Hi again FreeBSD Community. I pop in every now and then and been sitting in Windows environments for some time
and recently gotten back to FreeBSD. Hope that you are doing well.
I have started a new internship. Funny thing with my +two years of experience in Customers Service/Service Desk, some hobbyist education in IT/Networking, Web Development and Programming,
I land an internship for - you have guessed it right - Customers Service.
Having the needs for constant stimulation and access to testing things I do all my job assignments by the first to the second of the working hours of the +8 hours work day.
And with no extra assignments possible I spend my spare time testing the security policies and functions of the systems that we use.
So far I have found two minor potentially, not so important Data leaks, security issues in policies with the passcode system to the building,
as well as a major Denial of Service exploit that hasn't been recognized by the remote development team.
This took me about one week to find. And being a sensible human being I have gently and calmly tried to alarm about the situation, since this Denial of Service would generate a chunk of havoc.
Conclusion:
I get new guy treatment, every personnel is blatantly uninterested in both security or making any adequate changes to anything.
I spoke about this with my dad, who has same interests as I do, and he strictly advised me to contact another part of the company and opt for an employment more fit for my interest in
the IT career path.
For all that is necessary I believe this information and solution to the exploit will at some point reach some authorized personnel as a "good-will"-package from me.
In the meantime, when the client to my videogame was down that I wanted to relax with, I kind of just started to write the code for the exploit.
To be clear, what makes it alarming is that any person will need no kind of internal access to use this exploit, and I kind of thought of putting the theory into practice
and have actual runnable code before I even present this to any other person or instance within the company. I mean ... I could be wrong ... in theory ... and everything is fine and dandy.
That is where I am at now.
Do you have any similar experiences and/or advices regarding this situation?
Kind regards,
michael_hackson
and recently gotten back to FreeBSD. Hope that you are doing well.
I have started a new internship. Funny thing with my +two years of experience in Customers Service/Service Desk, some hobbyist education in IT/Networking, Web Development and Programming,
I land an internship for - you have guessed it right - Customers Service.
Having the needs for constant stimulation and access to testing things I do all my job assignments by the first to the second of the working hours of the +8 hours work day.
And with no extra assignments possible I spend my spare time testing the security policies and functions of the systems that we use.
So far I have found two minor potentially, not so important Data leaks, security issues in policies with the passcode system to the building,
as well as a major Denial of Service exploit that hasn't been recognized by the remote development team.
This took me about one week to find. And being a sensible human being I have gently and calmly tried to alarm about the situation, since this Denial of Service would generate a chunk of havoc.
Conclusion:
I get new guy treatment, every personnel is blatantly uninterested in both security or making any adequate changes to anything.
I spoke about this with my dad, who has same interests as I do, and he strictly advised me to contact another part of the company and opt for an employment more fit for my interest in
the IT career path.
For all that is necessary I believe this information and solution to the exploit will at some point reach some authorized personnel as a "good-will"-package from me.
In the meantime, when the client to my videogame was down that I wanted to relax with, I kind of just started to write the code for the exploit.
To be clear, what makes it alarming is that any person will need no kind of internal access to use this exploit, and I kind of thought of putting the theory into practice
and have actual runnable code before I even present this to any other person or instance within the company. I mean ... I could be wrong ... in theory ... and everything is fine and dandy.
That is where I am at now.
Do you have any similar experiences and/or advices regarding this situation?
Kind regards,
michael_hackson