TLDR: Small family owned finance business woes as the “you-do-everything-now” network/sysadmin intern

Friday my boss, who is currently traveling in Vegas (hmmm), sends me an email asking me to punch a hole in our firewall so he can access our locally hosted Jira server that we use for time logging/task management.

Because of our lack of proper documentation I have to refer to my half completed network map and rely on some acrobatic cable tracing to discover that we use a SonicWall physical firewall. I then realize asking around that I don’t have access to the management interface because no one knows the password.

Using some lucky guesses and documentation I discover on a file share from four years ago, I piece together the username and password to log in only to discover that the enterprise support subscription is two years expired. The pretty and useful interface that I’m expecting has been deactivated and instead of a nice overview of firewall access rules the only thing I can access is an arcane table of network rules using abbreviated notation and five year old custom made objects representing our internal network.

An hour and a half later I have a solid understanding of SonicWallOS, its firewall rules, and our particular configuration and I’m able to direct external traffic from the right port to our internal server running Jira. I even configure a HIDS on the Jira server and throw up an iptables firewall quickly since the machine is now connected to the outside world.

After seeing how many access rules our firewall has, as a precaution I decide to run a quick nmap scan to see what our network looks like to an attacker.

The output doesn’t stop scrolling for a minute. Final count we have 38 ports wide open with a GOLDMINE of information from every web, DNS, and public server flooding my terminal. Our local domain controller has ports directly connected to the Internet. Several un-updated Windows Server 2008 machines with confidential business information have IIS 7.0 running connected directly to the internet (versions with confirmed remote code execution vulnerabilities). I’ve got my work cut out for me.

It looks like someone’s idea of allowing remote access to the office at some point was “port forward everything” instead of setting up a VPN. I learn the owners close personal friend did all their IT until 4 years ago, when the professional documentation stops. He retired and they’ve only invested in low cost students (like me!) to fill the gap. Some kid who port forwarded his home router for League at some point was like “let’s do that with production servers!”

At this point my boss emails me to see what I’ve done. I spit him back a link to use our Jira server. He sends me a reply “You haven’t logged any work in Jira, what have you been doing?”

Facepalm.

!dev rant about social media 🤡 s like this one.

I hate when people seek for a reason to bitch on social media. This tweet for example.

1) I went to a small high school (small compared to a lot) and we still had a personal management class and this was covered.
2) Who the fuck uses checks still.
3) It's addition and subtraction, not brain surgery.
4) if you actually cared, Google it. There's a shit ton of information on balancing a check book out there.
5) You're probably in debt due to a shitty lifestyle combined with terrible money management, but keep playing victim. It's never your fault.

But of course she doesn't care. It's another case of someone wanting a reason to bitch and moan on social media. Get a hobby you clown.

Oh wow, so many memorable co-workers, though typically not in a positive way. I guess the most memorable was this project manager who got his job solely through nepotism. He was a fucking moron, putting it lightly. He would rattle off buzzwords and jargon that he had randomly picked up in a completely nonsensical way, which made him sound even more ridiculous. He didn't seem to notice our blank stares.

Anyway, since he loved to show everyone just how awesome he was, he had to have the latest and greatest laptop. He had some top-of-the-line model which cost an insane amount of cash back in the day, but of course he got bored of it when something better came out six months later. So he decided to sell his old laptop.

Now, this was his personal laptop he was selling but we were about three months away from launching a top-secret project which had a seven figure budget and a lot riding on it. So what did this absolute goose do? He sold his laptop unformatted with a metric shit ton of confidential files and documents on it. As fate would have it... he sold it to someone who just so happened to work for a competing company.

Cut to about two and a half months later, around two weeks before the launch of this massive project, our competition comes out with something incredibly similar and beat us to market. Aghast, senior management then found out that they had obtained a treasure trove of confidential information from this numpty's laptop, handed to them on a silver platter.

The following Monday, with a sombre mood in the office, this guy cheerfully comes in through the door and is immediately yanked into the boardroom by management. What followed was around thirty minutes of brutal, relentless, non-stop shouting, table- banging and obscenities. When it finally stopped, the door quietly opened, this guy walks out as white as a sheet, turns towards the exit and left the building.

We never saw him again.

Oh boy I got a few. I could tell you stories about very stupid xss vectors like tracking IDs that get properly sanitized when they come through the url but as soon as you go to the next page and the backend returns them they are trusted and put into the Dom unsanitized or an error page for a wrong token / transaction id combo that accidentally set the same auth cookie as the valid combination but I guess the title "dumbest" would go to another one, if only for the management response to it.

