The OFFICIAL tech stuff thread
-
Every time my contract renews (ie every three months) I lose access to systems I need to do my job. It takes up to a week to sort it out. Every time they refresh the non-production systems from the production system - same loss of access and time to restore. We add a ridiculous number of objects to the same security profiles to avoid the 6 to 8 week lead time it takes to get the security to create a new one. My Zscaler PRA session locks every ten minutes regardless of whether I’m still working on my desktop and won’t let me copy / paste my 128 bit password in from KeepassXC so it incentivizes the shortest and crappiest passwords you can get by with. Some policy change they made for Teams on Android recently would have required me to install some extra Microsoft security thing that ceded control of my personal phone to the company and I thought, well that’s easy, I’ll just uninstall Teams. No more pinging me out of hours when the SHTF, you’ll have to wait until Monday when I log in to the desktop client.
I could go on and on but IT where I work is a dumpster fire in general. In fact I’d have to estimate that since I started I’ve either been locked out of the tools I need or they are broken for > 5% of the time I’ve worked there. One recent issue meant I couldn’t work for nearly two weeks and I had AMS, BT and Cognizant bounce me around between the three companies while IT middle management were begging someone to fix it so I could support the business.
It was shocking to me when I started at that place but everyone is like that’s the way it is.
-
That sounds bad Hog. If security makes it that difficult to do your job, then they are failing at theirs. In theory there should be pushback from your department leadership, not to reduce security but to find more efficient tools or whatever to accomplish their objectives without disrupting productivity.
-
-
Nice…so next question, what made Bo so fast in Tecmo Bowl?
-
DEI?
It also took me a year.or two before I found out you could use the controller to move the ducks
-
@Hog said in The OFFICIAL tech stuff thread:
so it incentivizes the shortest and crappiest passwords you can get by with
this is so dumb and the fact companies still do this is … frustrating.
This was from when again? 2012?
-
@madrebel said in The OFFICIAL tech stuff thread:
@Hog said in The OFFICIAL tech stuff thread:
so it incentivizes the shortest and crappiest passwords you can get by with
this is so dumb and the fact companies still do this is … frustrating.
This was from when again? 2012?
-
@madrebel said in The OFFICIAL tech stuff thread:
@Hog said in The OFFICIAL tech stuff thread:
so it incentivizes the shortest and crappiest passwords you can get by with
this is so dumb and the fact companies still do this is … frustrating.
This was from when again? 2012?
That’s assuming it’s accidental. May be government types tipped the hands in the scales to keep accounts hack able when they want to.
OTOH with AI amuck guessing people’s pet plain word phrases may be simpler.
-
Conversing with people who are responsible for these security policy issues, when you can find them, is worse than trying to talk to a wall.
In order to log into my banking site, I have to use a user ID and Passcode and then a code generated by an RSA token associated with my account.
Why must I change the passcode every 3 months. I remember about 20 more than passcodes as it is without changing any of them!
My investment house used to use a User ID and Passcode and then on the next page you had to pick one of about 50 images and then type the caption. So I chose a bunch of red grapes and the caption was Pinot Noir. Then one day, they went back to User ID and passcode on the same page and eliminated the images. I bitched like a mad-man to no avail.
Banking (company)
Banking (private)
ATM (company)
ATM (private)
Investment house (Me)
Investment house (wife)
SSN Gov ID
Northwell Health
NYU Langone Health
Quest Diagnostic
Bioreference Labs
Sunset Labs
Honeywell thermostats
Honeywell alarm system(s)
Digital door locks
various old-school combination keyless padlocks
Various and sundry customer VPN logins including VMWare Horizon accounts (also RSA token-protected)
Verizon business accounts
Verizon private accounts
The list goes on.I’m a fucking boomer! I do not reuse passcodes.
How the fuck wilI I remember all of this shit when I actually get old!!!"laissez les bons temps rouler!"
-
@Kilemall said in The OFFICIAL tech stuff thread:
@madrebel said in The OFFICIAL tech stuff thread:
@Hog said in The OFFICIAL tech stuff thread:
so it incentivizes the shortest and crappiest passwords you can get by with
this is so dumb and the fact companies still do this is … frustrating.
