It's all about jokes, funny pics...

http://serverfault.com/questions/29...ve-him-the-information-he-wants/293254#293254

A security auditor for our servers has demanded the following within two weeks:
  • A list of current usernames and plain-text passwords for all user accounts on all servers
  • A list of all password changes for the past six months, again in plain-text
  • A list of "every file added to the server from remote devices" in the past six months
  • The public and private keys of any SSH keys
  • An email sent to him every time a user changes their password, containing the plain text password
Click to expand...


:D


I forget where, but I found this app online that would estimate how long it'd take to brute-force your password. I don't know what the brute-force or hashing algorithms it assumed were, but it estimated something like 17 trillion years for most of my passwords... :) – Jul 29 '11 at 5:11
10

the online app I found to estimate password strength had a different (and possibly more accurate) approach: for every password, it returned "Your password is insecure - you just typed it into an untrusted web page!" – Jul 29 '11 at 5:49

oh no, you're right! – Jul 29 '11 at 6:03
Click to expand...

:D :D
 
roddierod said:
I'm not sure if the security auditor is a idiot or a genius in this case, but from my experience I'm going to have to go with the 1st choice.
Click to expand...

Unfortunately judging from my experience they are more often idiots than not. A lot of them got that position just by "standard process", i.e. somebody did quit and he/she became a security expert in the instance.

Not so long ago we had an audit on our environment; big concern was that our motd is not right. Sigh .. But keeping 777 permissions on very important data were OK cause .. y'know .. nobody was able to set the SAP "thingy" right.

And you would wonder how many users worldwide have 'Monday01' as a password.
 
graudeejs said:
https://github.com/rails/rails/issues?sort=created&direction=desc&state=closed

Check date of first closed issue in the list and read the PR

Article on h-online
http://www.h-online.com/open/news/i...highlights-Ruby-on-Rails-problem-1463207.html
Click to expand...

This email I got today reminded me of this post. ;)

A security vulnerability was recently discovered that made it possible for an attacker to add new SSH keys to arbitrary GitHub user accounts. This would have provided an attacker with clone/pull access to repositories with read permissions, and clone/pull/push access to repositories with write permissions. As of 5:53 PM UTC on Sunday, March 4th the vulnerability no longer exists.

While no known malicious activity has been reported, we are taking additional precautions by forcing an audit of all existing SSH keys.

# Required Action

Since you have one or more SSH keys associated with your GitHub account you must visit https://github.com/settings/ssh/audit to approve each valid SSH key.

Until you have approved your SSH keys, you will be unable to clone/pull/push your repositories over SSH.

# Status

We take security seriously and recognize this never should have happened. In addition to a full code audit, we have taken the following measures to enhance the security of your account:

- We are forcing an audit of all existing SSH keys
- Adding a new SSH key will now prompt for your password
- We will now email you any time a new SSH key is added to your account
- You now have access to a log of account changes in your Account Settings page

Sincerely, The GitHub Team
Click to expand...
 
matoatlantis said:
And you would wonder how many users worldwide have 'Monday01' as a password.
Click to expand...

Too true, unfortunately.

I used to occasionally run Jack the Ripper at my old university (CS department no less!) and pass the results on to the sysadmin. The userbase consisted of a couple of hundred accounts and I cracked 10 or 15 passwords on average. It wasn't even uncommon for people to use their username as their password :r
 
The Real World and Unix Philosophy... by Bob Peirce

Last night I dreamed that the Real World had adopted the Unix Philosophy.

I Went to a fast-food place for lunch. When I arrived, I found that the menu
had been taken down and all the employees were standing in a line behind the
counter waiting for my orders.

Each of them was smaller than I remembered. There were more of them than I'd
ever seen before and they had very strange names on their name tags.

I tried to give my order to the first employee, but he just said something
like
"syntax error." I tried another employee with no more luck. He just said
"Eh?", no matter what I told him. I had similar experiences with several
other employees. (One employee, named "ed", didn't even say "Eh?"... he just
looked at me quizzically.)

Disgusted, I sought out the manager, at least it said "man" on his name
tag and
asked him for help. He told me that he didn't know anything about "help" and
to try somebody else with a strange name for more information.

The fellow with the strange name didn't know anything about "help" either,
but
when I told him I just wanted to order he directed me to a girl named "oe"
who handled order entry. (He also told me about several other employees I
couldn't care less about, but at least I got the information I needed.)

I went to "oe" and when I got to the front of the queue she just smiled at
me. I smiled back. She just smiled some more. Eventually I realized that
I shouldn't expect a prompt.

I asked for a hamburger. She didn't respond, but since she didn't say
"Eh?", I knew I'd done something right. We smiled at each other a little
while
longer, then I told her I was finished with my order. She directed me to the
cashier, where I paid and received my order.

The hamburger was fine, but it was completely bare... not even a bun.
I went back to "oe" to complain, but she just said "Eh?" a lot. I went to
the manager and asked him about "oe." The manager explained to me that "oe"
had thousands of options, but if I wanted any of them I'd have to know in
advance what they were and exactly how to ask for them.

He also told me about "vi", who would write down my order and let me correct
it before it was done and how to hand the written order to "oe". "vi" had a
nasty habit of not writing down my corrections unless I told her that I
was about to make a correction, but it was still easier than dealing directly
with "oe."

By this time I was really hungry, but I didn't have enough money to order
again, so I figured out how to redirect somebody else's order to my plate.
Security was pretty lax at that place.

As I was walking out the door, I was snagged by a giant Net. I screamed and
woke up.
 
matoatlantis said:
So what was the biggest 'c' on big production DB ?
Click to expand...

I'll leave that to your imagination. [and I never actually looked in a "big" production DB with such a query, just small call center staff table sorts of things]
 
saxon3049 said:
Asking that question collapsed the field and made the kitten implode, Feel good about what you have just done? You just made a kitten implode.
Click to expand...


In fact, in an alternate world, he is still alive, doing some science, and giving cakes away.
:e:e:e
 
Gnhzt.png





Also I find it funny the Ruby on Rails sponsor uses PHP...
http://rubyonrails.org/ (see bottom)
http://37signals.com/index.php
 
You must log in or register to reply here.
Back
Top