Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
Worst thing you've seen another dev do? So many things. Here is one...
Lead web developer had in the root of their web application config.txt (ex. http://OurPublicSite/config.txt) that contained passwords because they felt the web.config was not secure enough. Any/all applications off of the root could access the file to retrieve their credentials (sql server logins, network share passwords, etc)
When I pointed out the security flaw, the developer accused me of 'hacking' the site.
I get called into the vice-president's office which he was 'deeply concerned' about my ethical behavior and if we needed to make any personnel adjustments (grown-up speak for "Do I need to fire you over this?")
Me:"I didn't hack anything. You can navigate directly to the text file using any browser."
Dev: "Directory browsing is denied on the root folder, so you hacked something to get there."
Me: "No, I knew the name of the file so I was able to access it just like any other file."
Dev: "That is only because you have admin permissions. Normal people wouldn't have access"
Me: "I could access it from my home computer"
Dev:"BECAUSE YOU HAVE ADMIN PERMISSIONS!"
Me: "On my personal laptop where I never had to login?"
VP: "What? You mean ...no....please tell me I heard that wrong."
Dev: "No..no...its secure....no one can access that file."
<click..click>
VP: "Hmmm...I can see the system administration password right here. This is unacceptable."
Dev: "Only because your an admin too."
VP: "I'll head home over lunch and try this out on my laptop...oh wait...I left it on...I can remote into it from here"
<click..click..click..click>
VP: "OMG...there it is. That account has access to everything."
<in an almost panic>
Dev: "Only because it's you...you are an admin...that's what I'm trying to say."
Me: "That is not how our public web site works."
VP: "Thank you, but Adam and I need to discuss the next course of action. You two may go."
<Adam is her boss>
Not even 5 minutes later a company wide email was sent from Adam..
"I would like to thank <Dev> for finding and fixing the security flaw that was exposed on our site. She did a great job in securing our customer data and a great asset to our team. If you see <Dev> in the hallway, be sure to give her a big thank you!"
The "fix"? She moved the text file from the root to the bin directory, where technically, the file was no longer publicly visible.
That 'pattern' was used heavily until she was promoted to upper management and the younger webdev bucks (and does) felt storing admin-level passwords was unethical and found more secure ways to authenticate.5 -
What I'm posting here is my 'manifesto'/the things I stand for. You may like it, you may hate it, you may comment but this is what I stand for.
What are the basic principles of life? one of them is sharing, so why stop at software/computers?
I think we should share our software, make it better together and don't put restrictions onto it. Everyone should be able to contribute their part and we should make it better together. Of course, we have to make money but I think that there is a very good way in making money through OSS.
Next to that, since the Snowden releases from 2013, it has come clear that the NSA (and other intelligence agencies) will try everything to get into anyone's messages, devices, systems and so on. That's simply NOT okay.
Our devices should be OUR devices. No agency should be allowed to warrantless bypass our systems/messages security/encryptions for the sake of whatever 'national security' bullshit. Even a former NSA semi-director traveled to the UK to oppose mass surveillance/mass govt. hacking because he, himself, said that it doesn't work.
We should be able to communicate freely without spying. Without the feeling that we are being watched. Too badly, the intelligence agencies of today do not want us to do this and this is why mass surveillance/gag orders (companies having to reveal their users' information without being allowed to alert their users about this) are in place but I think that this is absolutely wrong. When we use end to end encrypted communications, we simply defend ourselves against this non-ethical form of spying.
I'm a heavy Signal (and since a few days also Riot.IM (matrix protocol) (Riot.IM with end to end crypto enabled)), Tutanota (encrypted email) and Linux user because I believe that only those measures (open source, reliable crypto) will protect against all the mass spying we face today.
The applications/services I strongly oppose are stuff like WhatsApp (yes, encryted messages but the metadata is readily available and it's closed source), skype, gmail, outlook and so on and on and on.
I think that we should OWN our OWN data, communications, browsing stuffs, operating systems, softwares and so on.
This was my rant.17 -
Friend asked me to teach him how to hack. FML.