This was from when again? 2012?
That’s assuming it’s accidental. May be government types tipped the hands in the scales to keep accounts hack able when they want to.
OTOH with AI amuck guessing people’s pet plain word phrases may be simpler.
fair point.
-
@Jam said in The OFFICIAL tech stuff thread:
Conversing with people who are responsible for these security policy issues, when you can find them, is worse than trying to talk to a wall.
In order to log into my banking site, I have to use a user ID and Passcode and then a code generated by an RSA token associated with my account.
Why must I change the passcode every 3 months. I remember about 20 more than passcodes as it is without changing any of them!
My investment house used to use a User ID and Passcode and then on the next page you had to pick one of about 50 images and then type the caption. So I chose a bunch of red grapes and the caption was Pinot Noir. Then one day, they went back to User ID and passcode on the same page and eliminated the images. I bitched like a mad-man to no avail.
Banking (company)
Banking (private)
ATM (company)
ATM (private)
Investment house (Me)
Investment house (wife)
SSN Gov ID
Northwell Health
NYU Langone Health
Quest Diagnostic
Bioreference Labs
Sunset Labs
Honeywell thermostats
Honeywell alarm system(s)
Digital door locks
various old-school combination keyless padlocks
Various and sundry customer VPN logins including VMWare Horizon accounts (also RSA token-protected)
Verizon business accounts
Verizon private accounts
The list goes on.I’m a fucking boomer! I do not reuse passcodes.
How the fuck wilI I remember all of this shit when I actually get old!!!That’s actually a good point. In my efforts to manage my dad’s shit, I have been dealing with companies very reluctant to allow me access to his accounts even though I have a POA. How does the government verify lost passwords or prevent hacking and shit? “Hi government, my name is Jam and I am a huge Kamala supporter and need my password to vote for her! What’s my passphrase? Some shit about wine or something. No? Shitty British car? I am in! Thanks!”
Not to mention the Democrats will flip out if the access is difficult and it prevents morons from voting.
-
@Jam said in The OFFICIAL tech stuff thread:
Conversing with people who are responsible for these security policy issues, when you can find them, is worse than trying to talk to a wall.
In order to log into my banking site, I have to use a user ID and Passcode and then a code generated by an RSA token associated with my account.
Why must I change the passcode every 3 months. I remember about 20 more than passcodes as it is without changing any of them!
My investment house used to use a User ID and Passcode and then on the next page you had to pick one of about 50 images and then type the caption. So I chose a bunch of red grapes and the caption was Pinot Noir. Then one day, they went back to User ID and passcode on the same page and eliminated the images. I bitched like a mad-man to no avail.
Banking (company)
Banking (private)
ATM (company)
ATM (private)
Investment house (Me)
Investment house (wife)
SSN Gov ID
Northwell Health
NYU Langone Health
Quest Diagnostic
Bioreference Labs
Sunset Labs
Honeywell thermostats
Honeywell alarm system(s)
Digital door locks
various old-school combination keyless padlocks
Various and sundry customer VPN logins including VMWare Horizon accounts (also RSA token-protected)
Verizon business accounts
Verizon private accounts
The list goes on.I’m a fucking boomer! I do not reuse passcodes.
How the fuck wilI I remember all of this shit when I actually get old!!!Often you can just talk them into bypassing all security and doing what you want, so it’s really twice stupid.
-
@tigger said in The OFFICIAL tech stuff thread:
@Jam said in The OFFICIAL tech stuff thread:
Conversing with people who are responsible for these security policy issues, when you can find them, is worse than trying to talk to a wall.
In order to log into my banking site, I have to use a user ID and Passcode and then a code generated by an RSA token associated with my account.
Why must I change the passcode every 3 months. I remember about 20 more than passcodes as it is without changing any of them!
My investment house used to use a User ID and Passcode and then on the next page you had to pick one of about 50 images and then type the caption. So I chose a bunch of red grapes and the caption was Pinot Noir. Then one day, they went back to User ID and passcode on the same page and eliminated the images. I bitched like a mad-man to no avail.
