Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API

From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Search - "passwords"
-
An intern I was supposed to lead (as an intern) and work with. Which sounded kinda crazy to me, but also fun so I rolled with it. But when I met her I quickly found out she didn't even have a coding editor installed and when I advised one she was "scared of virusses". She had Microsoft Edge in her toolbar, and some picture of a cat as a background. We were given some project by our boss, and a freelance programmer helped us set it up on Trello. Great, lets start! Oke maybe first some R&D, she had to reaeach how to use the Twilio API. After catching her on WhatsApp a few times I realised this wasnt gonna go anywere. After a few weeks of coding and posting a initial project to git I asked her if she could show me the code of the API she made so far..
She told me she was using the quickstart guide (the last 3 FUCKING weeks) which contained some test project with specific use cases.
The one that I did 3 weeks ago that same fucking morning.
AND SHE WAS STILL NOT DONE...
A few days later I asked her about the progress (strangly, I wasn't allowed ti give her another task bcs the freelanc already did) and guess what... She got fking pissed at me
Her: "I will come to you when im done, ok?"
Me: "I just want to see how it is going so far and if you are running into any problems!"
Her: "I dont want to show you right now"
She then goes to my fucking boss to tell him I am bothering her.
And omg... Please dear god please kill me now...
Instead of him saying the she probably didn't do shit. He says to me that the girl thinks im looking down on her and she needs a stress free environment to work in. She will show me when its done. ITS A FUCKING QUICKSTART GUIDE YOU DUMB BITCH.
He then procceeded to whine to me about the email template (another project I do at the same time) which didn't look perfect in all of his clients.
Dont they understand that I am not a frontend developer? Can you stop please? I know nothing about email templates, I told you this!!!
Really... the whole fucking internship the only thing the girl did was ask people if they want more tea. Then she starts cleaning the windows, talk to people for an hour, or clean everyone's dask.
all this while I already made 50% of the fucking product and she just finished the quickstart tutorial 😭. Truly 2 months wasted, and the worse thing is I didn't get any apprication. They constantly blamed me and whined at me. Sometimes for being 3 minutes late, the other for smoking too much, or because I drink to much coffee, or that I dont eat healthy. They even forced me to play Ping Pong. While im just trying to do my job. One of the worst things they got mad at me for if when my laptop got hacked bcs it was infected with some virus. He had remote access and bought 5 iPhones 6's with my paypal while I was on break. I had to go home and quickly reset all my passwords and make sure the iPhones wouldnt get delivered. strange this was, this laptop I only used at the company. So it must have been software I had to download there. Probably phpstorm (torrent). Bcs nobody would give me a license. And the freelancer said I * have to *.
the monday after I still had to reinstall windows so I called them and said I would be late. when I came they were so disrepectfull and didn't understand anything. It went a little like this:
Boss: why u late?
Me: had to reinstall my laptop, sorry.
Boss: why didnt you do this in your own time?
Me: well, I didn't have any time.
Boss: cant you do this in the weekend or something? Because now we have to pay you several hours bcs you downloaded something at home.
Me: I am only using this laptop for work so thats not possible.
Boss: how can that even be possible? You are not doing anything at home with your laptop? Is that why you never do anything at home?
Me: uhm, I have desktop computer you know. Its much faster. And I also need to rest sometimes. Areeb (freelancer) told me to torrent the software. He gave me the link. 2 days later this happends
Boss: Ahh okeee I see.. Well dont let it happen again.
After that nobody at the compamy trusted me with anything computer related. Yes it was my own fault I downloaded a virus but it can happen to anyone. After that I never used Windows again btw, also no more auto login apps.8 -
Writing customer passwords fulltext into the prod database because "it's easier to associate them with the user"5
-
Yesterday,
I was a bit drunk.
But I wanted to improve security of the company. So, I went in Azure and activated “Security defaults” which forces MFA for all users in the company. (Because RH always forget to enable MFA for new employees, and I actually care about security)
Then I went in office 365 management and instead of resetting MFA for all users (Forcing everyone to redo MFA setup), I (by mistake) clicked on reset all passwords.
I tested my own account it was fine and went to sleep.
Got a call from CEO at 7am, all 30 employees cannot login in, cannot work.
What a shit show I made…
I have a call with CEO in about 2 hours, I don’t even know how to justify myself…
So children: don’t activate company wide options while drunk. Ever.23 -
Finally did the switch to Firefox and migrated my passwords to a proper password manager. Bye chrome!15
-
Worst hack/attack?
Probably developing a complex food ordering website and client just stole the website and didn’t pay as it turns out our PM didn’t let the client sign a contract. Can’t sue as we have no legal binding documents.
We did managed to get access to the database and decided to change our passwords manually, but like I don’t get paid much for this2 -
I know folks do their best, but come on Apple, this can't be that hard. Bought an IPhone at an estate sale (elderly individual died suddenly, so no one had knowledge of the apple id, passwords, etc) and I've been trying to convince apple to clear the activation lock. (AS = Apple Support)
<after explaining the situation>
AS: "Have you tried putting the phone in recovery mode? That should clear the lock"
Me: "I've already done that. It prompts for the apple id and password, which I don't have"
AS: "You need to talk to the owner and get the information"
Me: "As I explained, I purchased the phone at an estate sale of someone who died. I have the bill of sale, serial number, the box, obituary. What else do you need?"
AS: "Have you tried contacting a family member? They might have have that information."
Me: "The family members at the sale told us this is all they had. This kind of thing has to happen. I can't believe Apple can't clear the activation lock."
AS: "Yes, we can, but I'm very sorry we take security seriously."
Me: "I understand, what do I do now?"
AS: "Did you log out of the phone? Go to settings ..."