Today friend tells me he bought a $200 course on "Ethical Hacking". Asks if he can translate those skills to "cool hacking" CTRL+C4 -
Me: reports vulnerability that can be used to steal thousands of dollars from a company.
Stingy company: gives me 66 USD voucher as a reward. :)11 -
I am really getting sick of recruiters contacting me with "great opportunities" then when I ask questions about the post they just give me the answers they think I want to hear. I know when you're lying because if you knew the answer you would have led with that. At least say you'll find out more and then give me a follow up response.
Recruiter: Would it be possible for you to deliver hacking training?
Me: You mean pentesting?
R: Yes, that.
Me: Well, what will it be used for? Breaking into peoples networks and spying on them?
R: Yes, they'll want it to be able to spy on people.
Me: Well, that's unethical, I'm only interested in defensive security practices.
R: Yes, they'll only want it for ethical reasons like defence and against bad guys.
Me: *dirtiest look I could muster*
I mean there's gullible and then there's what ever it is you think I am.2 -
I see the industry popularizing Machine Learning programs using AI to implement ethical Blockchain as a Javascript framework using Scrum techniques for Big Data Web2.0 in Responsive Virtual Reality for your IoT Growth Hacking operations.3
-
What you are expected to learn in 3 years:
power electronics,
analogue signal,
digital signal processing,
VDHL development,
VLSI debelopment,
antenna design,
optical communication,
networking,
digital storage,
electromagnetic,
ARM ISA,
x86 ISA,
signal and control system,
robotics,
computer vision,
NLP, data algorithm,
Java, C++, Python,
javascript frameworks,
ASP.NET web development,
cloud computing,
computer security ,
Information coding,
ethical hacking,
statistics,
machine learning,
data mining,
data analysis,
cloud computing,
Matlab,
Android app development,
IOS app development,
Computer architecture,
Computer network,
discrete structure,
3D game development,
operating system,
introduction to DevOps,
how-to -fix- computer,
system administration,
Project of being entrepreneur,
and 24 random unrelated subjects of your choices
This is a major called "computer engineering"4 -
So I had this conversation with my dad
Background : He saw news about some celebrity's Twitter account got hacked.
Dad : Do you know how to hack a Twitter account?
Me : No dad. There are ways for people who do this kind of stuff.
D : But, you studied software engineering!
M : Yeah, but I don't do hacking.
D : Although hacking is not ethical but everyone should know about their field.
*Awkwardly left the room*
Just because I studied computer science doesn't mean that I SHOULD know hacking.
And this is not the first conversation of this kind!4 -
Have you ever been asked to develop something unethical by your boss? Did you do it anyway? Tell us your story.10
-
A few days back I read an article about ethical hacking and get rewarded for bug bounty. I thought that might be interested.
AND
I'm about to send out my first ethical hack report to a company! I'm nervous because I don't know how they'll respond. It's an xss vulnerability, and I really hope they'll fix it.5 -
I can't sleep whenever I remember ,few year before I paid $25 for ethical hacking workshop and they show us inspect element n SQL map
-
Do you think a dual core laptop with 2gb RAM on it can run Ubuntu and Kali Linux? The solely purpose is for programming (ubuntu) and ethical hacking / penetration testing (linux) ?
tbh, I’m learning linux because I want to try a new OS. Any tips so that I can easily adapt to this OS?
PS. I know this is a googleable question but I just want a perspective from this community.10 -
I am the old famous kiddy here, who just came back days before school exam starts^^
Just to say, I want to ask you all, is it ethical(?) to release a hacking/cheating creation tool for games for educational™ purposes?
I have been making a cheat creation tool called Mysterium, but I am not sure where to use it. I made cheats for some big title games, and reported them to the developers, patched, and got some in game items in return....
Long story short, is it okay to release to the public, or should i release this product to game developers?
Sincerely,
A kid who made cheats since he can't play games well and wanted to get some free items4 -
Me currently in my 3rd year of university: hears about blockchain from my friends, reads 5 pages of ethereum white paper; sees a cool machine learning project, watches 2 weeks of Andrew Ng's course; plays a cool game, downloads Unity and makes a hello world game; hears about wifi vulnerability, purchases an ethical hacking course.
