There, I finally used it as a story title.. >;*)
OK, this story
I mean, WTF…..
God help these cunts if they ever get a look at my (whole disk bit-locker encryption) work laptop, which has amongst other things all the details of all the sites of all the corporate customers, which is probably 75% of all the high street and FTSE 500 names, and a bunch of other businesses and companies you have never heard of, like the ones running your schools and hospitals.. not to mention carrying around the physical keys and pass-cards to walk into basically any of the telecomms hubs or local exchanges, and BTW the bigger of these masquerade in plain sight like CIA fronts, The United Fruit Company and all that.,
Leaving aside for one moment the hilarious irony that you get handed all this shit when you join the company, in the same way a sales guy gets handed a company car, it is an essential tool to do the job, and yet you can for whatever mysterious or not so mysterious reason fail one or more of the various security vetting procedures required to work on certain sites, OK, so you don’t trust me to (for example) go and do some work in the civilian / clerical section of the local police station, but I am walking around with access to the backbone itself… way to go sherlock…
As one commentard said, quite correctly, even though he posted anon, which means he is in the same game as me
Why people are under the illusion that ISPs knowing their email passwords is some kind of scandal is a mystery though. Of course they do. Sky knows what programs you watch, LG tv’s report home with the filenames of videos you want on your network (seen midgetpr0n.mkv lately?) OpenDNS knows every single site you browse, companies you’ve never heard of who provide transit to your ISPs routinely analyze your email messages to cut down on bandwidth wasted by spam, Facebook, Twitter, Google+, YouTube support can access every single thing you have ever posted or written on their sites. ISP support being able to check your email account is no different, it’s not some conspiracy to spy on you. If a company provides support for a service which you subscribe to in some way, then they have access to your account. Support doesn’t work without it.
Which is all true, it is just funny that it is a minority opinion and not blatantly obvious accepted fact on what is purported to be a tech specific IT specific website….
But oh noes, it is a bweach of my pwivacy, I want a password that NOOOOOOBODEE else ever knows, so that when I log into my fuckbook page and update the NSA/CIA/GCHQ database with my latest private information the nasty ISP staff cannot spy on me….
We get handed spreadsheets containing everything we could possibly need to know for all 950 ACME corp sites in the country, for example, for one reason and one reason only.
It’s easier for HQ to keep all the field guys updated with the latest revision of said master spreadsheet, as opposed to some droid in HQ going through said spreadsheet and only sending me today’s work/job details… a scenario that frankly I personally would HUGELY prefer, I fucking hate spreadsheets, especially ones that scroll 4x screen width left and right, in tiny text.
As one commentard said “Do you know how CHAP works” which whooshed over everyone’s head, sure, the plain-text password may not be actually sent in plain-text over the network, but the user-land device has to KNOW the fucking password to generate the hash, and unless the user-land device is a fucking psychic electronic mind-reader, some poor cunt has to type it in, and generally speaking to be able to type something in I have to know what I am typing.
Any additional levels of security provided by HQ only sending me that specific client’s details on that day, and that data itself as a password protected file, is utterly meaningless. Utterly. Fucking. Meaningless.
You know, if you really want to, to keep you safe from terr’rists and paedos and suchlike, we could make a car powered by mystery meat with all the powerplant and controls and drivetrain all welded shut, factory only access, hell, rolls royce did it back in the day, but the weak link in the chain is still YOU and the door and ignition keys that YOU hold, and do not secure adequately.
You want to live in a fucking technological world where shit like t’internet and telephones and computers just work, mainly… well you have to have a bunch of guys like me wandering around with the tools we need to do the job, and those tools are going to grant me access to all sorts of data.
One of our “clients” is a place that deals with vulnerable youth, deals with as in houses them, I turn up at one site last week and the person who answers the door remembers my face from another one of their sites that I visited previously, now THAT is authentication and security… I know this man.
I’m not going to go all Cryptome on your asses, that is Bruce’s job and he does it excellently, but the fact is, as the title says, 99% of people are too dumb to be allowed anywhere near the internet.
Back in 2000 there was a story doing the rounds, I have always liked it, some bitch calls Dell technical support, the poor bastard on the end of the line spends 45 minutes going through shit, or trying to, with this dumb bitch, so he eventually asks her a question, madam, do you still have the boxes the computer came in? Oh yes, she says, well that’s great says the support droid, I need you to pack the computer up and send it to us, oh, she says, is it that serious, oh yes he says, so what is the problem she says, what do I tell them when I send the computer back, and he says tell them you are too fucking stupid to use a computer.