Banking (company)
Banking (private)
ATM (company)
ATM (private)
Investment house (Me)
Investment house (wife)
SSN Gov ID
Northwell Health
NYU Langone Health
Quest Diagnostic
Bioreference Labs
Sunset Labs
Honeywell thermostats
Honeywell alarm system(s)
Digital door locks
various old-school combination keyless padlocks
Various and sundry customer VPN logins including VMWare Horizon accounts (also RSA token-protected)
Verizon business accounts
Verizon private accounts
The list goes on.I’m a fucking boomer! I do not reuse passcodes.
How the fuck wilI I remember all of this shit when I actually get old!!!Often you can just talk them into bypassing all security and doing what you want, so it’s really twice stupid.
Mostly you have to convince them you’re the right person so they don’t eat a loss from fraud.
https://i.imgur.com/hX2CMMZ.jpg
Never go full Lithu-
TwainNo editing is gonna save you now-
Wingmannhttp://s3.amazonaws.com/rrpa_photos/72217/DSC_2528.JPG
http://s3.amazonaws.com/rrpa_photos/20416/PTOB 101_resize.jpg
-
@Kilemall said in The OFFICIAL tech stuff thread:
@tigger said in The OFFICIAL tech stuff thread:
@Jam said in The OFFICIAL tech stuff thread:
Conversing with people who are responsible for these security policy issues, when you can find them, is worse than trying to talk to a wall.
In order to log into my banking site, I have to use a user ID and Passcode and then a code generated by an RSA token associated with my account.
Why must I change the passcode every 3 months. I remember about 20 more than passcodes as it is without changing any of them!
My investment house used to use a User ID and Passcode and then on the next page you had to pick one of about 50 images and then type the caption. So I chose a bunch of red grapes and the caption was Pinot Noir. Then one day, they went back to User ID and passcode on the same page and eliminated the images. I bitched like a mad-man to no avail.
Banking (company)
Banking (private)
ATM (company)
ATM (private)
Investment house (Me)
Investment house (wife)
SSN Gov ID
Northwell Health
NYU Langone Health
Quest Diagnostic
Bioreference Labs
Sunset Labs
Honeywell thermostats
Honeywell alarm system(s)
Digital door locks
various old-school combination keyless padlocks
Various and sundry customer VPN logins including VMWare Horizon accounts (also RSA token-protected)
Verizon business accounts
Verizon private accounts
The list goes on.I’m a fucking boomer! I do not reuse passcodes.
How the fuck wilI I remember all of this shit when I actually get old!!!Often you can just talk them into bypassing all security and doing what you want, so it’s really twice stupid.
Mostly you have to convince them you’re the right person so they don’t eat a loss from fraud.
Thankfully, I have never been able to convince anyone to bypass security and I can be very persuasive.
I did have am amusing experience once during a verification process.
Here goes . . .
And I guaranty that you will be entertained . . .
I went through a rather laborious oral/verbal authentication process with a financial institution and my patience was running very thin after about ten minutes.
I was asked my date of birth, which I provided . . .
Then I was immediately asked how old was i?“You fucking moron, I yelled! You just asked me my fucking birthday and now you want to know how old I am? What kind of a jerk are you, you idiot!!!”
“Sir, please calm down.”
“I’m not calming the fuck down you jackass! I’ve had about as much of you as I can stomach, asshole!”
"Sir, please . . . "
“The reason we ask how old a person is, just after asking their date of birth is that most scammers can’t answer the question without having to pause and try and compute the age of the person they are impersonating . . . and this has actually been a good way to know whether one is speaking to the right person.”
Pause . . .
More pause . . .
“Actually make sense,” says I.
“I guess I failed the test then?” -
@Kilemall said in The OFFICIAL tech stuff thread:
@tigger said in The OFFICIAL tech stuff thread:
@Jam said in The OFFICIAL tech stuff thread:
Conversing with people who are responsible for these security policy issues, when you can find them, is worse than trying to talk to a wall.
In order to log into my banking site, I have to use a user ID and Passcode and then a code generated by an RSA token associated with my account.
