Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
Get a devDuck
Rubber duck debugging has never been so cute! Get your favorite coding language devDuckBuy Now
Search - "infosec"
Everyone I hang out with is about as competent as I am, but the shit they do is way more impressive and I end up feeling like a moron. Example convo from this weekend:
Friend 1: I'm working on an Android application that stores your OC stats on an RFID chip for tabletop and live RPGs
Friend 2: I'm almost done with my program that should be able to consistently beat ReCaptcha
Me: I made new ASCII art for my server's successful login banner, and I even remembered to eat11
A few weeks ago at infosec lab in college
Me: so I wrote the RSA code but it's in python I hope that's ok (prof usually gets butthurt if he feels students know something more than him)
Prof: yeah, that's fine. Is it working?
Me: yeah, *shows him the code and then runs it* here
Prof: why is it generating such big ciphertext?
Me: because I'm using big prime numbers...?
Prof: why are you using big prime numbers? I asked you to use 11, 13 or 17
Me: but that's when we're solving and calculating this manually, over here we can supply proper prime numbers...
Prof: no this is not good, it shouldn't create such big ciphertext
Me: *what in the shitting hell?* Ok....but the plaintext is also kinda big (plaintext:"this is a msg")
Prof: still, ciphertext shows more characters!
Me: *yeah no fucking shit, this isn't some mono/poly-alphabetic algorithm* ok...but I do not control the length of the ciphertext...? I only supply the prime numbers and this is what it gives me...? Also the code is working fine, i don't think there's any issue with the code but you can check it if there are any logic errors...
Prof: *stares at the screen like it just smacked his mom's ass* fine
As a firm supporter of information security, it really "irks" me to see people get up and walk away form their desks without locking their machines... Anyone else with me on this?!18
At an airport bar, lady asks me to watch her shit while she checks the departure screen. Leaves the lid on her Thinkpad open and her smartcard in without even sleeping the damn thing
Me, screaming from the depths of my soul:
CS graduates that have never gone beyond "Hello World", fuck college and it's "system".
So the actual victims of the story are friends of mine, CS colleagues, but I can't help but share as the existence of code freeloaders enfuriates me.
At college in order to graduate you need to present a project in form of a thesis a side from your actual thesis, there is a shortage of pre-approved projects and everyone wants one.
A talented friend of mine who has many years of programming experience got in one with another friend of mine and a lady who I've never seen before. One Saturday night my friend and I were having some beers at a local bar and his phone didn't stop beeping so I jokingly said:
"Bro, tell your girl you need some space", he laughed and explained it was the chick from her project having some "issues" with node.
"So? Tell her to google it, it's Saturday night", he explained the girl has never coded before even though she's about to graduate so she had take it upon herself to pressure him to finish ASAP so she can graduate and get an already agreed position at the federal energy commission... As dev!
I've seen my bud in a lot of dumb calls with said chick trying to explain how you CAN'T COMPILE THE NODE WEBSERVER TO A .EXE!
It frustrated me how such an idiot can go through a CS major buying homeworks and getting low self-esteem geeks to code for her. Then I realized that as an aspiring InfoSec guy, lazy idiots coding is good for business.8
Stupid boss story:
I got a job doing embedded media hardware stuff last year. From day one, it was pretty clear that management didn't like me (being called a faggot and a tranny tends to give one that impression) and had no fucking clue what they were doing (they are IT managers after all). I have a largely self taught infosec/hardware-design background and probably could have done all their jobs myself without even smoking more than usual, but I was the only one on staff who was never promoted despite easily working twice the hours. After bringing up the issue, my boss gave the position I wanted to an employee known for being an incompetent piece of shit, likely to spite me, and the same day sent an "automated" email saying that all staff in my section had been laid off due to restructuring, except that email didn't have a Bcc marking and was sent personally rather than using the corporate mass mailer. I'm back to doing the usual grey hat OSINT and people-finding, and it *just so happens* that a long time friend wants dirt on folks who it turns out are in regular contact with my old employers. Lucky me ;)4
Anyone here who also got super bored while on a porn site and ended up pentesting that porn site..?14
So... Some fake accounts on Twitter claimed to be Elon Musk and to give shitloads of Bitcoin to those who sent a little amount first. They stole... Wait for it... 180 grand.