Without being to precise let's just say our website contained a service to send a formally correct email or fax to your provider to cancel your mobile contract, nice thing really. You put in all your personal information and then you could hit a button to send your cancelation and get redirected to a page that also allows you to download a pdf with the sent cancelation (including all your personal data). That page was secured by a cancelation id and a (totally save) 16 characters long security token.

Now, a few months ago I tested a small change on the cancelation service and noticed a rather interesting detail : The same email always results in the same (totally save) security token...
So I tried again and sure, the token seemed to be generated from the email, well so much about "totally save". Of course this was a minor problem since our cancelation ids were strong uuids that would be incredibly hard to brute force, right? Well of course they weren't, they counted up. So at that point you could take an email, send a cancelation, get the token and just count down from your id until you hit a 200 and download the pdf with all that juicy user data, nice.

Well, of course now I raised a critical ticket and the issue was fixed as soon as possible, right?
Of course not. Well I raised the ticket, I made it critical and personally went to the ceo to make sure its prioritized. The next day I get an email from jira that the issue now was minor because "its in the code since 2017 and wasn't exploited".

Well, long story short, I argued a lot and in the end it came to the point where I, as QA, wrote a fix to create a proper token because management just "didn't see the need" to secure such a "hard to find problem". Well, before that I sent them a zip file containing 84 pdfs I scrapped in a night and the message that they can be happy I signed an NDA.

PayPal = GayPal

PHASE 1

1. I create my personal gaypal account
2. I use my real data
3. Try to link my debit card, denied
4. Call gaypal support via international phone number
5. Guy asks me for my full name email phone number debit card street address, all confirmed and verified
6. Finally i can add my card

PAHSE 2

7. Now the account is temporarily limited and in review, for absolutely no fucking reason, need 3 days for it to be done

8. Five (5) days later still limited i cant deposit or withdraw money

9. Call gaypal support again via phone number, burn my phone bill

10. Guy tells me to wait for 3 days and he'll resolve it

PHASE 3

11. One (1) day later (and not 3), i wake up from a yellow account to a red account where my account is now permanently limited WITHOUT ANY FUCKING REASON WHY

12. They blocked my card and forever blocked my name from using gaypal

13. I contact them on twitter to tell me what their fucking problem is and they tell me this:

"Hi there, thank you for being so patient while your conversation was being escalated to me. I understand from your messages that your PayPal account has been permanently limited, I appreciate this can be concerning. Sometimes PayPal makes the decision to end a relationship with a customer if we believe there has been a violation of our terms of service or if a customer's business or business practices pose a high risk to PayPal or the PayPal community. This type of decision isn’t something we do lightly, and I can assure you that we fully review all factors of an account before making this type of decision. While I appreciate that you don’t agree with the outcome, this is something that would have been fully reviewed and we would be unable to change it. If there are funds on your balance, they can be held for up to 180 days from when you received your most recent payment. This is to reduce the impact of any disputes or chargebacks being filed against you. After this point, you will then receive an email with more information on accessing your balance.

As you can appreciate, I would not be able to share the exact reason why the account was permanently limited as I cannot provide any account-specific information on Twitter for security reasons. Also, we may not be able to share additional information with you as our reviews are based on confidential criteria, and we have no obligation to disclose the details of our risk management or security procedures or our confidential information to you. As you can no longer use our services, I recommend researching payment processors you can use going forward. I aplogise for any inconvenience caused."

PHASE 4

14. I see they basically replied in context of "fuck you and suck my fucking dick". So I reply aggressively:

"That seems like you're a fraudulent company robbing people. The fact that you can't tell me what exactly have i broken for your terms of service, means you're hiding something, because i haven't broken anything. I have NOT violated your terms of service. Prove to me that i have. Your words and confidentially means nothing. CALL MY NUMBER and talk to me privately and explain to me what the problem is. Go 1 on 1 with the account owner and lets talk

You have no right to block my financial statements for 180 days WITHOUT A REASON. I am NOT going to wait 6 months to get my money out

Had i done something wrong or violated your terms of service, I would admit it and not bother trying to get my account back. But knowing i did nothing wrong AND STILL GOT BLOCKED, i will not back down without getting my money out or a reason what the problem is.

Do you understand?"

15. They reply:

"I regret that we're unable to provide you with the answer you're looking for with this. As no additional information can be provided on this topic, any additional questions pertaining to this issue would yield no further responses. Thank you for your time, and I wish you the best of luck in utilizing another payment processor."