Why must I change the passcode every 3 months. I remember about 20 more than passcodes as it is without changing any of them!
My investment house used to use a User ID and Passcode and then on the next page you had to pick one of about 50 images and then type the caption. So I chose a bunch of red grapes and the caption was Pinot Noir. Then one day, they went back to User ID and passcode on the same page and eliminated the images. I bitched like a mad-man to no avail.
Banking (company)
Banking (private)
ATM (company)
ATM (private)
Investment house (Me)
Investment house (wife)
SSN Gov ID
Northwell Health
NYU Langone Health
Quest Diagnostic
Bioreference Labs
Sunset Labs
Honeywell thermostats
Honeywell alarm system(s)
Digital door locks
various old-school combination keyless padlocks
Various and sundry customer VPN logins including VMWare Horizon accounts (also RSA token-protected)
Verizon business accounts
Verizon private accounts
The list goes on.I’m a fucking boomer! I do not reuse passcodes.
How the fuck wilI I remember all of this shit when I actually get old!!!Often you can just talk them into bypassing all security and doing what you want, so it’s really twice stupid.
Mostly you have to convince them you’re the right person so they don’t eat a loss from fraud.
Do bureaucrats really care though? They don’t eat the fraud, we do.
-
-
@Gators1 said in The OFFICIAL tech stuff thread:
@Kilemall said in The OFFICIAL tech stuff thread:
@tigger said in The OFFICIAL tech stuff thread:
@Jam said in The OFFICIAL tech stuff thread:
Conversing with people who are responsible for these security policy issues, when you can find them, is worse than trying to talk to a wall.
In order to log into my banking site, I have to use a user ID and Passcode and then a code generated by an RSA token associated with my account.
Why must I change the passcode every 3 months. I remember about 20 more than passcodes as it is without changing any of them!
My investment house used to use a User ID and Passcode and then on the next page you had to pick one of about 50 images and then type the caption. So I chose a bunch of red grapes and the caption was Pinot Noir. Then one day, they went back to User ID and passcode on the same page and eliminated the images. I bitched like a mad-man to no avail.
Banking (company)
Banking (private)
ATM (company)
ATM (private)
Investment house (Me)
Investment house (wife)
SSN Gov ID
Northwell Health
NYU Langone Health
Quest Diagnostic
Bioreference Labs
Sunset Labs
Honeywell thermostats
Honeywell alarm system(s)
Digital door locks
various old-school combination keyless padlocks
Various and sundry customer VPN logins including VMWare Horizon accounts (also RSA token-protected)
Verizon business accounts
Verizon private accounts
The list goes on.I’m a fucking boomer! I do not reuse passcodes.
How the fuck wilI I remember all of this shit when I actually get old!!!Often you can just talk them into bypassing all security and doing what you want, so it’s really twice stupid.
Mostly you have to convince them you’re the right person so they don’t eat a loss from fraud.
Do bureaucrats really care though? They don’t eat the fraud, we do.
Banks are the least forgiving employers, ever.
Pretty much any unscheduled downtime, an IT employee is getting fired.
-
What moron at CrowdStrike thought this was a good idea:
CrowdStrike faces backlash as ‘thank you’ gift cards are blocked
$10 UberEats vouchers sent to people who helped after global IT outage are flagged as potential fraud
Sending people who probably didn’t sleep for 96 hours because of your companies fuckup a $10 gift voucher would be the definition of adding insult to injury. Those $10 gift vouchers being blocked for fraud when people tried to redeem them…
-
Secure Boot is completely broken on 200+ models from 5 big device makers
Keys were labeled “DO NOT TRUST.” Nearly 500 device models use them anyway.
tl;dr Hundreds of computer models have their secure boot installations protected by a single key. That key was uploaded to GitHub and “encrypted” with a four digit password that was trivially brute forced.
Edit: bottom of that article lists the devices affected.
-
Ex-Twitter dev reminisces about finding 700 unused Nvidia GPUs after takeover — forgotten cluster was ‘powered on and idle’
- YouTube
Ex-Twitter dev reminisces about finding 700 unused Nvidia GPUs after takeover — forgotten cluster was 'powered on and idle'
