Options

Alright, I gotta complain

DevilsbaneDevilsbane Member Posts: 4,214 ■■■■■■■■□□
<RANT>

Over the past few days, one of my coworkers has started telling people that the the reason that their chrome, firefox, and safari browsers don't work with our website is because we didn't buy certificates for those browsers.

Now I'm no expert here, but I am quite confident that certificates are browser neutral.

I also overheard him telling someone who was complaining about our strong passwords that that was to make the password is secure. So because he used a strong password it is impossible to be cracked, or sniffed, or stolen.

Where did he get his education from where they told you to lie to the end users? Or is he just that dumb?

</RANT>
Decide what to be and go be it.
«1

Comments

  • Options
    earweedearweed Member Posts: 5,192 ■■■■■■■■■□
    Sounds like you (or your supervisor) could do some educating of your coworker..lol
    No longer work in IT. Play around with stuff sometimes still and fix stuff for friends and relatives.
  • Options
    Mojo_666Mojo_666 Member Posts: 438
    Devilsbane wrote: »
    Now I'm no expert here, but I am quite confident that certificates are browser neutral.</RANT>

    That is correct, they are browser neutral.
    Devilsbane wrote: »
    Or is he just that dumb?
    </RANT>

    He is dumb, dumb people gravitate toward each other and the dumbness gets passed on, just call them out, in public and make them cry.

    icon_wink.gif
  • Options
    demonfurbiedemonfurbie Member Posts: 1,819
    i have yet to meet a password that cant be cracked by some means
    wgu undergrad: done ... woot!!
    WGU MS IT Management: done ... double woot :cheers:
  • Options
    veritas_libertasveritas_libertas Member Posts: 5,746 ■■■■■■■■■■
    Mojo_666 wrote: »
    He is dumb, dumb people gravitate toward each other and the dumbness gets passed on, just call them out, in public and make them cry.

    icon_wink.gif


    Birds of a feather... icon_lol.gif
  • Options
    Bl8ckr0uterBl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
    Certs are browser neutral. Strong passwords just make it statically harder to crack the password, it doesn't make it invincible.
  • Options
    it_consultantit_consultant Member Posts: 1,903
    Are they getting a cert error when they use Chrome or FF or is he just...popping off?
  • Options
    dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    Mojo_666 wrote: »
    That is correct, they are browser neutral.

    The browser needs to have a certificate from the root authority installed. There will likely be some variation between browsers, but all the common CAs should be supported across the board.

    You can see a list in FF by going to Tools > Options > Advanced > Encryption > View Certificates > Authorities.
  • Options
    loxleynewloxleynew Member Posts: 405
    Mojo_666 wrote: »
    That is correct, they are browser neutral.



    He is dumb, dumb people gravitate toward each other and the dumbness gets passed on, just call them out, in public and make them cry.

    icon_wink.gif

    Usually dumb people flock together and get married and procreate and create even more dumb people. It's rare but it happens.
  • Options
    Paul BozPaul Boz Member Posts: 2,620 ■■■■■■■■□□
    You shouldn't call him dumb, just uninformed. There's a difference. Rather than slamming your co worker on an anonymous Internet forum why don't you try to clarify a few things for him? This situation isn't rant-worthy.
    CCNP | CCIP | CCDP | CCNA, CCDA
    CCNA Security | GSEC |GCFW | GCIH | GCIA
    pbosworth@gmail.com
    http://twitter.com/paul_bosworth
    Blog: http://www.infosiege.net/
  • Options
    Mojo_666Mojo_666 Member Posts: 438
    dynamik wrote: »
    The browser needs to have a certificate from the root authority installed. There will likely be some variation between browsers, but all the common CAs should be supported across the board.

    You can see a list in FF by going to Tools > Options > Advanced > Encryption > View Certificates > Authorities.

    Regardless of any minor differences between browsers you do not need to buy and therefore install a certificate for each browser that may be required to load your website, you buy 1 and one and one only and if any browser has an issue it is not down to that certificate.
  • Options
    DevilsbaneDevilsbane Member Posts: 4,214 ■■■■■■■■□□
    Paul Boz wrote: »
    You shouldn't call him dumb, just uninformed. There's a difference. Rather than slamming your co worker on an anonymous Internet forum why don't you try to clarify a few things for him? This situation isn't rant-worthy.

    True. But shouldn't the guy that has his MCP, MCDST, and MCSA pinned up in his cube be informed?