16. ARE YOU FUCKING KIDDING ME? I AM BLOCKED FOR NO FUCKING REASON, THEY TOOK MY MONEY AND DONT GIVE A FUCK TO ANSWER WHY THEY DID THAT?

HOW CAN I FILE A LAWSUIT AGAINST THIS FRAUDULENT CORPORATION?

Starting the day with Management complaining about budget and how R&D spends a lot. I start talking about the form to get a machine to a developer, that requires detailed information about the specs, proper justification, provide price comparison, fields of text which I know their departments will not check or fully comprehend BUT administration type departments always get the latest MacBook when their work literally involves little more than read emails, PDFs, write word documents and not high demanding software tools. R&D colleague suggests that a Raspberry pi would suffice for what administration personal needs out of a PC.
Management didn't comment.

I AM SO ANGRY! Today my job fired me for the stupidest reason!! A while back I lost my job a (non-important) client for having an "overactive temper" so my boss made me begin taking VRTAM (or virtual reality therapy for Anger Management). Well I attended the first couple things but decided to stop because they were definitely stealing my information. I don't know what sketchy website they found for that but as a dev I can tell when they are taking my personal information. Also there's no way it works I attended a couple sessions and nothing helped because I DONT HAVE ANGER ISSUES!!! Anyway my job found out I had been skipping them and when they confronted me they avoided my concerns and just fired me... Haven't told my wife yet, she's going to be so mad.

I want to know how a certain type of software is called.

I once saw a talk where someone tracked his personal life for a year or so. This means photos are tomestamped and have a geolocation. Emails and phone calls are timestamped as well ...

On a timeline software he could then see exactly where he was and what he did on a specific date like 2 years ago...

There's a name for software that tracks all kind of data about your personal life. I think it starts with m.

Three Layers of Security
As InfoWorld notes, all smartphones have three basic
elements of security. Your first major task as a mobile
user is to become aware of these layers and enable them
in your devices:
1. Device Protection: Allowing remote data "wiping" if your
device is ever lost or stolen.
2. Data Protection: Preventing corporate data from being
transferred to personal apps running on the same device
or personal network
3. App-Management Security: Protecting your in-app
information from becoming compromised.

CONSULT PROFESSIONAL BITCOIN RECOVERY EXPERTS // MAESTRO ENCRYPTER FINANCIER

You want to hear confidence-boosting success tales about getting your lost bitcoins back. Maestro Encrypter Financier has a remarkable history of assisting people and companies in getting their lost money back. Consider the instance of Connor Jack , who unintentionally sent his bitcoins to the incorrect address. Connor's face returned after Maestro Encrypter Financier used their knowledge and tenacity to track down the transaction and get his bitcoins back.
What distinguishes Maestro Encrypter Financier from other alternatives for recovering bitcoin? Above all, their team of professionals is well-versed in handling bitcoin transactions, which enables them to handle even the most complicated circumstances. Furthermore, their customer-focused methodology guarantees that you will receive tailored support and consistent updates during the recuperation procedure. To demonstrate the superiority of Maestro Encrypter Financier, let's compare their performance with that of their competitors. In a head-to-head analysis, Maestro Encrypter Financier consistently outperformed other recovery services in terms of success rate, speed of recovery, and customer satisfaction. Time and time again, they have proven their ability to recover lost bitcoins when others have failed. At Maestro Encrypter Financier, your privacy and confidentiality are of utmost importance. They employ robust security measures to safeguard your personal information and ensure that it remains strictly confidential. You can trust that your data is in safe hands throughout the recovery process. Not only does Maestro Encrypter Financier excel in recovering lost bitcoins, but they also prioritize helping clients protect their funds from future loss. Their team provides expert advice on the latest security practices, including wallet management and secure transaction techniques. By equipping you with the knowledge to safeguard your investments, Maestro Encrypter Financier goes above and beyond to ensure your long-term financial security. For enquiry, Email:(maestroencrypter @ financier . com) or call/ WhatsApp:+14722038937

BONJOUR Senior Elder Home Care: Providing Exceptional 24-Hour Home Care in NJ

At BONJOUR Senior Elder Home Care, we are dedicated to delivering compassionate and reliable in-home care services for seniors, especially those dealing with dementia and Alzheimer’s. Located in Scotch Plains, NJ, we proudly serve the local community and beyond with our high-quality around-the-clock care solutions. If you are looking for 24-hour home care in NJ, you’ve come to the right place.

