Watch out for these fucking bug bounty idiots.

Some time back I got an email from one shortly after making a website live. Didn't find anything major and just ran a simple tool that can suggest security improvements simply loading the landing page for the site.

Might be useful for some people but not so much for me.

It's the same kind of security tool you can search for, run it and it mostly just checks things like HTTP headers. A harmless surface test. Was nice, polite and didn't demand anything but linked to their profile where you can give them some rep on a system that gamifies security bug hunting.

It's rendering services without being asked like when someone washes your windscreen while stopped at traffic but no demands and no real harm done. Spammed.

I had another one recently though that was a total disgrace.

"I'm a web security Analyst. My Job is to do penetration testing in websites to make them secure."
"While testing your site I found some critical vulnerabilities (bugs) in your site which need to be mitigated."
"If you have a bug bounty program, kindly let me know where I should report those issues."
"Waiting for response."

It immediately stands out that this person is asking for pay before disclosing vulnerabilities but this ends up being stupid on so many other levels.

The second thing that stands out is that he says he's doing a penetration test. This is illegal in most major countries. Even attempting to penetrate a system without consent is illegal.

In many cases if it's trivial or safe no harm no foul but in this case I take a look at what he's sending and he's really trying to hack the site. Sending all kinds of junk data and sending things to try to inject that if they did get through could cause damage or provide sensitive data such as trying SQL injects to get user data.

It doesn't matter the intent it's breaking criminal law and when there's the potential for damages that's serious.

It cannot be understated how unprofessional this is. Irrespective of intent, being a self proclaimed "whitehat" or "ethical hacker" if they test this on a site and some of the commands they sent my way had worked then that would have been a data breach.

These weren't commands to see if something was possible, they were commands to extract data. If some random person from Pakistan extracts sensitive data then that's a breach that has to be reported and disclosed to users with the potential for fines and other consequences.

The sad thing is looking at the logs he's doing it all manually. Copying and pasting extremely specific snippets into all the input boxes of hacked with nothing to do with the stack in use. He can't get that many hits that way.

When Amazon asks if my email address is all lower case... The desire to make it an informative moment that email addresses are not case sensitive is outweighed by my desire to resolve my issue as fast as possible.

I had to do a double take... Needless to say I can't sign in for shit, fucknows what mental finger dance I did on the shift key when signing up to these guys...

Also: forgotten password is "please type your email, if there's an account associated to this email address we'll fucking email it with password reset instructions"...

Fucking arsehole fucks, I just wanna pay my fucking energy bill.

This is a repost of an original rant posted on a request for "Community Feedback" from Atlassian. You know, Atlassian? Those beloved people behind such products as :

• Thing I Love™
• Other Thing You Used One Time™
• Platform Often Mentioned in Suicide Notes, Probably™*

Now this rant was written in early 2022 while I was working in an Azure Cloud Engineer role that transformed into me being the company's main Sysadmin/Project Manager/Hiring Manager/Network Admin/Graphic Designer.

While trying to simultaneously put out over 9000 fires with one hand, and jangling keys in the face of the Owner/Arsonist with the other, I was also desperately implementing Jira Service Desk. Normally this wouldn't have been as much of a priority as it was, but the software our support team was using had gone past 15 years old, then past extended support, then the lone developer died, then it didn't work on Windows 10, then only functioned thanks to a dev cohort long past creating a keygen....which was now broken. So we needed a solution *now*.

The previous solution was shit of a different tier. The sight of it would make a walking talking anthropomorphised sentient puddle of dogshit (who both eats and produces further dookie derivatives) blush with embarrassment. The CD-ROM/Cereal Box this software came in probably listed features like "Stores Your Customer's First AND (or) Last Name!" or "Windows ME Downgrade Disk Included!" and "NEW: Less(-ish) Genocide(s)"!

Despite this, our brain/fearless leader decided this would be a great time to have me test, implement, deploy, and train everyone up on a new solution that would suck your toes, sound your shaft, and that he hadn't reminded me that I was a lazy sack enough lately.

One day, during preliminary user testing I received an email letting me know that the support team was having issues with a Customer's profile on our new support desk. Thanks to our Owner/Firestarter/Real World Micheal Scott being deep in his latest project (fixing our "All 5 devs quit in the last 12 months and I can't seem to hire any new ones" issue (by buying a ping pong table)), I had a bit of fortuitous time on my hands to investigate this issue. I had spent many hours of overtime working on this project, writing custom integrations and automations, so what I found out was crushing.

Below is the (digitally) physical manifestation of my rage after realising I would have to create / find / deal with a whole new method for support to manage customer contacts.

I'm linking to the original forum thread because you kind of need to have the pictures embedded in said reply to get really inhale the "Jira-Rant" ambiance. The part where I use several consecutive words as anchor links to tickets with other people screaming into the void gets a bit sweet n' savoury too - having those hyperlinks does improve the je ne say what of it all.

bit.ly/JIRANT (Case Sensitive)

--------------------------

There is some good news at the end of this brown n' squirty rainbow though!
Nice try silly little Jira button, you can't ruin *my* 2022!

• I was able to forget all about Jira a month later when I received a surprise vacation home! (To be there while my Mom passed away).
• Eventually work stress did catch up to me - but my boss thoughtfully gave me a nice long vacation! (By assaulting *while* firing me (for emailing in a vacation request while he was a having a bad (see:normal) day))