Alright, I gotta complain

<RANT>

Over the past few days, one of my coworkers has started telling people that the the reason that their chrome, firefox, and safari browsers don't work with our website is because we didn't buy certificates for those browsers.

Now I'm no expert here, but I am quite confident that certificates are browser neutral.

I also overheard him telling someone who was complaining about our strong passwords that that was to make the password is secure. So because he used a strong password it is impossible to be cracked, or sniffed, or stolen.

Where did he get his education from where they told you to lie to the end users? Or is he just that dumb?

</RANT>

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

earweed

Sounds like you (or your supervisor) could do some educating of your coworker..lol

Mojo_666

Devilsbane wrote: »

Now I'm no expert here, but I am quite confident that certificates are browser neutral.</RANT>

That is correct, they are browser neutral.

Devilsbane wrote: »

Or is he just that dumb?
</RANT>

He is dumb, dumb people gravitate toward each other and the dumbness gets passed on, just call them out, in public and make them cry.

demonfurbie

i have yet to meet a password that cant be cracked by some means

veritas_libertas

Mojo_666 wrote: »

He is dumb, dumb people gravitate toward each other and the dumbness gets passed on, just call them out, in public and make them cry.

Birds of a feather...

Bl8ckr0uter

Certs are browser neutral. Strong passwords just make it statically harder to crack the password, it doesn't make it invincible.

it_consultant

Are they getting a cert error when they use Chrome or FF or is he just...popping off?

dynamik

Mojo_666 wrote: »

That is correct, they are browser neutral.

The browser needs to have a certificate from the root authority installed. There will likely be some variation between browsers, but all the common CAs should be supported across the board.

You can see a list in FF by going to Tools > Options > Advanced > Encryption > View Certificates > Authorities.

loxleynew

Mojo_666 wrote: »

That is correct, they are browser neutral.

He is dumb, dumb people gravitate toward each other and the dumbness gets passed on, just call them out, in public and make them cry.

Usually dumb people flock together and get married and procreate and create even more dumb people. It's rare but it happens.

Paul Boz

You shouldn't call him dumb, just uninformed. There's a difference. Rather than slamming your co worker on an anonymous Internet forum why don't you try to clarify a few things for him? This situation isn't rant-worthy.

Mojo_666

dynamik wrote: »

The browser needs to have a certificate from the root authority installed. There will likely be some variation between browsers, but all the common CAs should be supported across the board.

You can see a list in FF by going to Tools > Options > Advanced > Encryption > View Certificates > Authorities.

Regardless of any minor differences between browsers you do not need to buy and therefore install a certificate for each browser that may be required to load your website, you buy 1 and one and one only and if any browser has an issue it is not down to that certificate.

Devilsbane

Paul Boz wrote: »

You shouldn't call him dumb, just uninformed. There's a difference. Rather than slamming your co worker on an anonymous Internet forum why don't you try to clarify a few things for him? This situation isn't rant-worthy.

True. But shouldn't the guy that has his MCP, MCDST, and MCSA pinned up in his cube be informed?

And I work with a lot of people that know nothing about computers and don't consider them dumb. But they also aren't spouting off like they know what is going on either.

Heero

Is he dumb, or just the type of person that would make up anything to place blame on other people and get out of a conversation/arguement.

Devilsbane

Heero wrote: »

Is he dumb, or just the type of person that would make up anything to place blame on other people and get out of a conversation/arguement.

I suppose it is possible, but who is he blaming it on? Yes, it is our fault that we only support IE. But it is because we don't want to support FF others so we don't test our site with them and don't care what happens.

Even if it was a certificate issue, it is still our fault.

Does lying get the customer to shut up? Maybe, but it still isn't the right thing to do. What happens when someone involved with IT is calling in because they forgot their password and can't logon to our website and in making small talk they ask why we don't support firefox?

snadam

Paul Boz wrote: »

You shouldn't call him dumb, just uninformed. There's a difference. Rather than slamming your co worker on an anonymous Internet forum why don't you try to clarify a few things for him? This situation isn't rant-worthy.

Agreed. I can see it making sense that you're mad at him if you have already talked to him and he basically gave you the 'f-off, I know what I'm doing' treatment. Until then, I say you shouldn't be mad, per se. Concerned, YES. But mad, not yet.

shon541

loxleynew wrote: »

Usually dumb people flock together and get married and procreate and create even more dumb people. It's rare but it happens.

It's not rare at all. The dumber they are, the more kids they produce. Am I saying people with a lot of kids are dumb...NO!

Here our future! Idiocracy - Wikipedia, the free encyclopedia

Chris:/*

It sounds like your IT department needs to start doing user training for the users to understand the need for password security and software choices.

One of my bosses said this to me when I had another manager who thought he was an IT expert float a really bad idea up the chain. "Everyone thinks they are a computer expert because they have a computer on their desk."

