Miscellaneous Tech News
-
@scottalanmiller said in Miscellaneous Tech News:
I bet someone at Google is a sign that says "5 Days Since Our Last Big Project Was Killed Off" like one of those "X Days Since an Accident" signs.
It's easy to make fun of but it might not be a bad strategy. Just trying new things to see what sticks. Just sucks a lot of it seems to be useful and then is gone.
-
@stacksofplates said in Miscellaneous Tech News:
@scottalanmiller said in Miscellaneous Tech News:
I bet someone at Google is a sign that says "5 Days Since Our Last Big Project Was Killed Off" like one of those "X Days Since an Accident" signs.
It's easy to make fun of but it might not be a bad strategy. Just trying new things to see what sticks. Just sucks a lot of it seems to be useful and then is gone.
Can be, but it also burns users and makes people ultimately wary of your products. As a consumer, you never know what to trust in, as a business you'd be crazy to invest in anything from Google. It's not bad, it's just unreliable.
-
Kaseya potentially imploding after Datto acquisition, CEO goes on a rampage alienating incoming staff...
-
SSL Certs expired at TrustWave
-
Look at those dates, they've not been following the super basic security rule of updating every six months. That's way, way too long expired. That's like web security 101. Total fail. Someone needs to teach them about LetsEncrypt.
-
@scottalanmiller said in Miscellaneous Tech News:
Kaseya potentially imploding after Datto acquisition, CEO goes on a rampage alienating incoming staff...
He says he's not trying to be a dick but clearly looks like a dick!
-
@WLS-ITGuy said in Miscellaneous Tech News:
@scottalanmiller said in Miscellaneous Tech News:
Kaseya potentially imploding after Datto acquisition, CEO goes on a rampage alienating incoming staff...
He says he's not trying to be a dick but clearly looks like a dick!
Generally the case.
Example... "I don't mean to be racist but....."
You know, whatever comes next is going to be racist. As above, whatever came next, was likely him being a dick.
-
I don't want to be pretentious...
But box wine is for losers, only those that don't understand the value of glass are serious wine drinkers. I won't drink anything with a screw top or plastic cork either, only real tree bark for real wine.
Um yeah, pretentious.
-
For reference, I buy box wine.
-
After getting interrupted for the 3rd time when trying to ask questions, I wouldn't have cared at that point what the benefits were, I would've been DUDE! You're SO BEING A DICK RIGHT NOW!
-
-
Uber Breach 2022
The critical vulnerability that granted the attacker such high levels of access was hardcoded credentials in a PowerShell script
-
@Obsolesce said in Miscellaneous Tech News:
Uber Breach 2022
The critical vulnerability that granted the attacker such high levels of access was hardcoded credentials in a PowerShell script
Argh, why the heck is there Windows development on a platform like Uber? And who approved THAT GIT checkin?
-
@scottalanmiller said in Miscellaneous Tech News:
@Obsolesce said in Miscellaneous Tech News:
Uber Breach 2022
The critical vulnerability that granted the attacker such high levels of access was hardcoded credentials in a PowerShell script
Argh, why the heck is there Windows development on a platform like Uber? And who approved THAT GIT checkin?
No idea. Android and ios only AFAIK. No need for Windows. But I have a feeling that one who bakes credentials into scripts would do it in any scripting language. You'd also think a vulnerability like that would have been found during scanning. They must not have any devsecops or code scanning tools in place.
-
@Obsolesce said in Miscellaneous Tech News:
@scottalanmiller said in Miscellaneous Tech News:
@Obsolesce said in Miscellaneous Tech News:
Uber Breach 2022
The critical vulnerability that granted the attacker such high levels of access was hardcoded credentials in a PowerShell script
Argh, why the heck is there Windows development on a platform like Uber? And who approved THAT GIT checkin?
No idea. Android and ios only AFAIK. No need for Windows. But I have a feeling that one who bakes credentials into scripts would do it in any scripting language. You'd also think a vulnerability like that would have been found during scanning. They must not have any devsecops or code scanning tools in place.
Clearly no one is scanning or checking anything. That's the problem. And that's why Windows development is an issue, it starts a "trend" of looking the other way for obvious non-best practices. Once something so fundamental as making business software or production server software on a platform that is costly, risky and less performant (presumably to allow hiring less than capable developers - that's why that ecosystem exists there) then where do you start adding best practices when clearly, it's not even on the radar? you don't, it just doesn't make sense to. So you get here.
-
@scottalanmiller said in Miscellaneous Tech News:
@Obsolesce said in Miscellaneous Tech News:
Uber Breach 2022
The critical vulnerability that granted the attacker such high levels of access was hardcoded credentials in a PowerShell script
Argh, why the heck is there Windows development on a platform like Uber? And who approved THAT GIT checkin?
I'm sure their desktop environment is Windows for their non techies. And there's probably little to no separation between the Uber app platform and their staff.
-
@Dashrender said in Miscellaneous Tech News:
I'm sure their desktop environment is Windows for their non techies.
That's weird as that is a power user platform. You'd never put that in to make things harder jsut for the less capable staff if you don't for the good staff. But that's not really relevant, why would their applications be getting built on Windows regardless of that? And even if they were BUILT on Windows, why would the app deployment happen to Windows? What is used by some non-dev staff has zero to do with what is talking to their system.s
-
@scottalanmiller said in Miscellaneous Tech News:
@Dashrender said in Miscellaneous Tech News:
I'm sure their desktop environment is Windows for their non techies.
That's weird as that is a power user platform. You'd never put that in to make things harder jsut for the less capable staff if you don't for the good staff. But that's not really relevant, why would their applications be getting built on Windows regardless of that? And even if they were BUILT on Windows, why would the app deployment happen to Windows? What is used by some non-dev staff has zero to do with what is talking to their system.s
You're asking people to do things your way - we all know that's not the typical way.
-
@Dashrender said in Miscellaneous Tech News:
@scottalanmiller said in Miscellaneous Tech News:
@Dashrender said in Miscellaneous Tech News:
I'm sure their desktop environment is Windows for their non techies.
That's weird as that is a power user platform. You'd never put that in to make things harder jsut for the less capable staff if you don't for the good staff. But that's not really relevant, why would their applications be getting built on Windows regardless of that? And even if they were BUILT on Windows, why would the app deployment happen to Windows? What is used by some non-dev staff has zero to do with what is talking to their system.s
You're asking people to do things your way - we all know that's not the typical way.
No, I'm asking people to do their jobs and do them well. Nothing more. Basic competence.
-
Optus (second largest telco in Australia) has been compromised and customer data loss has been confirmed
https://www.itnews.com.au/news/optus-attack-exposes-customer-information-585567