Why Choose BONJOUR Senior Elder Home Care?
As a family-owned agency, BONJOUR Senior Elder Home Care understands the importance of comfort, security, and independence for your loved ones. We specialize in providing 24-hour home care in NJ for seniors who need assistance with daily activities, medical supervision, or companionship. Our caregivers are highly trained to offer the best care, whether your loved one is dealing with Alzheimer’s, dementia, or simply needs extra help with daily routines.

Our Services
BONJOUR Senior Elder Home Care offers a wide range of services designed to enhance the quality of life for seniors:

24-Hour Home Care in NJ: Our caregivers provide continuous support day and night, ensuring your loved ones are never alone.

Dementia & Alzheimer’s Care: We specialize in managing the needs of individuals with cognitive disorders, offering both physical and emotional support.

Personal Care: Help with bathing, grooming, dressing, and other daily tasks to maintain independence and dignity.

Companion Care: Offering companionship and socialization for seniors, reducing feelings of isolation and promoting emotional well-being.

Medication Management: Ensuring medications are taken on time and as prescribed.

Respite Care: Giving family caregivers a break while ensuring your loved one receives the best care.

Compassionate and Professional Caregivers
At BONJOUR Senior Elder Home Care, our team of caregivers is the heart of our service. We hand-pick every caregiver based on their qualifications, experience, and passion for working with seniors. Our team is trained to handle complex medical needs, including dementia and Alzheimer’s care, while also offering a warm and compassionate approach to caregiving. We pride ourselves on forming meaningful relationships with each of our clients, allowing seniors to feel safe, valued, and at ease in their own homes.

Serving the Scotch Plains Community and Beyond
Our office is conveniently located at 210 Haven Ave, Scotch Plains, NJ 07076, making it easy for us to provide 24-hour home care in NJ. We understand that each family’s needs are unique, which is why we work closely with you to create a customized care plan that fits your loved one's specific needs. Whether you require occasional help or full-time, around-the-clock care, we are here to help.

Your Trusted Partner in Senior Care
At BONJOUR Senior Elder Home Care, we believe that seniors deserve to live in the comfort of their own homes, surrounded by loved ones, and with the peace of mind that comes with having professional, attentive care. Our commitment to providing exceptional 24-hour home care in NJ ensures that your loved ones receive the support they need without having to leave the familiarity of their home.

For more information about our services or to discuss a personalized care plan for your loved one, please contact us at +1 (908) 447-4896. Let us help you give your family the peace of mind that comes with knowing your loved ones are in caring, professional hands.

Contact Information:
Business Name: BONJOUR Senior Elder Home Care
Address: 210 Haven Ave, Scotch Plains, NJ 07076, United States
Phone: +1 (908) 447-4896

Choose BONJOUR Senior Elder Home Care for reliable, compassionate, and professional 24-hour home care in NJ. We're here to help your loved ones live with dignity, independence, and peace of mind.

Nurturing Supports: Empowering Lives with Compassionate Support Services in Perth

At Nurturing Supports, we are dedicated to providing high-quality care and life-changing support to individuals in Perth, Western Australia. Our team of compassionate professionals offers a range of services, including life skills development, mental health support, and dedicated support workers. We are here to help individuals lead a more independent, fulfilling, and supported life, all within the comfort of their own homes or communities.

Life Skills Development Near Me: Empowering Independence
One of the cornerstones of our services at Nurturing Supports is life skills development. We understand that everyone has unique needs, which is why our tailored programs focus on teaching essential skills that allow individuals to gain confidence and independence. Whether it’s managing daily routines, learning budgeting and time management, or building communication skills, our team is here to guide you every step of the way.

If you’re searching for "life skills development near me" in Perth, look no further. Nurturing Supports provides personalized and structured programs designed to meet individual goals, ensuring every person we work with achieves the self-sufficiency they desire.

Mental Health Support Near Me: Caring for Your Well-being
Mental health is just as important as physical health, and at Nurturing Supports, we believe in offering holistic care that supports mental well-being. If you or a loved one is struggling with mental health challenges, our trained support staff are here to provide compassionate assistance. We offer counseling, coping strategies, and day-to-day support for individuals dealing with a variety of mental health conditions.

If you’re looking for "mental health support near me," our Perth-based team is ready to help. We provide a safe, non-judgmental space for individuals to express their concerns, receive guidance, and take steps toward emotional healing. Whether you're dealing with anxiety, depression, or any other mental health challenge, we offer personalized care to help individuals manage their conditions effectively.

