Page 140 of 140 FirstFirst ... 4090130138139140
Results 1,391 to 1,393 of 1393

Thread: IT Geek Speak ... IT Professionals and the like

  1. #1391
    RiderCoach 8000 Posts! WoodstockJeff's Avatar
    Join Date
    Jan 2007
    Location
    Woodstock, IL
    Posts
    8,665
    Blog Entries
    1
    Last week, one of our data sources stopped functioning for unknown reasons. We opened a trouble ticket, and were immediately told that the issue was with a server migration that was in process, and it would stabilize "in a few weeks".

    Well, this wasn't a good outcome considering that the data was "mission critical" to one of the customers, so we experimented and devised a way to get the data, albeit by requesting it multiple times until a working server was found.

    Less than 12 hours after we put the "fix" in place, the last of the working servers was taken off-line.

    After a marathon programming session, we discovered the real cause - the data was being sent, but it was in invalid XML documents. Because the XML failed validation, the transfer program had no source of data. The XML contained non-UTF characters embedded in an allegedly UTF-8 XML document.

    We added code to our application to strip out the non-UTF data and make the XML valid again, and canceled the trouble ticket with a message saying, "We found what you broke. We've worked around it."

    "Oh, did you find that non-UTF characters were being inserted? We have programmers working on fixing that."

    "And you couldn't tell us this 5 days ago, when you sent us off down a rabbit hole to a fix that almost worked, until you broke something else?"

    Still no answer to that question.

    Root cause is they switched from a database that stripped all non-ASCII character from the data to one that had lots of marketing-added symbols that were non-ASCII and non-UTF (actually using a Windows codeset), and didn't realize that the data was different. Then they doubled-down by not stopping the migration until they fixed the problem, AND "neglected" to inform anyone of the problem...

    And they chastise us for not doing things in the proper "Enterprise" model, like they do...
    Jeff

    "The future is so much easier to predict when you have a handle on how you arrived at now.... Works with traffic just as well as the rest of life. "

    "Modern Liberalism: The embodiment of an irrational fear of letting other people run their own lives."

    '13 XT250
    '10 ZG-1400 (operational again)

  2. #1392
    RiderCoach 8000 Posts! WoodstockJeff's Avatar
    Join Date
    Jan 2007
    Location
    Woodstock, IL
    Posts
    8,665
    Blog Entries
    1
    Another year (or so), and multiple rounds of stupidity.

    Today, I get an email advising me that I have to take training in how to recognize phishing attempts. I returned the email to the IT department of the community college with multiple highlights, pointing out the "phishing attempt warning signs" that their message had, including "go to this server on some other domain, and enter your college login credentials", failure of multiple forms of message origin authentication, and origin from a system known for a high percentage of compromised accounts.

    We'll see tomorrow whether or not I still have to take the training.

    And the PenTest antics of yesteryear continue, although the person in charge of running them now knows (mostly) what will break their tester. And since we have a copy of the tester, we have been tweaking things between their tests. Not in ways that are specific to breaking the tester, but ways that fix what the tester is trying to find. We're done to zero defects found in our testing, but...

    Their latest issue was that if you included a test for SQL and LDAP injection, you got different page content back than if you didn't have the test. Of course, every successful submission will return unique information; the injection was completely ignored (LDAP isn't even installed). "Oh, we'll have to ignore those results."

    I'm waiting for them to ask about why they keep getting logged out when testing things that we feel SHOULD log them out.
    Jeff

    "The future is so much easier to predict when you have a handle on how you arrived at now.... Works with traffic just as well as the rest of life. "

    "Modern Liberalism: The embodiment of an irrational fear of letting other people run their own lives."

    '13 XT250
    '10 ZG-1400 (operational again)

  3. #1393
    RiderCoach 8000 Posts! WoodstockJeff's Avatar
    Join Date
    Jan 2007
    Location
    Woodstock, IL
    Posts
    8,665
    Blog Entries
    1
    Phishing email test: The one I reported recently was NOT the phishing email test. It was an actual "you must complete this task" assignment on privacy, explaining how we had to avoid asking for information that would be "sensitive in nature" and "subject to privacy laws". You know, the kind of thing that we're required to ask to fulfill our jobs.

    The actual test email arrived this week. It was so painfully obvious that you'd think no one would fall for it. Really, "Macrosft Outl00k security department"? Obviously fake logos with typos, rather than image links to genuine sources? Content so screwball that even Microsoft Office365's servers flagged the message as a phishing email in a banner across the message, before displaying it to the user?

    But, like their last test, they'll probably get a 20-30% hit rate. And most of those will probably be the "social media" types that believe whatever is sent to them.

    But, I don't envy their IT people. I only have to teach email paranoia to 5 people, not more than a thousand.
    Jeff

    "The future is so much easier to predict when you have a handle on how you arrived at now.... Works with traffic just as well as the rest of life. "

    "Modern Liberalism: The embodiment of an irrational fear of letting other people run their own lives."

    '13 XT250
    '10 ZG-1400 (operational again)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •