1. If you're receiving a message that you are banned from the Current Events or Politics forums, it's not you specifically: those forums have been hidden for all users. For more info, see here.
    Dismiss Notice

Consolidated Business & Enterprise Computing Rant Thread

Discussion in 'Business & Enterprise Computing' started by elvis, Jul 1, 2008.

  1. tobes

    tobes Member

    Joined:
    Dec 23, 2001
    Messages:
    4,153
    Location:
    Melbourne
    Its a weekness in 3G roaming protocols and poor service provider security. You can pretend you're the user roaming over seas and spoof the phone. Apparently can even set it up such that you continue to pass the messages through to the end phone so they don't notice.
     
  2. scips

    scips Member

    Joined:
    Apr 10, 2004
    Messages:
    533
    Location:
    Melb
    The last 2 places I've worked at have gone for closed on first touch as the #1 KPI, if ticket gets reopened then its a -1 and a good ripping from whoever had to reopen it for being a shit tech (or derpy client....we do have a lot of those)

    When I say closed on first touch that means either 1) client called, things got fixed without going back to them/vendor for more info/clarification, or 2) email logged ticket fixed without calling/emailing anyone
     
  3. Hive

    Hive Member

    Joined:
    Jul 8, 2010
    Messages:
    6,376
    Location:
    AvE
    Ahh friday.... oh

    [​IMG]

    And not even directed to the right company. FML.
     
  4. PabloEscobar

    PabloEscobar Member

    Joined:
    Jan 28, 2008
    Messages:
    14,610
  5. NSanity

    NSanity Member

    Joined:
    Mar 11, 2002
    Messages:
    18,387
    Location:
    Brisbane
    You know... this is far more concerning...

    https://outflux.net/blog/archives/2016/10/18/security-bug-lifetime/

     
  6. power

    power Member

    Joined:
    Apr 20, 2002
    Messages:
    66,926
    Location:
    brisbane
  7. NSanity

    NSanity Member

    Joined:
    Mar 11, 2002
    Messages:
    18,387
    Location:
    Brisbane
    inb4 elvis pops in that his superpuppets fixed this whilst his milk was steaming for his morning coffee
     
  8. PabloEscobar

    PabloEscobar Member

    Joined:
    Jan 28, 2008
    Messages:
    14,610
    Checks Outlook Calendar (Because Exchange Roxxors)

    Yup, Monthly Open Source many eyes vs Security through obscurity recurring meeting is set to today.

    <GuilesTheme.Mp3>

    Round 1.... Fight.
     
  9. cvidler

    cvidler Member

    Joined:
    Jun 29, 2001
    Messages:
    15,308
    Location:
    Canberra
    and it's not remotely exploitable (by itself).
     
  10. NSanity

    NSanity Member

    Joined:
    Mar 11, 2002
    Messages:
    18,387
    Location:
    Brisbane
    Many eyes security only really works if the people looking are actually looking AND are actually qualified to look (see OpenSSL).

    Obscurity doesn't really provide any advantages tbh. Though once a flaw is found and circulated, FOSS probably has the upper hand in terms of resolution.
     
  11. NSanity

    NSanity Member

    Joined:
    Mar 11, 2002
    Messages:
    18,387
    Location:
    Brisbane
    is it priv escalation?
    can it be done from any account?

    (did not read TFA).
     
  12. PabloEscobar

    PabloEscobar Member

    Joined:
    Jan 28, 2008
    Messages:
    14,610
    Yes, its right their in the URL :).

    SQL Injection to Root, and found in the wild.

    I don't normally like naming bugs but "Dirty Cow" (due to the exploits being part of the copy-on-write memory stuff) is such an amazing name, that this gets a pass.
     
  13. wintermute000

    wintermute000 Member

    Joined:
    Jan 23, 2011
    Messages:
    2,562
    I've known of accounts before where the contract negotiated stiff penalties for SLA breaches, so the MSPs just hired people specifically to pick up the incoming tix and call the user just to let them know the ticket was acknowledged. SLA penalties saved for the price of a couple of minimum wage grunts.
    Its all part of the ITIL game (spits)
     
  14. GreyWolfe01

    GreyWolfe01 Member

    Joined:
    Aug 1, 2001
    Messages:
    2,321
    Location:
    Sydney, Australia
    It's all down to what you agree in the contract.

    I'm about to negotiate penalty clauses into our contract with our indian dev team. Should be fun. :Paranoid:
     
  15. PabloEscobar

    PabloEscobar Member

    Joined:
    Jan 28, 2008
    Messages:
    14,610
    Every time anyone says "Do the Needful, you must pay us 1 Million dollarydoos"
     
  16. GreyWolfe01

    GreyWolfe01 Member

    Joined:
    Aug 1, 2001
    Messages:
    2,321
    Location:
    Sydney, Australia
    More along the lines of 'when you fuck up (not if) and don't deliver shit on time and/or tested to an agreed standard, we will whack you with a decent fine per day it is not delivered'.
     
  17. NSanity

    NSanity Member

    Joined:
    Mar 11, 2002
    Messages:
    18,387
    Location:
    Brisbane
    Had a snackpack for lunch.

    Thank fuck i just have to build a dev SQL server on a client machine. Much more than this and i'd probably die.
     
  18. Daemon

    Daemon Member

    Joined:
    Jun 27, 2001
    Messages:
    5,471
    Location:
    qld.au
    What you'll probably find is that it's typical of many software lifecycles, just that most don't have open data to analyse. The severity of the bugs also needs to be considered here, out of the 557 only 2 were critical. It does highlight the value of kernel self protection, which is what the author was trying to raise awareness about.

    Just waiting upstream kernel releases and my systems live patch daily, so the weekend will be relaxing and enjoying beer as normal :)
     
  19. OP
    OP
    elvis

    elvis Old school old fool

    Joined:
    Jun 27, 2001
    Messages:
    44,857
    Location:
    Brisbane
    This bit stood out for me:

    "While we’re getting better at fixing bugs, we’re also adding more bugs."

    That's pretty much my take on software in general. Not surprising really. There's more software in the world than ever before. And there are more software developers than ever before, which means the diversity in coding ability is growing, as is the diversity in give-a-shit levels (the "I do this for a job" folks versus those who are passionate).

    I dunno what the answer is. All I know is, the whole lot is getting worse, and it's fucking more people in bigger ways every time.

    I think about 100 pages back we talked about getting out of IT, and starting up an "IT Insurance" firm. I still think that's a more lucrative job for less effort.

    I would, but the coffee machine got upgraded to the IoT model, and got hacked.
     
  20. PabloEscobar

    PabloEscobar Member

    Joined:
    Jan 28, 2008
    Messages:
    14,610
    I don't care if my Coffee machine is participating in DDOS of Brian Krebs... if it still makes my Coffee, I'm not changing it.
     

Share This Page

Advertisement: