Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
@irene my bad; essentially this partucular group decided to give a presentation to the entire company on exactly how and why security was failing at doing their job.
They made up statistics, fabricated stories, and even made up incident details for things that never happened.
Example: "We have lost terabytes of data to THE ENEMY!"
This is just entirely false and it's so vague that it could be interpreted any number of ways. Sure there's been data exfiltration, but the biggest one was 80GB of pictures from someone's PC, and they didnt even get to finish the transfer.
Is that enough dirty details for you guys? -
@arcsector Just a suggestion... avoid revealing exact (or very closely round-up) numbers in public when working in ITSec :) This is a good way to compromise your annonimity to those particular people who you should be hiding from the most ;) After that - soc engg all the way forward and you're cooked!
I mean... They must have seen they had fetched that amount of data from you before you cut them off. It's not very difficult to connect dots ;)
As for the question -- we always want more and we always want juicy details! :) -
@netikras if you're referring to the number i posted, don't worry; i haven't revealed anything yet, as any good security professional knows, but I'll take that into consideration. That's probably the hardest part of security; deciding what you can share and with whom.
If you're referring to the numbers the group blasted to the company in the story, they were made up too. -
mt3o19135y@arcsector i get your point, you sure can be angry. Someone did something similar to me too.
Just keep in mind that with security, possibility of something happening in poses enough danger. I think I don't have to explain to you ;)
What I would do was to impose restrictions on that team to prevent them from violation of the rules ;) -
@mt3o oh dont worry restricting deployments is way above my paygrade. I think they're being reactionary, but its a long history in the making that led to this decision. The beef has aged long enough.
Related Rants
Alright boys, let me tell you how someone fucked up so hard they got their deployment schedule delayed "indefinitely".
Being security, we get to oversee most deployments, and we especially get to oversee all deployments that are on IT-managed tech. Knowing fullwell about this fact, some dumb motherfuckers woke up and thought to themselves "You know what would be good fun? To piss on security's asshole and then try and ream them up the backside before they notice the piss!"
Well let me tell you, we noticed. And our boss noticed. And his boss noticed. And the CIO noticed. Thus it came down the chain that this particular group of lie-spurting, baseless accusation-leveling group of developers would have their deployments put on hold. How long? "A while."
I have never quite heard my higher-ups this mad before, but damn if i dont share in their enthusiasm to stick it to entitled cunts.
rant
just close your trap
lying
deployment