That's basically your everyday 419 scam. Existing since before the internet, done with the names of Gates, Buffet, Bush, Obama...
They say "the big bad evil criminals and the poor little innocent victims" I say natural selection. Sorry, in those lion vs gazelle scenarios I always thought that it was fair, no matter how it went.
Just when did humanity get so brainless? Have we always been, is the internet just a catalyst for stupidity?
Just why the fuck must I be an infosec sheepdog instead of a wolf? Man, I could live the life, drink beer and smoke herb while working... Get up at 12, don't give a shit, no boss, no taxes, no social security payments that I don't see jack shit from, and the pay would be better to.
The deeper I go down the infosec rabbit hole, the more I worry about my doctors still using Windows XP. Why would you save sensitive patient info in those....shoe boxes?4
I've been browsing devRant for a couple months now and finally joined!
I'm a CS student from Germany, most interested in AI and Infosec, and member of a CTF team.16
Anyone who's interested in cyber security, go follow Binni Shah (@binitamshah) on Twitter. The amount of tutorials and guides she retweets is crazy and very informative.
Also if you're not on Twitter you're missing out on a lot of content to learn from ✌️29
I have a server. I want to filter connections to that server so only people on my work network can access the server. A quick search yielded my public IP address.
"Is this static?" I asked IT. "Do we have static IP address?"
"What do you mean? What do you need that for? You better know EXACTLY what you are doing before we release that information to you!!!! This needs to go to my manager. My manager is demanding to know why you want that information - we are having Network Engineering look into this request, someone will be in touch to find out more."
I have now been waiting for 3 hours. I think I will just go ahead and assume my IP is not going to change...5
Running WireShark to see what one of our partners is sending across.
Outdated TLS: Ok, that's par for the course.
Leaking data through DNS queries: ButWhy.jpg
Website leaked through DNS doesn't require auth to view information. TableFlip.jpg2
Welp, here it goes:
High school is feeding me a huge amount of shit that I do not care about. This, causes me not to have enough time to carry on my own programming and infosec studies due to a lack of time, despite the fact that I'm pretty organized. Among all that, is the fact that I have 3 weekly martial arts training in the evening, which equals to even less time.
I am starting to feel quite shitty about this situation, and no, I'm not going to wait precious years of my life before continuing with my studies.
Let's hope I'll pull through. :(3
What flavor of Linux is everyone using? Why do you think it works well for developers? Got a new laptop and I'm trying to decide what to put on it. My other laptop has a dual boot of windows 10 and Kali Linux (my sudden interest to become a developer came from a desire to be better at Infosec/netsec stuff)
Curious to see what everyone uses from a developers perspective. Not sure I want to develop on Kali and windows is shit.23
Me: hey, we should really do/use X
Someone above me: Nah we don't need it/we already use Y
1 week later (or less):
SAM: Hey, I was thinking maybe we should start using X
This has happened 5 different times already. 2 of them were security related and only talked about after our infosec guy brought it up.
Don't dismiss ideas your interns have just because we're interns, we might have good suggestions.4
So I work for a VPN company as the Info Sec manager long story short I'm not usually the pleb who does customer support.
But today I ended up having to do this. I spent over 1 hour helping a client that a support agent escalated the request for to me. So I figure out that his network adapters are sharing incorrectly.
I fix problem.
He tries to connect.
Denied access so I check our servers for the request and he's blocked.
I think that's odd.....
I check active subscription and this person ISNT A CLIENT THATS ACTIVE....
WHY IS SUPPORT SO IGNORANT.
Because I own http://grnail.co.uk and http://hotrnail.co.uk (which I bought to prevent scammers having access to them), I often get emails about peoples' accounts. I could do a password reset and own these accounts, but of course, I don't.
