The OFFICIAL tech stuff thread

A Former User

Fuck these “Modern Solution” assholes. Seriously.

He discovered that the Modern Solution code made an MySQL connection to a MariaDB database server operated by the vendor. It turned out the password to access that remote server was stored in plain text in the program file MSConnect.exe, and opening it in a simple text editor would reveal the unencrypted hardcoded credential.

With that easy-to-find password in hand, anyone could log into the remote server and access data belonging to not just that one customer of Modern Solution, but data belonging to all of the vendor’s clients stored on that database server. That info is said to have included personal details of those customers’ own customers. And we’re told that Modern Solution’s program files were available for free from the web, so truly anyone could inspect the executables in a text editor for plain-text hardcoded database passwords.

…

In September 2021 police in Germany seized the IT consultant’s computers following a complaint from Modern Solution that claimed he could only have obtained the password through insider knowledge – he worked previously for a related firm – and the biz claimed he was a competitor.

Their fucking staggering incompetence is maddening enough but then to weaponize the legal system against the dude who reported it to them is immoral.

Jan 18, 2024

IT consultant in Germany fined for exposing shoddy security

Spotting a plaintext password and using it in research without authorization deemed a crime

Gators1

@Hog That’s kinda “programmer error” that caused that one, not modern solutions. Dealing with passwords can be a pain in the ass in those environments, but at the very least use an environment variable or preferably a secrets vault. Also the article is kinda mistitled as he wasn’t their consultant, but simply hacking without malicious intent. He didn’t have their permission to pen test their systems, so it was technically illegal. The whole thing could have been handled better by both the company and government.

A Former User

@Gators1 said in The OFFICIAL tech stuff thread:

@Hog That’s kinda “programmer error” that caused that one, not modern solutions.

Well that’s a really weird distinction. Presumably the programmer was an employee or contracted to modern solutions at the time it was written so it’s pretty much their fuck up any way you cut it. Modern Solutions as a corporate entity is a name in a registry and an articles of incorporation. “Modern Solutions” isn’t capable of anything, good or bad, if you are going to separate it from its people.

Gators1

@Hog said in The OFFICIAL tech stuff thread:

@Gators1 said in The OFFICIAL tech stuff thread:

@Hog That’s kinda “programmer error” that caused that one, not modern solutions.

Well that’s a really weird distinction. Presumably the programmer was an employee or contracted to modern solutions at the time it was written so it’s pretty much their fuck up any way you cut it. Modern Solutions as a corporate entity is a name in a registry and an articles of incorporation. “Modern Solutions” isn’t capable of anything, good or bad, if you are going to separate it from its people.

My bad, I was thinking “modern solutions” as an architectural approach…the buzzword. Missed that was the name of the company, but I am still trying to wake up here. Yeah, the company is ultimately responsible for it but I don’t know many people still hard coding credentials in their software distributions anymore given the options and current security risk environment. Ultimately whoever built that made some bad decisions.

Lob12

@Gators1 said in The OFFICIAL tech stuff thread:

@Hog said in The OFFICIAL tech stuff thread:

@Gators1 said in The OFFICIAL tech stuff thread:

@Hog That’s kinda “programmer error” that caused that one, not modern solutions.

Well that’s a really weird distinction. Presumably the programmer was an employee or contracted to modern solutions at the time it was written so it’s pretty much their fuck up any way you cut it. Modern Solutions as a corporate entity is a name in a registry and an articles of incorporation. “Modern Solutions” isn’t capable of anything, good or bad, if you are going to separate it from its people.

My bad, I was thinking “modern solutions” as an architectural approach…the buzzword. Missed that was the name of the company, but I am still trying to wake up here. Yeah, the company is ultimately responsible for it but I don’t know many people still hard coding credentials in their software distributions anymore given the options and current security risk environment. Ultimately whoever built that made some bad decisions.

Just go back to bed!