Users are not dumb just uninformed, provide them with some understanding in formal user training that should be refreshed from time to time.

Devilsbane

Chris:/* wrote: »

It sounds like your IT department needs to start doing user training for the users to understand the need for password security and software choices.
...

Users are not dumb just uninformed, provide them with some understanding in formal user training that should be refreshed from time to time.

I agree that employee awareness is huge, but these are not employess. They are external customers. Would Amazon go around and make sure every person is aware to not write their password down? No, that is why a secure password is required in the first place.

Chris:/*

My apologize I mis-read your post then, not enough coffee.

Do you have a customer relations department that can relate the appropriate information?

brad-

Through general conversation, you should ask him for help finding a company that issues certificates specifically for firefox or opera, then watch the magic.

Devilsbane

brad- wrote: »

Through general conversation, you should ask him for help finding a company that issues certificates specifically for firefox or opera, then watch the magic.

lol that sounds like a good idea

or maybe I should sniff his secure password?

Paul Boz

So did you neg-rep everyone else in this thread who didn't agree with you?

Devilsbane

Paul Boz wrote: »

So did you neg-rep everyone else in this thread who didn't agree with you?

I didn't neg anyone on this thread.

jamesleecoleman

Paul Boz wrote: »

You shouldn't call him dumb, just uninformed. There's a difference. Rather than slamming your co worker on an anonymous Internet forum why don't you try to clarify a few things for him? This situation isn't rant-worthy.

I agree too with everything in the quote. No one should call anyone dumb or anything along those lines.

Zaits

demonfurbie wrote: »

i have yet to meet a password that cant be cracked by some means

4401e814cdd13b0cab50947a353c9c53

I'll give you a clue. It contains uppercase, lowercase and symbols, but no numbers. I'd be impressed if you had a rainbow table available to crack it. I'm not trying to be arrogant here, I'm just really interested if you can crack it. Good Luck!

Devilsbane

Zaits wrote: »

4401e814cdd13b0cab50947a353c9c53

I'll give you a clue. It contains uppercase, lowercase and symbols, but no numbers. I'd be impressed if you had a rainbow table available to crack it. I'm not trying to be arrogant here, I'm just really interested if you can crack it. Good Luck!

I have been told by a close friend that his company has rainbow tables that are Terabytes in size. I bet they could do it given enough time.

Heero

Devilsbane wrote: »

I have been told by a close friend that his company has rainbow tables that are Terabytes in size. I bet they could do it given enough time.

ANY password can be cracked given enough time. Rainbow Tables terabytes in size are certainly impressive, but a sufficient length random password using symbols, numbers, and upper/lower case is almost impossible to crack in any reasonable amount of time. There is a reason so much emphasis is put on using good passwords. They are really THAT effective.

Zaits

Devilsbane wrote: »

I have been told by a close friend that his company has rainbow tables that are Terabytes in size. I bet they could do it given enough time.

Terabyte size rainbow tables are impressive it would have taken a lot of processing power to generate or a lot of time. I've only got an 80GB rainbow table heh.

RobertKaucher

demonfurbie wrote: »

i have yet to meet a password that cant be cracked by some means

Zaits wrote: »

4401e814cdd13b0cab50947a353c9c53

I'll give you a clue. It contains uppercase, lowercase and symbols, but no numbers. I'd be impressed if you had a rainbow table available to crack it. I'm not trying to be arrogant here, I'm just really interested if you can crack it. Good Luck!

From a statistical perspective any password can be cracked. It is just a matter of time. But if you have a 60 day password change policy, being able to crack a very strong password in 3 years is irrelevant.

Paul Boz

PW cracking

I know it's off-topic, but let me remind you that a password is only as strong as the mind that holds it. If someone truly wants the access which your password will grant they'll get it out of you come hell or high water. Is the password worth dying over? This is why you must enforce defense in depth and include multi-factor forms of authentication.

On that subject, I think people also put too much emphasis on full-disk encryption and not enough on ensuring that the password to unlock that encryption isn't "cookies" or "unicorn." Your encryption is only as strong as your password is only as strong as your user.......... This is why technology like Intel's new Anti-Theft technology is critical as well.

GT-Rob

Not to steer it back to the topic, but is this a customer facing support? I only ask, because sometimes we in IT lie to customers as its easier than explaining the truth.

Instead of saying "I cant help you with Chrome. Why? Because Im not familiar with it. You want my supervisor? Well he doesn't know it either. You want his manager?" etc. Its easier to just say "it doesn't work". Or when the user complains about the password, you make up some reason for it, as its easier than saying "because if you configure your password to your dog's name, then someone will guess it, break in, and then we have to deal with it".

I used to tell people SMTP stood for Send Mail To People. I knew it was wrong, but its easier for people to understand over the phone.

Just sayin'... :P