Support Workers Near Me: Dedicated Help When You Need It
Sometimes, everyone needs a little extra help. Nurturing Supports understands that every individual has unique requirements, which is why we offer experienced support workers who are dedicated to providing assistance with daily living tasks. Whether it's assistance with personal care, household chores, or community participation, our support workers are committed to ensuring you or your loved one’s needs are met with dignity and respect.

If you’re in need of reliable and compassionate "support workers near me" in Perth, Nurturing Supports can help. Our team provides practical, hands-on support to empower individuals to maintain their independence, stay connected with their community, and live their best lives.

Why Choose Nurturing Supports?
Experienced & Compassionate Team: Our staff are highly trained and dedicated to providing the best care.

Tailored Services: We create individual care plans designed to meet the specific needs of each person.

Holistic Approach: We focus on the emotional, mental, and practical aspects of care to promote well-being.

Local Expertise: As a Perth-based company, we understand the unique needs of our local community.

Get in Touch Today
If you’re in need of life skills development, mental health support, or a dedicated support worker in Perth, Nurturing Supports is here to help. Reach out to us today at +61403100824 to learn more about our services or to schedule a consultation.

Let us help you or your loved ones achieve the support and independence you deserve.

Contact Information:

Business Name: Nurturing Supports

Address: Perth, Western Australia

Phone Number: +61403100824

BONJOUR Senior Elder Home Care: The Best 24-Hour Live-In Care for Seniors in New Jersey

When it comes to caring for elderly loved ones, especially those with conditions such as dementia or Alzheimer's, finding the right care is crucial. At BONJOUR Senior Elder Home Care, we provide compassionate, professional, and personalized care for seniors in the comfort of their own homes. Based in Scotch Plains, New Jersey, we offer 24-hour home care and live-in caregiver services to ensure that your loved ones receive the best possible attention, day or night.

Comprehensive Senior Care Services in New Jersey
At BONJOUR, we understand the unique needs of seniors, particularly those living with dementia or Alzheimer’s. Our team of trained caregivers is dedicated to providing private senior care that is tailored to each individual’s needs, ensuring that they feel comfortable, safe, and well-cared for. Whether it's helping with daily activities, managing medications, or offering companionship, our services are designed to improve the quality of life for your loved ones.

Why Choose BONJOUR Senior Elder Home Care?
24-Hour Home Care: We offer continuous support, ensuring that your senior family member receives attention whenever needed, no matter the time of day or night. Our 24-hour home care services provide peace of mind to families, knowing that someone is always there to help.

Live-in Caregiver Services: Our live-in caregivers are highly trained professionals who live with your loved one, providing constant, personalized care. This service is ideal for those who require ongoing assistance or supervision but prefer the comfort and familiarity of their own home.

Private Senior Care: We specialize in private senior care, offering a discreet and respectful approach to care. Our team respects your loved one's privacy and maintains a safe, caring environment for them.

Experienced and Compassionate Caregivers: Our caregivers are skilled in caring for individuals with dementia and Alzheimer’s disease, and they undergo rigorous training to ensure they provide the best care possible. They not only assist with physical needs but also offer companionship, helping to alleviate the emotional challenges that often come with aging.

The Best Home Care Agency in New Jersey: As a leading home care agency in New Jersey, BONJOUR Senior Elder Home Care has built a reputation for providing exceptional care. We are known for our reliability, professionalism, and compassionate approach to senior care, making us the top choice for families seeking quality services in the area.

Tailored Care Plans to Meet Your Loved One's Needs
We believe in creating customized care plans that cater to the individual needs of each senior. Whether it’s medication management, personal hygiene assistance, or simply providing companionship, we ensure that each aspect of your loved one’s care is covered.

Convenient Location and Contact Information
Located at 210 Haven Ave, Scotch Plains, NJ 07076, BONJOUR Senior Elder Home Care serves the surrounding areas of New Jersey, ensuring that families can access our trusted services easily. To learn more about how we can assist your family with 24-hour home care or to discuss your specific care needs, please contact us at +1 908-447-4896. Our friendly and professional staff are always ready to answer your questions and help you make the best decision for your loved one’s care.

Contact Us Today for the Best Home Care in NJ
When you choose BONJOUR Senior Elder Home Care, you’re choosing the best care for your loved one. We are here to offer live-in caregiver services and private senior care with the compassion and dedication you expect. Trust us to be your partner in providing top-quality 24-hour home care in New Jersey.

BONJOUR Senior Elder Home Care—Because your loved ones deserve the best care, right at home.