Gators1

@Lob12 said in The OFFICIAL tech stuff thread:

@Gators1 said in The OFFICIAL tech stuff thread:

@Hog said in The OFFICIAL tech stuff thread:

@Gators1 said in The OFFICIAL tech stuff thread:

@Hog That’s kinda “programmer error” that caused that one, not modern solutions.

Well that’s a really weird distinction. Presumably the programmer was an employee or contracted to modern solutions at the time it was written so it’s pretty much their fuck up any way you cut it. Modern Solutions as a corporate entity is a name in a registry and an articles of incorporation. “Modern Solutions” isn’t capable of anything, good or bad, if you are going to separate it from its people.

My bad, I was thinking “modern solutions” as an architectural approach…the buzzword. Missed that was the name of the company, but I am still trying to wake up here. Yeah, the company is ultimately responsible for it but I don’t know many people still hard coding credentials in their software distributions anymore given the options and current security risk environment. Ultimately whoever built that made some bad decisions.

Just go back to bed!

No time, I have many posts to make today!

A Former User

@Gators1 said in The OFFICIAL tech stuff thread:

@Hog said in The OFFICIAL tech stuff thread:

@Gators1 said in The OFFICIAL tech stuff thread:

@Hog That’s kinda “programmer error” that caused that one, not modern solutions.

Well that’s a really weird distinction. Presumably the programmer was an employee or contracted to modern solutions at the time it was written so it’s pretty much their fuck up any way you cut it. Modern Solutions as a corporate entity is a name in a registry and an articles of incorporation. “Modern Solutions” isn’t capable of anything, good or bad, if you are going to separate it from its people.

My bad, I was thinking “modern solutions” as an architectural approach…the buzzword. Missed that was the name of the company, but I am still trying to wake up here. Yeah, the company is ultimately responsible for it but I don’t know many people still hard coding credentials in their software distributions anymore given the options and current security risk environment. Ultimately whoever built that made some bad decisions.

At least a significant part of their business is SaaS (the part that’s detailed in the article) in which they are putting their customer’s data (apostrophe is significant) in the cloud so they absolutely need to be on top of shit like that.

Kilemall

@Lob12 said in The OFFICIAL tech stuff thread:

@Gators1 said in The OFFICIAL tech stuff thread:

@Hog said in The OFFICIAL tech stuff thread:

@Gators1 said in The OFFICIAL tech stuff thread:

@Hog That’s kinda “programmer error” that caused that one, not modern solutions.

Well that’s a really weird distinction. Presumably the programmer was an employee or contracted to modern solutions at the time it was written so it’s pretty much their fuck up any way you cut it. Modern Solutions as a corporate entity is a name in a registry and an articles of incorporation. “Modern Solutions” isn’t capable of anything, good or bad, if you are going to separate it from its people.

My bad, I was thinking “modern solutions” as an architectural approach…the buzzword. Missed that was the name of the company, but I am still trying to wake up here. Yeah, the company is ultimately responsible for it but I don’t know many people still hard coding credentials in their software distributions anymore given the options and current security risk environment. Ultimately whoever built that made some bad decisions.

Just go back to bed!

You gonna let a lawyer slap you around when code is on the line?

Gators1

@Kilemall said in The OFFICIAL tech stuff thread:

@Lob12 said in The OFFICIAL tech stuff thread:

@Gators1 said in The OFFICIAL tech stuff thread:

@Hog said in The OFFICIAL tech stuff thread:

@Gators1 said in The OFFICIAL tech stuff thread:

@Hog That’s kinda “programmer error” that caused that one, not modern solutions.

Well that’s a really weird distinction. Presumably the programmer was an employee or contracted to modern solutions at the time it was written so it’s pretty much their fuck up any way you cut it. Modern Solutions as a corporate entity is a name in a registry and an articles of incorporation. “Modern Solutions” isn’t capable of anything, good or bad, if you are going to separate it from its people.

