A case study in why credentials are revoked before firings.
Commits hundreds of crimes then starts bringing up god. Class act.
Call me sexist but that guy has really girly handwriting
Just needs to dot his "i"s with hearts.
To be fair, what else could they do with that keyboard.
That’s like a huge key at least with 2.5x the size of a normal using USB C to estimate the ratio.
It’s not what that image is, but keychron released a single giant key keyboard a little while back. Similar idea at least. Sold out immediately.
Muneeb Akhter asked Sohaib Akhter for the plaintext password
The more scary part in this story is that the government stores your passwords in plain text!
So basically ANYONE with access to the database can steal your credentials, including employees, the government and any authorities.
Never re-use passwords.
Every place I have worked, most of HR and like half of finance/accounting has access to your social security number, full address and phone number. Sometimes even the password and security questions you used for whatever BS portal they made you setup an account in.
Never heard of hashing and salting apparently
“Oh yeah we did that at the last company barbeque event. They hashed and salted all the steaks”
And why couldn’t they have done that to the student loans system?
Like JFC, they could have instantly made themselves immune from trial-by-jury anywhere in America by doing that one tiny thing.
Oh for something important like that we have backups.
Student loans are loans from third party lenders which are cosigned by the federal government for collateral.
Even if every government record of it were destroyed, the loan servicers would have perfect multiple ledger copies of it all.
Fight Clubs HATE this one simple trick!
Probably not one of the 96(+) databases they had :(
DROP TABLE students
Peter Thiel probably has a backup copy now from doge unfortunately.
Wasn’t that a premise in Mr Robot?
It was kinda the premise of Fight Club, although private sector instead of public
Why were they storing passwords in plaintext in the databases?!
Pretty sure thats part of the illegal thing done by these two, no?
First time reading about government systems, eh?
Because like all critical infrastructure it was setup by somebody’s kid on work experience
Or some poor guy who is setting it up, because it is a one off and just get it done project, that metastasizes into a fucking mess.
Or lowest bidder contractor.
All contracts go to the lowest bidder.
Fun fact, if the federal government contracts your company for a service, you arent legally allowed to sell it others for less.
Correct.
That’s only usually true, but heavily depends on category. If someone is offering some service like software or managing employee benefits it can often be outweighed by other factors.
Why not? National Safety Department of Slovak Republic (Narodny Bezpecnostny Urad) had password NBUSK123… just government things
No, that was a bit different.
login: nbusr
password: nbusr123my bad
The K in password doesnt match Republic in the name.
Totally secure.
It’s like leaving your car door unlocked in a bad neighborhood so your window doesn’t get smashed for the $.36 in the center console. Attacker might take the prize and go without showing that everything around it is just as poorly-built.
Well how else would they help the users if they ever forgot their passwords? Duh.
/s
Probably for the same reasons web browsers store them in plain text: They don‘t care.
the same reasons web browsers store them in plain text
Why one web browser stores them in plain text. Fucking Edge.
Who knows about the others, but I can pretty much guarantee you that Librewolf, for example, isn’t doing that shit.
If you can autofill passwords without authenticating in some way, they are probably either stored in plaintext, or encrypted with a key that is stored in plaintext. Cause, like, how is it supposed to magically encrypt it.
That’s how computers work, dummy. Magic.
Firefox and chromium browsers also store them in plain text. I know because I literally copied them from a file when setting up my password manager.
I believe Firefox (and forks) only encrypt if you have set a master password.
Back in 2015, the brothers pled guilty in Virginia to a scheme involving wire fraud and computers. Muneeb was sentenced to three years in prison, while Sohaib got two.
I’m not gonna say there were signs that these two weren’t the most law abiding of citizens to begin with, buuuuut…
I briefly worked with a government client that would bring in prison laborers to collect trash. From the IT building of the tax agency.
But don’t worry, they were just white collar criminals. You know, people who only went to jail for stealing… financial data… The very thing that was accessible in that building.
Genius.
I don’t think that you’d be able to do much with that information as a prisoner.
You would be surprised, I’m sure there are a lot of foreign agents in US Prisons. Great place to train insurgents and radicals.
wire fraud
Relatives of El Nasir?
Company only paid for a 7 year background check, so you mis them getting out of prison 8 years ago.
Oh I’m sure the government loved taking them, since >Half of all Politicians are corrupt fraudsters.
OPEXUS is not the government, it’s a contractor hosting government databases.
deleted by creator
Its always interesting when people are both very smart and also very stupid at the same time.