    And I work with a lot of people that know nothing about computers and don't consider them dumb. But they also aren't spouting off like they know what is going on either.
    Decide what to be and go be it.
  • Options
    HeeroHeero Member Posts: 486
    Is he dumb, or just the type of person that would make up anything to place blame on other people and get out of a conversation/arguement.
  • Options
    DevilsbaneDevilsbane Member Posts: 4,214 ■■■■■■■■□□
    Heero wrote: »
    Is he dumb, or just the type of person that would make up anything to place blame on other people and get out of a conversation/arguement.

    I suppose it is possible, but who is he blaming it on? Yes, it is our fault that we only support IE. But it is because we don't want to support FF others so we don't test our site with them and don't care what happens.

    Even if it was a certificate issue, it is still our fault.

    Does lying get the customer to shut up? Maybe, but it still isn't the right thing to do. What happens when someone involved with IT is calling in because they forgot their password and can't logon to our website and in making small talk they ask why we don't support firefox?
    Decide what to be and go be it.
  • Options
    snadamsnadam Member Posts: 2,234 ■■■■□□□□□□
    Paul Boz wrote: »
    You shouldn't call him dumb, just uninformed. There's a difference. Rather than slamming your co worker on an anonymous Internet forum why don't you try to clarify a few things for him? This situation isn't rant-worthy.


    Agreed. I can see it making sense that you're mad at him if you have already talked to him and he basically gave you the 'f-off, I know what I'm doing' treatment. Until then, I say you shouldn't be mad, per se. Concerned, YES. But mad, not yet.
    **** ARE FOR CHUMPS! Don't be a chump! Validate your material with certguard.com search engine

    :study: Current 2015 Goals: JNCIP-SEC JNCIS-ENT CCNA-Security
  • Options
    shon541shon541 Member Posts: 136
    loxleynew wrote: »
    Usually dumb people flock together and get married and procreate and create even more dumb people. It's rare but it happens.

    It's not rare at all. The dumber they are, the more kids they produce. Am I saying people with a lot of kids are dumb...NO!

    Here our future! Idiocracy - Wikipedia, the free encyclopedia
  • Options
    Chris:/*Chris:/* Member Posts: 658 ■■■■■■■■□□
    It sounds like your IT department needs to start doing user training for the users to understand the need for password security and software choices.

    One of my bosses said this to me when I had another manager who thought he was an IT expert float a really bad idea up the chain. "Everyone thinks they are a computer expert because they have a computer on their desk."

    Users are not dumb just uninformed, provide them with some understanding in formal user training that should be refreshed from time to time.
    Degrees:
    M.S. Information Security and Assurance
    B.S. Computer Science - Summa Cum Laude
    A.A.S. Electronic Systems Technology
  • Options
    DevilsbaneDevilsbane Member Posts: 4,214 ■■■■■■■■□□
    Chris:/* wrote: »
    It sounds like your IT department needs to start doing user training for the users to understand the need for password security and software choices.
    ...

    Users are not dumb just uninformed, provide them with some understanding in formal user training that should be refreshed from time to time.

    I agree that employee awareness is huge, but these are not employess. They are external customers. Would Amazon go around and make sure every person is aware to not write their password down? No, that is why a secure password is required in the first place.
    Decide what to be and go be it.
  • Options
    Chris:/*Chris:/* Member Posts: 658 ■■■■■■■■□□
    My apologize I mis-read your post then, not enough coffee.

    Do you have a customer relations department that can relate the appropriate information?
    Degrees:
    M.S. Information Security and Assurance
    B.S. Computer Science - Summa Cum Laude
    A.A.S. Electronic Systems Technology
  • Options
    brad-brad- Member Posts: 1,218
    Through general conversation, you should ask him for help finding a company that issues certificates specifically for firefox or opera, then watch the magic.
  • Options
    DevilsbaneDevilsbane Member Posts: 4,214 ■■■■■■■■□□
    brad- wrote: »
    Through general conversation, you should ask him for help finding a company that issues certificates specifically for firefox or opera, then watch the magic.

    lol that sounds like a good idea

    or maybe I should sniff his secure password?
    Decide what to be and go be it.
  • Options
    Paul BozPaul Boz Member Posts: 2,620 ■■■■■■■■□□
    So did you neg-rep everyone else in this thread who didn't agree with you?
    CCNP | CCIP | CCDP | CCNA, CCDA
    CCNA Security | GSEC |GCFW | GCIH | GCIA
    pbosworth@gmail.com
    http://twitter.com/paul_bosworth
    Blog: http://www.infosiege.net/
  • Options
    DevilsbaneDevilsbane Member Posts: 4,214 ■■■■■■■■□□
    Paul Boz wrote: »
    So did you neg-rep everyone else in this thread who didn't agree with you?