My bad, I was thinking “modern solutions” as an architectural approach…the buzzword. Missed that was the name of the company, but I am still trying to wake up here. Yeah, the company is ultimately responsible for it but I don’t know many people still hard coding credentials in their software distributions anymore given the options and current security risk environment. Ultimately whoever built that made some bad decisions.

Just go back to bed!

You gonna let a lawyer slap you around when code is on the line?

It’s someone else’s code…I give zero shits.

Gators1

Fuck Google! Every time they launch some service and you get used to it, they fucking shut it down. I had Google music and now its gone. Just got into podcasts about a year ago and again they are shutting that shit down. Maybe I need to switch and be an appletard?

Tazz

Amazon scamma-ramma-ding-dong.

Jan 21, 2024  /  GPUs

Amazon sold a fake RTX 4090 FrankenGPU cobbled together using a 4080 GPU and board — scam card was found in a returns pallet deal

Repair shop diagnosis: no fix.

Kilemall

@Gators1 said in The OFFICIAL tech stuff thread:

Fuck Google! Every time they launch some service and you get used to it, they fucking shut it down. I had Google music and now it’s gone. Just got into podcasts about a year ago and again they are shutting that shit down. Maybe I need to switch and be an appletard?

Kept you from spending money on Apple so did it’s job.

Lob12

@Tazz said in The OFFICIAL tech stuff thread:

Amazon scamma-ramma-ding-dong.

Jan 21, 2024  /  GPUs

Amazon sold a fake RTX 4090 FrankenGPU cobbled together using a 4080 GPU and board — scam card was found in a returns pallet deal

Repair shop diagnosis: no fix.

Should’ve put it in the oven for 10minutes!

Gators1

Great, now Russia has the vaccine.

Jan 22, 2024  /  Cyberattacks

Russia-based group hacked emails of Microsoft’s senior leadership

The global tech giant has alleged that the cyberattack was carried out by a Russian threat actor Midnight Blizzard or Nobelium.

Tazz

The smallest motor in the world | Newswise

Gators1

Had dinner tonight with an IT VP from Amex tonight and he said they still use mainframes. WTF? Next I will learn that Facebook is fundamentally run on an abacus.

Kilemall

@Gators1 said in The OFFICIAL tech stuff thread:

Had dinner tonight with an IT VP from Amex tonight and he said they still use mainframes. WTF? Next I will learn that Facebook is fundamentally run on an abacus.

Something like 70% of financial does. Don’t want to work for them, sweatshops and if anything goes wrong they find the lowest ranking person they can pin it on and fire them.

Gators1

@Kilemall said in The OFFICIAL tech stuff thread:

@Gators1 said in The OFFICIAL tech stuff thread:

Had dinner tonight with an IT VP from Amex tonight and he said they still use mainframes. WTF? Next I will learn that Facebook is fundamentally run on an abacus.

Something like 70% of financial does. Don’t want to work for them, sweatshops and if anything goes wrong they find the lowest ranking person they can pin it on and fire them.

He was saying that the culture was good at Amex and they didn’t have retention issues. From his standpoint though it probably was.

Kilemall

@Gators1 said in The OFFICIAL tech stuff thread:

@Kilemall said in The OFFICIAL tech stuff thread:

@Gators1 said in The OFFICIAL tech stuff thread:

Had dinner tonight with an IT VP from Amex tonight and he said they still use mainframes. WTF? Next I will learn that Facebook is fundamentally run on an abacus.

Something like 70% of financial does. Don’t want to work for them, sweatshops and if anything goes wrong they find the lowest ranking person they can pin it on and fire them.

He was saying that the culture was good at Amex and they didn’t have retention issues. From his standpoint though it probably was.

The pressures are immense, every minute down is millions lost. The computers really are their business.

The one my fellow coworkers used to work at were allowed 1 hour of total downtime- on Christmas Day.

madrebel

@Kilemall pretty normal these days. For the amount of money AMEX spends on infrastructure every year, it better stay up.