so many stolen details
every janky site will be asking people for something like personal data or credit card details or something and the less trustworthy will make free with everything you give them.
737 publicly visible posts • joined 14 Nov 2012
a few times i've had a question on pointers for how to do something algorithmically - asked for a complete code sample so they can give me a ready-made solution as if i asked for that.. or i've asked to do something without using an external library, all answers were links to libraries
and every response i've had has been needlessly snarky as hell from top-ranked contributors
now i remember why it'd been a 5 year gap since i last posted
The thing is that the companies get pentested before going on hackerone etc so the stuff to find is already fairly difficult, after that as soon as a new company is up they're bombarded by some very very good pentesters. A more interesting study would be the median bounty awarded per active user which i suspect would tell a different story...
The worst thing is these guys will probably get hired after Club Fed because they are an "IT genius" in some PHB's deluded braincell.
the american security clearance review/appeal documents for real individuals are publicly available, and from those I can safely assume that these guys will never in their lives get a job in IT security for any US gov agency. They don't care how good you are; if you're not completely 100% trustworthy you're out the door, especially in these post-snowden days
It's fine when you have permission to do it, there's a site I visit (https://hashkiller.co.uk/md5-decrypter.aspx) which gives you a popup asking for permission and explaining what you're agreeing to. fine, i can get behind that, as long as i'm not doing anything more important elsewhere on the computer why not, but that popup asking me is the key aspect here
Wagilefall
Even when development teams have nailed agile, pumping out builds weekly gleefully (or, monthly for the languid), as Oti points out above, they often are not able to actually deploy their code to production.
yep! everything's agile after management pushed for it. After great effort we now pump out regular code... management themselves however weren't prepared for it to actually work* and the code ships with the same schedule as when it was waterfall
*3 years and counting
I'm the same, still on a oneplus one because it's still functional and not outdated in any way i use it. I usually skip a few generations with each new buy and usually then because the device has died of old age
Security-wise though it sucks that i'd be better off replacing my phone 6 months after buying it
Reg commentards: "Oh fuck off then google. threatening to leave because we want you to stop your dodgy tax loophole arrangements well GOOD"
Also Reg commentards: "they think IT contractors aren't paying tax? just because i pay myself dividends from a company in the caymans which is also me? well i am absolutely flabbergasted and shocked at the sheer cheek of it! i'll just leave and THEN see what happens GATHER THE PITCHFORKS MEN"
IT contractors in "everyone should pay tax except IT contractors" shocker
I think it's a good idea partially; have each team take responsibility for security in their own area from the ground up (ie talking about security during design sessions, coding defensively) and then the security team can be lessened and won't have to push back on things, they can also act as overall co-ordinators, policy-setters and educators, as well as ensuring that although two components may be secure in their own right that they don't introduce a vulnerability when used together
if you have one team doing it all at the end of the process of course they're going to have to say "no" a lot and push back on things because they're there after the mistakes have been made and we all know prevention is better (and cheaper) than cure, the solution is to have security at every stage, and that includes where they currently traditionally sit
get political capital from asserting that we could fix poverty and social injustice if we only took the money.
ever the ways of the opposition!
"that's bad you shouldn't do that, hi everyone look how crap they are"
"what would you do instead?"
"THAT'S NOT THE ISSUE STOP DERAILING US!"