Number of things mastered: 05 -
what do you recommend for me to learn about next?
I have learnt about:
- web frontend/backend (php)
- android and java
- c, c++, nasm, gnu assembler
- parallel computing
- cli operating systems
with that background, what would you recommend?
I'm considering:
- neural networks
- making a server
- ethical hacking
- starting a blog7 -
Hello DevRant,
I need your help
I'm currently studying Game design and development first year in The Netherlands and I love programming but I hate designing. I was thinking about changing the course to something like Ethical Hacking or Computer science. The reason why I want to do this is that they teach us openfl until second year and I feel like I learn nothing until now.
Do you think would be better to change the course or to stay but start programming in something else? And what programming language would you recommend?
P.s. I also want to apply for a part time job/summer school to gain experience but I had no luck at all.
P.s.s. You are the best community for me!
Return 0;3 -
Woah dude, where do I sign? 😱
Seriously though, it's the second email of the sort today. The recipient is not even my address, and from some subtle cues (cf. "ethical hacking service", "untracable", "victim never suspect"), he's probably a very bad developer too. Dear "Ruben Villanueva", you're just a f***ing a**hole, I hope you die painfully, dumbface.
5 -
So recently i got a message from aa person asking how to (these are exact words) ,
:break into insta's database using Sqlmap"
I then proceeded to tell them to "f*ck of ya c*nt ".
Afterwords it inspired me to write this rant
annoying classmates:" hahaha GuYS bEtER wAtcH OuT he's GonnaA hack Us"
me: " yea I can program I also do some ethical hacking and cybersecurity "
annoying classmates: "hahaH Bro your a Hacker OhHHhHHOOO BrO CaN yoU hACk inSta FoR mE I NEEd MoRe FolloWeRs "
me:" tf no one that's illegal and two it's waste of my time "
annoying classmates: "BrOooo CaN yoU gEt Me SoMe HacKs fOr CsGo"
me: "can you just please f*ck off , i'm not hacking for you everything you've asked me is extremely unethical and a huge waste of time, Also if you suck so bad at a game you need to cheat I recommend just stopping "
annoying classmates: "DUdE whAt ToolS dO i HVAE to DownLOad To Be A haCkEr"
me: *trying hard not to murder them* " I told you to f*ck off"
being a hackers isn't downloading tools it isn't typing at 90wpm into a terminal with green font its not about games or fame or anything its about coming up with creative solutions to problems , thinking outside the box its about individuality and breaking from the heard , looking at things from a different viewpoint,
it's about endlessly seeking knowledge.
It's about freedom though creation that's what being a hacker originally was. But because of big media and movie company's (and script kiddies) people now confuse hacker with cracker and think of us as jobless fat kids sitting in a dark room in there parents house breaking into bank accounts and buying drugs on the dark web (which people see to think there a hacker just because they can open tor browser. they then proceed to use google to look up "fresh onion links 2020") .
My classmates and really my generation has a huge case of smooth brain. They a think we can just look at someone and hack them they also seem to think using a gratify link to get a persons up is hacking and using the inspect element is hacking and that opening a terminal is hacking ! AHHHHHHHHHHHHHHHHHHHHH"
Anyways ima end this here thanks for reading :)5 -
Just had a so called "cyber security" seminar in college today.
The guy who claimed to be a trainer or somewhat network security guy or something behaved enigmatically with utter consistency. He obviously claimed to know facebook hax0ring though.
They were basically there to advertise their complete crap: csksrc.org
(Ethical Hax0ring Course) (also claimed their site to be 99.9% secured - GREAT!)
After obtaining a ISO*** standard cert or after taking multiple sessions on "advanced ethical hacking" if you go about telling peeps in colleges that: "The single way to hax0r a facebook account is CSRF!" "Will hack your facebook account by MITM through malicious WiFi Ap." Then, NO neither I want your shitty cert nor do I want to be in your team and create the next level of "advanced ethical hax0ring - CEH course". Reason why I get cringed when peeps start about their certs and the ISO*** value it contains. What ISO value does your brain cells contain though? -
So I decided to install a third OS on my laptop and oh boy, I never thought I'd have to deal with so many issues!
