb 18, 2022 04:42 |
|
This is just manufacturing.txt but what the hell. Next week my factory is shutting down for a week for major service. Big stuff coming in, old stuff going out, rebuilds, PMs, etc. Stuff that's been planned in advance for months and months and absolutely cannot be rescheduled. As always, any time you're going to have a shutdown, in my entire career in manufacturing, there's always one customer that asks or one sales guy that promises 'just one more thing' that you always wind up scrambling to get out the door before you can shut down and start doing the shutdown work. Well, this year's last minute emergency is related to the upcoming fake drinking holidays (I work in liquor manufacturing) and they dropped a surprise must have order on Tuesday afternoon that would take about 10 shifts to complete. Unfortunately , there were only 7 shifts left in the week. We put everyone on immediate 12 hour shifts to run continuously, got support on line to super charge the line, and everyone was really driving hard and we were making excellent progress and by Wednesday afternoon, it looked like we were going to finish with plenty of time, spirits were high, the line was running better than it had in months, operators were fist bumping, and then overseas corporate management decided to drop another shift's worth on them because they were getting ahead. The operators were crestfallen and you could literally see on the rate graphs the minute they found out. We rallied, made rearrangements, twisted arms, and stepped it up another notch and got up to a rate where we would STILL finish on Saturday and not have to come in on Sunday. Until last night, when we ran out of loving bottles because they're across town in a locked warehouse with only daytime access held by a third party because some fuckass forgot to have them transferred on site and we're losing almost an entire shift until we can get them here. I'll be at work Saturday night past midnight into my 40th birthday. At least I won't have to leave work to start drinking.
|
# ? Feb 18, 2022 11:56 |
|
We have guy that forwards all kinds of cyber security news/alerts to the whole IT group So my boss gets the email about NEW WAY THAT HACKERS WILL STEAL YOUR IDENTITY Then I get a task created "Make sure we are doing the following" with a cut and paste from the email Enforce multifactor authentication. • Enforce strong, unique passwords. • Enable M365 Unified Audit Logs. • Implement endpoint detection and response tools. YES YES YES YES Jesus
|
# ? Feb 18, 2022 14:10 |
|
Yes, but the caveat is that you have to disable those things for anybody at and above VP level because Christ forbid they be bound by the same rules. But that is where the passwords are brute-forceable and the phishing attacks work. And the cycle continues. Our passwords at work suck. They're assigned to us, not something we chose. They used to be a combination of <first 4 of first name><first 4 of last name> with special and numeric characters as letters to mix things up. Now they're just random 8-character strings, with a number and 2 special characters (based on the two I've been assigned). They've changed twice in eight years, roughly - once after the entire system poo poo the bed, once after a Ryuk attack took us down for months. And the best part? Neither system was particularly secure. The name-based system shows about 8 hours on security.org; the current system around 2 days.
|
# ? Feb 18, 2022 15:31 |
|
So we found out today that we got passed over and the person who got picked for the Security SOX (auditing) position was someone with actual management experience but less seniority. I really am not interested at all in management, so what are my options here? This position seemed like it’d be pretty easy, running some scripts, making sure some reports that someone else generated are running correctly, maybe working with excel (meh), talking to VIP or whatever, meetings, etc that sort of thing. Sounded like attention to detail is key, and I already run reports (that are fed from our 30 year old PBX…) on our helpdesk stats. There’s potentially a path locally to helpdesk that’s basically assembling computers and doing more stuff like that, which sounds more interesting technically, but it’s only $25 an hour at best and is a dead end unless I try to maneuver into a server role, which is who knows what an hour. I think really in order to succeed (I’m 33) I should be in a role that’s at least $35 an hour instead. I don’t really have money saved up to pay for expensive certificates, but I’m considering starting to learn something about Security+, even if it means I have to find a job elsewhere (my state sucks rear end). Should I learn SQL or something? I’ve taken some classes on CISCO/JAVA/C and of course javascript/css/html/vb.net but that was all years ago and I didn’t particularly enjoy any of it. I don’t have a 4y degree but I have a 2y degree and almost a decade of helpdesk experience so I’d go out on a limb and say I’ve seen it all, more or less from that perspective. JIRA admin would be cool, I guess, but I don’t know anyone that’s hiring for that. I know I have the technical aptitude for more but I don’t really know what to move into that will pay “enough” and I’m immensely bored academically and emotionally in this role. GreenBuckanneer fucked around with this message at 20:03 on Feb 18, 2022 |
# ? Feb 18, 2022 19:59 |
|
stevewm posted:1 special character (but can't be < > " ' ; : or &) My favorite password requirement - a demonstration of lackluster input sanitization.
|
# ? Feb 18, 2022 22:29 |
|
I think I've mentioned this before but my favorite authentication thing happened a decade or two ago with an engineer who had bolloxed their wireless connection and was trying to reconnect to our network (which was protected with a simple WEP password that could be either 8 or 26 characters). Our password was eight ones ("11111111") and the guy couldn't connect and my mind was boggled because I was able to do it just fine. Turns out that he was counting out the numbers out loud as he was pressing the one key so as I watched him mash the one key he chanted: one - two - three - four - five - six - se - ven - eight Dude was pressing the one key nine times - one for each syllable.
|
# ? Feb 18, 2022 22:54 |
|
ff
|
# ? Feb 19, 2022 00:30 |
|
I hope you called him an ambulance because that sounds like some stroke level poo poo. edit: This week I finished an interview in about 7 minutes because a recruiter managed to gently caress up a job description and misrepresent the requirements completely. Sprechensiesexy fucked around with this message at 03:07 on Feb 19, 2022 |
# ? Feb 19, 2022 03:05 |
|
Sprechensiesexy posted:I hope you called him an ambulance because that sounds like some stroke level poo poo. I made it 10 minutes into one today before the recruiter dropped the "oh, this is 12-18 months contract to hire, no big deal right?"
|
# ? Feb 19, 2022 03:11 |
|
Sprechensiesexy posted:I hope you called him an ambulance because that sounds like some stroke level poo poo. under or over qualified? The last time this happened, some poor goon had to call back half a dozen candidates to apologize for laughing at their salary demands.
|
# ? Feb 19, 2022 03:24 |
|
KillHour posted:Put your finger on the left shift key and drag it to the right shift. Boom - throwaway password that works on nearly everything and takes no time to put in. I've got a handful of laptops in the field in the US that I recovered from a closed branch in Ireland. Turns out, Irish keyboard layouts are different than ours. Not just the symbols on the keys, but some of the key layouts themselves. I'm waiting for someone to get stung on something like this.
|
# ? Feb 19, 2022 05:52 |
|
Silly Newbie posted:I've got a handful of laptops in the field in the US that I recovered from a closed branch in Ireland. Even just different laptop models can have this and some keyboards just won't work with it at all. I wasn't actually suggesting anyone use that for anything important.
|
# ? Feb 19, 2022 06:01 |
|
|
# ? Jun 4, 2024 17:54 |
|
It's the tall enter key vs the short one and moving the backslash and tilde keys around. I struggle to type on a US layout as it turns out I hit enter towards the top.
|
# ? Feb 19, 2022 12:45 |