However, today I started getting passport scans and personal details from Syria...2
So I'm wired into an ethernet box downloading an update via command prompt on a fucking ancient corporate laptop I pulled from the legacy gear dumpster that's about 20% original hardware. I get pulled aside by some loser and told that they just called security, who will detain me and confiscate my laptop. He says he's going to call his boss to fill him in. He calls, my phone rings. I laugh in his face, light a cigarette, flash my ID (my drivers license on a company lanyard) in his face and say "that'll be pretty hard since I'm your boss." I think I might have been able to see his soul exit his body. Side note- I was not his boss, I'm an infosec engineer of decidedly middling abilities and just try to practice my social engineering skill regularly...5
*Sees an unattended, logged in laptop with VMs running and tor open*
*Changes desktop background to a giant print of the word Opsec*
Me: So I read a really interesting whitepaper and
My friend: Before you continue, let me remind you that 100% of the times people have to wipe a workstation were the result of trying what they read in a cool whitepaper1
I feel like there's a lot of overlap in misconceptions about people in infosec and intelligence. People think it involves crazy Tom Clancy type stuff, but ~50% of the workday involves sitting at a monitor with takeout and arguing on the phone2
Hey everyone. I am a freshman in college studying Cyber Security. I have been practicing various programming languages such as httml, css, java script and SQL. Does anyone have any recommendations for resources to study? My end goal is to be blue teaming for my schools Cyber Defense team in the fall.6
Not sure whether to tag this as a rant or a joke, because it feels like equal parts of both. So fucking disappointed with Australian government.2
Typical insurance company BS approach.
Listening to xmas music, Spotify ad kicks in about 'just being "hacked"':
Buy our cyber security insurance product to quickly recover and retain liquidity in case of a cyber security beach.
Not a single word about preventing the incidents in the first place...
Lucky to work in a place that doesn't skimp on IT.5
If I ever want to phish people at an enterprise I would send the email as the yearly infosec training course.1
How to tell if someone is a software/hardware engineer with real talent or an incompetent tool:
[Walk up to person] whatcha doing there? You do any development or just playing around?
include namespace #meme
//My syntax is gonna be bad since I can only read (not write in any way) C type languages and still need to learn Go and Python. I just do hardware and implementation for infosec things right now
If(answer) is "I code a bunch. If you need any programming, I'm your guy;"
cout "tool" ;
If(answer) is "Hell if I know. Watch the terminal output while I pour another espresso and tell me if anything weird happens;"
cout "dev" ;
Seeing the Winnie Pooh eating InfoSec propaganda meme this morning on devRant saved my day. I'm still laughing 8 hours later 😂2
1. Extend my infosec knowledge further and try getting more work in that area (and less as a dev).
2. Specialize more, dabble less.
3. Learn more !dev skills (military/political history mostly)
Question - my field is information security (or cyber security if you want to think of me as a time lord), but I wanted to know;
Front end and back Devs, how much time do you spend on security issues and/or implementing security measures?10
That moment you setup 17 domains on sparkpost as a email delivery system
make your account secure with 2 factor authentication like a good infoSec enthusiast
Go on with your life
Having a Phone crash but nothing to worry because you made them backupz
once again go on with your happy life.
Having to setup a different bounce action on sparkpost
logging in to sparkpost to make the adjustments
opening google authenticator
realising the backup you restored was before you added the sparkpost entry
mailing sparkpost asking to deactivate 2factor authentication
Having them tell me that they have no access to Google authenticator so they can't help me and all they can do for me is delete my account if i answer their 7569357 questions that i entered a year ago ..
You have access to your database yes ? You can delete my account but you can't adjust a fcking Boolean column from true to false? #@?#&!
Why even offer a feature where you have apparently no control over. Stuff like this happens all the time and almost no one saves that fcking authenticator secret.
Make people use authenticators to keep the hackers out, forces them out instead.4
I keep seeing two philosophies bash heads at work.
1. "Hey, use these tools according to idioms and best practices for that tool. We worked hard getting this to work predictably, and it depends on you doing things consistently."
2. "Go pound sand, I want to do what makes sense for the project. To hell with your nazi conventions."
