Since we've had a bunch of new infosec people join recently, I would like to revive our fun #infosecfail posts.
Share cringe-worthy infosec incidents from your personal experience using the above tag. No need to reply to this thread; just tag them. Bonus points if you were responsible for said fail.
Hit the tag for past examples.
A decade ago, I supported a client/server app that used 3 TCP ports. Had a client who refused to use default ports for anything “for security”. Regularly called in with network/connectivity problems. Would also refuse to acknowledge exactly how his was set up. Finally got him to send in a config file.
(1/2)
@voltronic The other good incident was overhearing two coworkers discuss a case.
Cow-orker 1: <discussing all the extreme security precautions of the client, can’t send logs, difficulty getting info>
Cow-orker 2: “Who do they think they are, the <three letter agency>”
C1:”Actually, yeah, that’s exactly who it is:”
C2: “Oh… Okay then.”