Knowledgeable and smart are not the same thing. These two are very knowledgeable about the systems they worked on and database manipulation, believe it or not these are not hard skills to learn. But they were incredibly dumb regardless given every single action they took at every point in their lives.
Fun fact. In psychology assessment this are being called hard skills: very technical abilities for doing specialized tasks; and soft skills: social and emotional abilities to navigate social contexts, manage conflict and self regulate emotions.
Hard skills are easier to teach, while soft skills are very hard.
soft skills are very hard
🤔
Hard skills are easier to teach,
Hard skills are either easy to teach or virtually impossible. It depends on the person. That isn’t to say most people are incapable of learning: its that most people are fundamentally incurious or unmotivated, and teaching an incurious person is fucking impossible unless money is on the line for them.
while soft skills are very hard.
Most people have very little difficulty getting very good at soft skills very early on in life. If you haven’t learned them, you are in a minority. These two are likely in a minority psychological/neurological profile.
Well, curiosity, openness to new experiences, motivation to both learn and meet new people, tolerance to frustration and failure. Or at least be amicable enough to successfully navigate a learning setting, they are part of soft skills. In my professional experience, these are far from universal traits. Lack of soft skills is definitely not a minority, but it is also a gradient.
Humans literally evolved highly social minds entirely to rapidly develop soft skills.
You think most people lack soft skills because you placed additional effort into developing them and likely had the head start most average human beings get. Its rare that people start at zero, but some very much do.
I did.
You think most people lack soft skills
Here’s an interesting example you just gave me. I don’t think that and never said as much. As I said, my impression, while anecdotal, was developed doing psychological evaluations professionally. Our understanding is that soft skills are not a given, there are actually several dimensions and degrees of different soft skills involved. Some people might be very good conversationalist, but completely emotionally inflexible at work at the same time, for example. Certainly, different social advantages derive into different opportunities to develop different soft skills. This complexity is exactly why I said that soft skills are hard to teach and learn. Also, why some people on the field are calling to rename them something else. The soft adjective is perhaps inaccurate.
Now to the example. It’s extremely frowned upon in a conversation to affirm what others think, when they haven’t explicitly expressed so themselves. Specially when the other person is still a complete stranger. It could be interpreted as hostility or an attempt to misrepresent other people’s positions in order to attack them.
Here’s an interesting example you just gave me. I don’t think that and never said as much.
It was more or less said when you stated the very premise of “Soft Skills are hard to teach”. But sure, I took a very unnuanced interpretation, that’s my bad.
Now to the example. It’s extremely frowned upon in a conversation to affirm what others think, when they haven’t explicitly expressed so themselves. Specially when the other person is still a complete stranger. It could be interpreted as hostility or an attempt to misrepresent other people’s positions in order to attack them.
I’m not on lemmy to practice soft skills. To be clear: I’m not exactly hostile, just cynical and impatient.
There are certain positions I would probably be very good at from a technical perspective that I avoid because I know my myself. I could never work for the CIA or FBI for example. I don’t want to know their secrets because they could have me weigh a duty to execute my job and protect my family against my duty to humanity. I don’t know which principle I would betray, if grappling with it didn’t kill me first. Some might think that’s an easy choice but the personal cost is extreme — look at Snowden.
No, keep me far away from that shit. Let me grapple with intellectual problems all day long, but moral quandaries paralyze me.
Interesting, such a strong insight is actually part of soft skills. You know yourself, what you don’t want to do and stick up to it for your own moral preservation.
“Eh, they can recover from yesterday,” he said, referring to daily database backups.
But did they recover from backups? Don’t leave the most juicy intrigue out of the story.
No one ever tested the backups so they don’t know if they will work!
Only a living wage can prevent data dumps.
Upper management can’t even see it…yet.
In a row?!
Probably all at once. My guess is they had the script ready to go.
Try not to delete any databases on your way to the parking lot!
“I can’t go out for a pack of smokes without running into 9 databases that you dropped!”
I met Rocco at a party for the release of the 2nd Boondock Saints DVD. He and some of the other cast gave quick speeches and then just kind of hung out with the crowd. Super, super cool guy. Easy going, humble, down to Earth. Just one of those people that could make friends with anyone.
Oops! All Databases
But I explicitly stated in the
CLAUDE.mdemployee guidelines to not delete production databases!
Redundant twin brothers to handle the redundant twin backups.
deleted by creator