They're both right, and they're both idiots.
#1 is right because precedents exist for a reason. People did a bunch of stuff with their tools and got things to behave reasonably well, showing mastery over a stack. There could also be actual legal- and infosec- related reasons to following a protocol for changes, and ignoring those precedents invites disaster.
#1 is an idiot because there's a fine line between enforcing consistency and micromanagement. If the idioms they confuse with architecture are making it harder for other people to work, then they need to back off and let context, not ego guide the conversation. Good architecture should enable and encourage people to change the software in radical ways.
#2 is right because Context. Is. King. No project should shape around a tool. Tools should simply and objectively obey their users through good and bad use alike in service of the project. A culture that would oblige you to change for the sake of a tool is not an engineering-driven culture, it's a culture driven by self-anointed thought leaders who learned everything they know about software from Medium.com and Smashing Magazine. To enforce idioms and consistency blindly is turn the best practices found so far into the status quo that prevents change.
#2 is an idiot because there's a baby in the bathwater, which is some of that context they so treasure. By getting defensive with #1, they forget that the more they change, the more the team has to re-learn to adapt. The worst case is the cowboy that rewrites the implementation from scratch, causing QA to re-do ALL WORK and causing engineers to drop everything for one person's way of doing things.
The compromise is hard, but here's what I think it entails:
- Context really is king, but frame your changes in terms understood by how the team already thinks about the project; and
- Make those changes work independent of the tech stack on which they sit.
Doing this requires a solid understanding of, well, SOLID, and lots of patience dealing with ego and red tape.
This may seem obvious to you, but I'm so tired of watching the arguments at work about this degrade software quality and the end-user's experience.1
A customer of ours not to say names trains people for infosec certs upon investigating their website I noticed they don't have forward secrecy enabled.
Why? What? Even?
Turn it on you baddies.2
Get over my anxiety and get an actual job in infosec, so I can stop hearing "can you hack my BF facebook" requests.
I can't help but think about Scooby doo and the Cyber Chase while reading this message from my college this morning.1
Did some analysis on some servers that a partner of ours is hosting:
-TLS 1.0: Hmm this isn't great
-TLS_RSA_WITH_RC4_128_SHA preferred Cipher Suite for ALL TLS Versions.
I almost barfed at my desk.4
dev = fighter
ops = cleris
network = wizard
design = bard
dba = warlock
infosec = rogue
it is not mine but i think its great analogy. and because i always choose the warlock1
Hello devrant, so I've been wondering if anyone here breaks things (infosec)? Is there anyone who dabble with building stuff(dev/ops) and breaking them? Need advise whether I should be looking at a devops-y role or a infosec related role in the future. (PS I was in infosec and slowly transitioning into ops/devops not sure yet). Please share your experiences. :)8
Fuck windows server. Fuck infosec. Every time they roll out windows updates shit breaks. From windows service get stuck in "stopping" state to dropping network interface. Why the fuck are we still using this to host a simple API or NSERVICEBUS service?? Don't know whether to laugh or cry. Fml.
Infosec : I have started a telegram channel.
Join and spread the word..
Link : Hack3rB0x 🔊
Maybe not specifically "dev" but certainly a relatable rant to anyone here:
Moms small business gets "hacked," or standard spyware phone call from India let us save you for only $149 kind of crap. She obviously gets upset had a panic attack and thinks about all the sensitive shit on their network. Then, ONLY THEN, does she call me and the rest of the cavalry i.e. over payed and undermotivated IT guy to ask what's up why it happened and whose fault is it.
All is well, no ransom paid, no data lost or tangible damage done, but I am positive it will happen again, because it is impossible for people to internalize that they're the problem that money can't fix.
You clicked the unsolicited link. No amount of antivirus bloatware will ever be able to stop the monkey from trying to see what's in the box.
TheBut keep not paying me or people more qualified than me, and then scream and yell and pout when your shits gone and we can honestly say with a grin and a clean conscience that there is nothing we can do.
Password must be 5 characters long and contain one big letter and each of the following: &, +, %, !, *, @.2