Since we've had a bunch of new infosec people join recently, I would like to revive our fun posts.

Share cringe-worthy infosec incidents from your personal experience using the above tag. No need to reply to this thread; just tag them. Bonus points if you were responsible for said fail.

Hit the tag for past examples.

@voltronic

A decade ago, I supported a client/server app that used 3 TCP ports. Had a client who refused to use default ports for anything “for security”. Regularly called in with network/connectivity problems. Would also refuse to acknowledge exactly how his was set up. Finally got him to send in a config file.

(1/2)

Follow

@voltronic (2/2)

“This is obfuscated, right? You’re not actually using TCP ports 1, 2, and 3, right?”


“Oh! Shoot! I meant to obfuscate! <sigh> Yes, we are using 1, 2, 3.”


“…” <facepalm>

“I… Don’t use those. Pick different ports.”


“Okay, how about if I just add five-zero to the beginning of your default ports?”


“…” <triple facepalm> (All our ports were 4 digits.)

“That…. Just… 

No.”

This was head of infosec at MAJOR IT shop. I haven’t bought from them since.

@voltronic The other good incident was overhearing two coworkers discuss a case.
Cow-orker 1: <discussing all the extreme security precautions of the client, can’t send logs, difficulty getting info>
Cow-orker 2: “Who do they think they are, the <three letter agency>”
C1:”Actually, yeah, that’s exactly who it is:”
C2: “Oh… Okay then.”

Sign in to participate in the conversation

CounterSocial is the first Social Network Platform to take a zero-tolerance stance to hostile nations, bot accounts and trolls who are weaponizing OUR social media platforms and freedoms to engage in influence operations against us. And we're here to counter it.