AboutBackend dev Cyber Security Enthusiast
SkillsC, Python, Java, reverse engineering, assembly, High performance computing
Joined devRant on 6/19/2018
Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
FML, I accidentally brought down the company network today. I was setting up bridge interface of mirrored port to fiber port for traffic analysis. Accidentally bridged the mirror port to the port connected to the switch.
It created a traffic forward loop and brought down the whole network while everyone is working remotely.
Luckily there was someone at the office who could help me reboot the server. Or else I would have to go down the server room at this late hour and reboot.
This kind of cases made me wish there's a backup link. Usually I go to fix network issues on remote console port of servers, but this time, the gateway went down, no way to fix remotely anymore.5
One guy left the company and left me nodeJS project to maintain. It has a file with just a few lines short of 1700 lines of code.14
Today, one guy brought a small circuit board with a couple of switches on top.
Asks me if we have volt meter at the office. I asked him back what do you need it for. He handed me that thing. I was examining it, asked him where you got that. He said, oh it's from my sex toy.
MOFO WHY THE F**K YOU ASK ME TO HOLD IT IF ITS FROM YOUR SEX TOY.
He chillingly said, Don't worry, there's no stains inside.
Just what kind of people I'm working with. Why would you bring that thing to the office and why would you stand there and explain me which button is for vibration and which is for the moaning sound.
So, I just found out a bunch of chrome processes running on the staging server. Very weird, as the server doesn't even have a DE installed, why would someone need chrome running.
Then found out that somebody was spawning chrome headless mode, going to the API url, and saving the page as pdf (calling it generating report)
-_- Very very innovative, So instead of generating the report on the server side and be done with just a single API call, one has to launch a web browser, then GO TO THE DAMN API URL, SAVE PAGE AS PDF.3
Somebody shared me this Stanford Lecture series "Programming Paradigms". It's 10 years old, but still useful. The lecturer explains the low level things like how is a float represented in binary, etc. Teaches about C/C++. Thought I should share it here and hear the thoughts on it.
Context: I work in a cyber security company which develop cyber security solutions.
I started testing the API of the dashboard we have. Within 15 minutes, after poking around with burp suite, found SQL injection in post data that leads to the whole DB dumping in sqlmap.
Told the boss and the API developer. Boss said, "it's ok to have bugs/holes in trial box". But this is on a machine that is gonna be sent to client for trial in a few days. I even compiled a report and how to fix it, which is like 2 lines of "if else" statement by the way. Told the API developer how to fix, he didn't care. 'I work on functionality first'. Doesn't look like he gonna fix.
A damn cyber security company, developing cyber security solution, do the "don't" in web security 101, which is dumping POST data directly into the SQL query, which requires only 5 minutes to fix. 🤦♂️🤦♂️🤦♂️14