Me: "Yes, I tried all those steps before calling. It prompts for the AppleID and password."
AS: "Did you try entering the password?"
Me: "No, I don't have it. I already explained there is no way to know"
AS: "Yes..yes...sorry...I'm just reading the information in front of me. I found something, have you tried submitting a activation lock removal request?"
Me: "Yes, it was denied, didn't tell me why, which is why I'm calling. What about taking this phone to an Apple store? I have all the paperwork."
AS: "Sure, you can try. You might need the death certificate. The family or the coroner will have a copy."
Me: "What!? Apple requires a death certificate to unlock a phone!? I'm pretty sure not even the family is going to give a total stranger a death certificate"
AS: "Sorry sir, I'm just reading what is in front of me. Without that certificate, there is no way to prove the person died. You can try the Apple store, but they will likely require it."
Me: "That's a lot of drama for unlocking a phone. A *phone*"
AS: "Yes sir, I understand. If there anything else we can do let us know and thank you for being an a apple customer."
Next stop, the Apple Store.11 -
Just saw this:
Add comma's to your passwords to mess with the csv file they will be dumped in after a data breach9 -
Registering a new account for microsoft teams:
`Your password cannot contain a space, &# characters combination, or the following characters: < >`
Are they storing the passwords in plain text? Are they not sanitizing the input? Why the fuck would they care if I put motherfucking emojis in my password? What the fuck are you doing to the passwords, Microsoft? TELL ME.4 -
Follow up to: https://devrant.com/rants/5047721/....
1- The attacker just copy pasted its JWT session token and jammed requests on the buy gift cards route
2- The endpoint returns the gift card to continue the payment process, but the gift card is already valid
3- Clients wants only to force passwords to have strong combinations
4- Talk about a FIREWALL? Only next month
5- Reduce the token expiration from 3 HOURS to 10 minutes? Implement strong passwords first
6- And then start using refresh tokens
BONUS: Clearly someone from inside that worked for them, the API and database password are the same for years. And the route isn't used directly by the application, although it exists and has rules that the attacker kows. And multiple accounts from legit users are being used, so the person clearly has access to some internal shit7 -
The most annoying hack I've had to deal with was back when I did IT support, actually. Level 1 call center tech at the time. Apparently someone fell for a phishing email and gave out his outlook credentials. The phisher used that email account to send out another phishing email to roughly 1800 employees.
Security Operations noticed, because this guy's job didn't generally involve sending out mass-communication emails. They investigated, figured out what had happened, and opted for the nuclear option: they reset the password for EVERY SINGLE ACCOUNT that received the email. All 1800 of them. Over the weekend.
I walked into the call center Monday morning and checked the call stats, then did a double-take. There were over 300 people waiting in the queue. I almost left and called in sick. Turns out it wasn't that bad though. Annoying to reset so many passwords and having no downtime due to the full queue, but on the other hand my stats were better that day than any other, since every call was a 5-minute password reset.1 -
So apparantly at the company i work at someone was able to use the remote monitoring a comptetitor set up for their automation stuff they had on the same site as we did. Apparantly they use just as shitty passwords as we do and rely on the network being secured enough by the IT guys. And since our stuff is in the same network as theirs. Well...2
-
client: "can you build out a staging server for us? here's all the code, everything you need"
me: "awesome, looking good, i have almost everything i need, just give me the credentials for the server, and I'll get started installing all the infrastructure"
client: "ok, try these!"
me: "doesn't work"
client: "this one?"
me: "doesn't work..."
client: "how about this one?"
me: "STILL NOT WORKING!!!"
imagine you want someone to do stuff on your server and you don't even know the root SSH password.... smh
why is this always a problem, use fucking 1password or something its 40 bucks a year, secure, and you can organize alllll your passwords. don't be a fucking boomer and write them on a piece of paper, or worse, apparently like my client, never know it or have it in the first place.5 -
I FUCKING HATE FIREFOX
WHY CANT YOU FUCKING TRANASGFET MY PASSWORDS YOU DUMBASS
AND IFUCKING HATE PHPSTORM AWND WHY IS IT PAID>???????????????????????????????????? WHYhhyYHWHYTH WHYYYYYYYYYYYYYYYYYYY
CLAP MY FUCKING CHEEKS JON CLAP THEM YOU FUCKING IMBECILE8 -
We should find a way to replace passwords: any password manager which I tried is inaccurate in identifying login forms and is too hard to use for non technical people older than 40 and convince people to not use some stupid name + birth year combination as their passwords is a frustrating uphill battle.13
-
computers are fuckin weird sometimes.
Was just playing some hacking game, where each level is it's own user, acessed by ssh.
And suddenly copy-pasting passwords when prompted doesn't work ...
like, I can paste it in my terminal to see it, it can manually type it ... but I can't paste it into the prompt anymore.
It always worked until today, I could swear that!!
Why not today?3 -
i once changed all of the passwords of my main online accounts(google, apple, facebook, telegram, outlook) as they weren't changed for years.
i decided unique and long passwords for each of them.😎
immediately after changing the passwords, i forgot all of them. 😵fortunately, i was able to reset.
Has this ever happened to anyone?3 -
Am i overthinking too much or are passwords like this
S9L4dk1i6sy5
Insecure?
This is an example generated by some website where i have activated 2fa and need to generate app passwords to access it from clients
I've thought about it many times to ask them to make it more secure but everytime i think i'm overrracting17 -
Microsoft Teams login says password is incorrect then and for a captcha
I type it again but fails...
I'm like wtf... Could it be the captcha...
Which I entered in all lowercase
It doesn't say the captcha is case sensitive though..
Next few times it gives me captchas with k... Teehee me like 5 tries to login
Are we trying to verify passwords/humanness or whether I can somehow tell the difference between K and k?1