    I didn't neg anyone on this thread.
    Decide what to be and go be it.
  • Options
    jamesleecolemanjamesleecoleman Member Posts: 1,899 ■■■■■□□□□□
    Paul Boz wrote: »
    You shouldn't call him dumb, just uninformed. There's a difference. Rather than slamming your co worker on an anonymous Internet forum why don't you try to clarify a few things for him? This situation isn't rant-worthy.

    I agree too with everything in the quote. No one should call anyone dumb or anything along those lines.
    Booya!!
    WIP : | CISSP [2018] | CISA [2018] | CAPM [2018] | eCPPT [2018] | CRISC [2019] | TORFL (TRKI) B1 | Learning: | Russian | Farsi |
    *****You can fail a test a bunch of times but what matters is that if you fail to give up or not*****
  • Options
    ZaitsZaits Member Posts: 142
    i have yet to meet a password that cant be cracked by some means

    4401e814cdd13b0cab50947a353c9c53

    I'll give you a clue. It contains uppercase, lowercase and symbols, but no numbers. I'd be impressed if you had a rainbow table available to crack it. I'm not trying to be arrogant here, I'm just really interested if you can crack it. Good Luck!
  • Options
    DevilsbaneDevilsbane Member Posts: 4,214 ■■■■■■■■□□
    Zaits wrote: »
    4401e814cdd13b0cab50947a353c9c53

    I'll give you a clue. It contains uppercase, lowercase and symbols, but no numbers. I'd be impressed if you had a rainbow table available to crack it. I'm not trying to be arrogant here, I'm just really interested if you can crack it. Good Luck!

    I have been told by a close friend that his company has rainbow tables that are Terabytes in size. I bet they could do it given enough time.
    Decide what to be and go be it.
  • Options
    HeeroHeero Member Posts: 486
    Devilsbane wrote: »
    I have been told by a close friend that his company has rainbow tables that are Terabytes in size. I bet they could do it given enough time.
    ANY password can be cracked given enough time. Rainbow Tables terabytes in size are certainly impressive, but a sufficient length random password using symbols, numbers, and upper/lower case is almost impossible to crack in any reasonable amount of time. There is a reason so much emphasis is put on using good passwords. They are really THAT effective.
  • Options
    ZaitsZaits Member Posts: 142
    Devilsbane wrote: »
    I have been told by a close friend that his company has rainbow tables that are Terabytes in size. I bet they could do it given enough time.

    Terabyte size rainbow tables are impressive it would have taken a lot of processing power to generate or a lot of time. I've only got an 80GB rainbow table heh.
  • Options
    RobertKaucherRobertKaucher Member Posts: 4,299 ■■■■■■■■■■
    i have yet to meet a password that cant be cracked by some means
    Zaits wrote: »
    4401e814cdd13b0cab50947a353c9c53

    I'll give you a clue. It contains uppercase, lowercase and symbols, but no numbers. I'd be impressed if you had a rainbow table available to crack it. I'm not trying to be arrogant here, I'm just really interested if you can crack it. Good Luck!

    From a statistical perspective any password can be cracked. It is just a matter of time. But if you have a 60 day password change policy, being able to crack a very strong password in 3 years is irrelevant.
  • Options
    Paul BozPaul Boz Member Posts: 2,620 ■■■■■■■■□□
    PW cracking

    I know it's off-topic, but let me remind you that a password is only as strong as the mind that holds it. If someone truly wants the access which your password will grant they'll get it out of you come hell or high water. Is the password worth dying over? This is why you must enforce defense in depth and include multi-factor forms of authentication.

    On that subject, I think people also put too much emphasis on full-disk encryption and not enough on ensuring that the password to unlock that encryption isn't "cookies" or "unicorn." Your encryption is only as strong as your password is only as strong as your user.......... This is why technology like Intel's new Anti-Theft technology is critical as well.
    CCNP | CCIP | CCDP | CCNA, CCDA
    CCNA Security | GSEC |GCFW | GCIH | GCIA
    pbosworth@gmail.com
    http://twitter.com/paul_bosworth
    Blog: http://www.infosiege.net/
  • Options
    GT-RobGT-Rob Member Posts: 1,090
    Not to steer it back to the topic, but is this a customer facing support? I only ask, because sometimes we in IT lie to customers as its easier than explaining the truth.


    Instead of saying "I cant help you with Chrome. Why? Because Im not familiar with it. You want my supervisor? Well he doesn't know it either. You want his manager?" etc. Its easier to just say "it doesn't work". Or when the user complains about the password, you make up some reason for it, as its easier than saying "because if you configure your password to your dog's name, then someone will guess it, break in, and then we have to deal with it".


    I used to tell people SMTP stood for Send Mail To People. I knew it was wrong, but its easier for people to understand over the phone.



    Just sayin'... :P
Sign In or Register to comment.