First, I had to make space for the new OS, so I did the only feasible thing - Shrunk a windows partition (Used for gaming only), then installed the third OS into it. (For clarification, one OS was Windows, the second Debian for work and the new one was Kali for a course at school about security and ethical hacking)
Well... After I installed and tried out that the Kali worked... My Debian began to make problems. It would hang for almost a minute during start as it tried to mount a (for some reason) no longer existing Swap partition.
After it gave up and I found out... I, fortunately, fixed it after just a bit of googling. At least I learned to repack the ramfs.
It worked all fine and dandy... Only... My Debian now shared the swap with Kali.
Few weeks forward, last friday, I tried to boot up Kali at class... Only for it to... Stop at a black screen, weird.
Some minor detective work later, I found out nothing was... Wrong really.
But... For some mysterious reason, my complete GDM just.... No longer worked.
One LightDM and XFCE instal later (Thanks god that at least TTY still worked fine), it finally worked again, and this time, I booted back into Debian, shrunk the Kali partition a little more and dedicated it's own swap there. Setting and resetting everything, and finally had a working triple-boot laptop...
My only question is... Why?
Does sharing Swap really affect the system so much, besides hibernation ofc.3 -
Hey I need some advice
if i'm planning on going into IT Security with like ethical hacking and stuff like that and I already am learning Python + have a decent knowledge of CSS & HTML what should I start learning next while I'm bored at internship
(just incase it matter i'm using my school laptop, not the best but hasn't let me down so far and I have the basic admin rights since i'm on my high school's tech team)6 -
Sometimes I feel like making a password cracker and hack someone's password using any API in a while loop6
-
Ok! My new project still haven't started and I'm so bored , running out things to look into!!!
So far I have looked into
Firebase
Ethical Hacking
Some web developing concept...
Any suggestions??? Related to web developing, laravel , vuejs ???1 -
!rant
Ok, so I want to become penetration tester/ethical hacker. I'm learning programming in python and I'm wondering if that is good programming language for that job?5 -
If i'm trying to build an example server for a class to demonstrate my grade project (i'm researching hacking, ethical and unethical) and I know basically nothing which is still more than any teachers I talk to on a daily basis (tech manager said I can talk to him with specific questions)
I'm trying to set up and IIS7 server on a spare computer and I'm trying to get Apache to work as well just to learn more but I have no real clue where to start at all
can I get some advice on where to start and maybe some more ideas on how to expand my own
I don't know where else to ask about this since StackOverflow is more for specific questions and I don't know any other sites or apps
please help me4 -
Email info: Adwarerecoveryspecialist@ auctioneer. net CONTACT ADWARE RECOVERY SPECIALIST TO SPY ON YOUR CHEATING PARTNER SMARTPHONE
WhatsApp info:+12 723 328 343
Uncovering your wife's phone secrets through the skills of a adware-like ADWARE RECOVERY SPECIALIST is a delicate and potentially unethical endeavor that should be approached with great caution. These so-called "sneaky ways" often involve highly sophisticated technological methods to bypass security measures and access private communications and data without the knowledge or consent of the device's owner. A skilled web recovery specialist might utilize advanced hacking techniques, exploits in mobile operating systems, or specialized surveillance software to surreptitiously monitor your wife's online activities, read her text messages and emails, track her location, and even retrieve deleted files - all while leaving little to no trace of their intrusion. However, engaging in such invasive and underhanded practices not only violates your wife's fundamental right to privacy, but can also severely damage the trust and integrity of your relationship if discovered. Rather than resorting to these underhanded tactics, it would be far wiser to have an open and honest discussion with your wife about any concerns you may have, and work together to address them through ethical, consensual means. Building a foundation of mutual understanding and respect is essential for the long-term health of any marriage. For help, Contact ADWARE RECOVERY SPECIALIST through: Email info: Adwarerecoveryspecialist@ auctioneer. net
Top Tags
Weekly Rant
View