Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
IT department created a risk assessment system and asked us to fill out the form.
I found that the form is vulnerable to XSS and possibly SQL injection so I told them and their response was:
"Oh, shit. Please don't tell anyone!"
Of course, it never get fixed :/6 -
Does anyone hear in their company about risk assessment towards American tech companies and their services?
It came to my ear that many European big companies are asking analysis\risk-assessment companies about the reliance on American services and commodities because of how the big American corporations reacted at the Huawei ban.
It's like if America did this to such big Chinese company, they have proven that they cannot be reliable in the long term because of political turmoil.8 -
Business Continuity / DR 101...
How could GitLab go down? A deleted directory? What!
A tired sysadmin should not be able to cause this much damage.
Did they have a TESTED dr plan? An untested plan is no plan. An untested plan does not count. An untested plan is an invitation to what occurred.
That the backups did not work does not cut it - sorry GitLab. Thorough testing is required before a disruptive event.
Did they do a thorough risk assessment?
We call this a 'lesson learned' in my BC/DR profession. Everyone please learn by it.
I hope GitLab is ok.2 -
So the project I work on basically has to talk to a 3rd party plugin, through a 3rd party framework. The 3rd party plugin is a black box. This conversation happened:
Software guy: so we aren't sure what is breaking the thing. It's either us or the plugin, but it's probably both.
Systems guy: well then if we aren't sure then why are we writing an issue for it.
SWG: because we aren't sure but we know we are doing at least something that contributes. We read int X from a table and put it into a float. X doesn't perfectly represent in a float. It comes out X.0001. Then they take it and when it comes back it comes back as Y.0001. We cram it into an int so it becomes Y, we compare it to X which is really X.0001 and it comes back invalid.
SG: well as long as we are sending them the right number . . .
SWG: but we aren't sending them the right number. They are expecting X not X.0001. Then they send us back Y.0001 but it should be X so it's wrong.
SG: so they're giving us the wrong return value.
SWG: yes, but because we're giving them the wrong number.
SG: well not exactly . . .
SWG: yes exactly. It is off by .0001 because of floating point math.
SG: well . . .
Me: look it doesn't matter how it's breaking. But it IS broken. Which is why we're filling out the damn problem report. THEY ARE EDITABLE. We talked to the customer and gave them the risk assessment. They don't care. It happens rarely any way.
SG: then can we lower the severity?
Me: no. Severity doesn't relate to risk. That is a whole different process. Severity assumes it has already happened. It's a a high severity.
SG: but the metrics.
Me: WE GIVE THE METRICS TO THE CUSTOMER. WE TALKED TO THE CUSTOMER. THEY DON'T GIVE A SHIT.
And that was how I spent Wednesday wondering how a level 4 lead systems engineer got his job. How many push ups did he do? What kind of juice did he drink?2 -
Every meeting that contains one or more of the following points:
- "I don't think it belongs in the meeting, but"
- "Didn't get the meeting notes"
- "When's the food coming?"
- "I know we've said no technical discussion, but..."
- "Why is he so strict, this is no fun meeting at all :("
- "I think it's unfair to include risk assessment, you blame US before XY is finished"
- "The admins / the Team XY / ZX didn't talk with us, so we don't talk with him / her / them..."
- "Why are we here?"
- "Why is it so bad when production is down?"
- "I didn't know we do security / audit checks... Why hasn't anyone told us?"
- "Not happening. I'm against it"
- "I don't want to work with XY - he doesn't do it like I want it"
...
I could add thousand more things here.
I had countless meetings where I really thought that I was an alien who got broadcasted in a comedy reality TV soap...9 -
Interested if anyone has done a risk assessment with the AWS outage (or other cloud hosts) in scope and contingency strategies in place and tested. A+ if you did 👍
No, going to the pub does not count as a viable strategy but probably a popular one. -
EXPERT IN STOLEN CRYPTOCURRENCY RECOVERY- RAPID DIGITAL RECOVERY
My all time dream was growing my savings through forex trading, drawn by the allure of high returns and the promise of financial growth. When I discovered an online platform that claimed to offer consistent returns with minimal risk, it seemed like an opportunity too good to pass up. The website was professionally designed, customer service was responsive, and the initial returns on my investments were encouraging. Lured by these assurances, I invested a significant amount—$760,000 over several months. At first, everything appeared to be going as planned. My account was credited with gains, and I was even able to withdraw some profits, which reinforced my belief in the platform's legitimacy. This initial success only fueled my confidence, making the subsequent events all the more devastating. Then, without any prior warning or explanation, the situation took a drastic turn. One day, I found myself unable to access the platform. My account balance had mysteriously vanished, and attempts to reach the company were met with silence. The website, which had once been sleek and functional, was now inaccessible. My heart sank as I realized the gravity of the situation—I had been scammed. The shock and despair that followed were overwhelming. The realization that I had lost everything I had invested was paralyzing. The sense of betrayal and helplessness was compounded by the apparent finality of the situation—no access to my funds, no way to contact the company, and no clear recourse for recovering my losses. Just when I was about to give up hope, I stumbled upon a service called Rapid Digital Recovery. Initially, I was skeptical, having been burned once already. However, Rapid Digital Recovery presented itself as a specialized firm with a track record of recovering funds lost to online scams. They offered a structured process that included an initial assessment of my case, followed by steps aimed at tracing and recovering the lost assets. I decided to reach out to them, sharing all the relevant information about the platform and my investments. The team at Rapid Digital Recovery reviewed my case thoroughly and provided me with a plan of action. They explained their process, which involved legal measures, digital forensics, and negotiations with financial institutions to track down and reclaim the lost funds. Although the recovery process was intricate and time-consuming, Rapid Digital Recovery's expertise and dedication provided a glimmer of hope. They kept me informed throughout the process, which helped restore some of my lost confidence. With their help, I began to see progress in retrieving my assets. While the journey was challenging and not without its setbacks, Rapid Digital Recovery's intervention turned my situation from one of utter despair to a path towards recovery. The experience served as a stark reminder of the importance of vigilance and due diligence in the world of online investments, and I was grateful to have found assistance that helped me navigate the complexities of recovering from a scam.
Contact Rapid Digital Recovery On :
EMAIL: support (@) rapiddigitalreco very .org
EMAIL: contact (@) rapiddigitalrecove ry. org
WHATSAPP: +1 (41 4) 80 7-14 85
Top Tags
Weekly Rant
View