Probably a boring answer but I know my grandmother’s credit card information. I live with and help take care of her, so she doesn’t mind sharing it with me. Not like I’m planning to do anything nefarious, but I guess technically it could ruin her financially.
Lawyers, accountants, and software engineers accumulate these things like you wouldn’t believe. We can’t tell you about current secrets, only stale ones.
I once knew that the top level password used at a corporation valued at 6 billion dollars was ‘password123’. They had no backups, no VPN, and that password was used at all the high-value access points. It’s since been fixed, but it was that for years.
It’s since been fixed, but it was that for years.
I like that this implies you regularly checked
Regularly had to use it to do work I was contracted to do.
Company went public one day, they restructured massively to become more efficient. I imagine that kind of stuff stopped then, but don’t really know.
“What the CEO wants, the CEO gets” - head of IT doing nothing for 300k/yr
Actually it is usually the IT guys that are being risky or not implementing proper security procedures. Often though the companies are not allocating enough resources mind you.
I know that’s usually the case since so much of IT should be slow, methodical and properly thought out and gets rushed, but a company worth $6bn that doesn’t even have backups hurts to think about. I’m overworked and solo IT and I do daily local semi-automated (encrypted) backups for my 200k/yr company. Granted backups take more work to implement as you scale, but not really that hard, or time consuming with rsync. Today there’s really no excuse as there is automated deployment of encrypted cloud backups as a service (the legitimate kind 😄). Depending on the business and how much cloud business-critical stuff they have or don’t have, they may be pretty much forced to close if they get hit with ransomware. At minimum the head of IT should at least be at the table with the CEO begging him weekly for an intern to help implement and manage backups.
Agree. I know IT loves to take their shortcuts but companies typically don’t funds security well enough.
I have was closely involved in a large ransomware attack. Locked down the entire company when they got into the backend of the virtual servers. The ransom was initially 1.5 million of which the company said they would pay 750,000. (They had professional negotiating team). When they offered that, the rate was increased to two million as they were ‘insulted’. During this period the IT head recalled he had made a backup to AWS if I recall. Just didn’t want to announce it till he was entirely sure it was complete. He ended up recovering with only about two weeks of lost days. Can’t imagine the CEO’S reaction when he was told of this. The ransomware dudes were told to pound sand. I would have sent 20 bucks.
Looking at logs, they estimated they had been compromised for a month. Multiple client computers had key loggers. That in itself is not a fault of IT but where they went wrong was to expedite desktop updates, they would remote into secure machines from the less secure desktops to access machines that could see the VM backend and at one point they must have accessed the VM themself. Now the loggers have all the passwords. They knew not to do that but who wants to get their laptop all set up when you have a running machine in front of you? CEO can demand that doesn’t happen but they don’t know enough about the security issues to know what is a real risk and what isn’t.
Damn, I’m a bit surprised the ransomware team didn’t negotiate and was ‘offended’. Is that a known thing, not to try to negotiate? I suppose at that point the attackers know how much the company is worth, what profits are, etc. But now they also know you don’t have backups and are willing to pay a large amount of money to get your data back.
The worst thing you can do at a large company is not have someone knowledgeable and active in network monitoring because if they successfully exfiltrated that data like they normally try to do, now not only are they ‘offended’ enough to demand 25% more, they’re pissed off and willing to sell your proprietary data to competitors for pennies.
Ransomware gangs operate on the honor system (funny, but true) because if it’s known that you won’t get your data back even after you pay, nobody is going to pay. I think some of them have policies of dumping your data for free if you don’t pay.
I think it was right at the beginning. They may have low balled then the ransom guys came back with even a higher value. I don’t think the data have much in the value as it was mainly their ap and AR. One issue was they had in-house project management software developed that had hundreds of projects on the go and the stage they were at if I recall correctly.
I think you almost need to have a seperate department with a single IT guy whose only job is to test the security procedures. Not implement them but to just double check on the normal IT security procedures.
I’m surprised the password wasn’t 1-2-3-4-5, like on their luggage.
What kind of idiot uses that on their luggage?
Damn, I’ve got to go change the combination on my luggage!
That I’ve had to turn down some really cool overseas job opportunities. I couldn’t tell my kids that I even got the job offers because their mother (my ex wife) refuses to consider the move and how we’d need to share the kids time with them overseas.
If I told the kids (now late teens) that their dream of living overseas was stymied so far by their mother’s recalcitrance they might disown her, at least for a while.
It really sucks because not only don’t I get to take the jobs, but I also have to hide my excitement at even getting the offer from my own family so that I can maintain my kids’ relationship with their mother.
A hidden hero.
There’s hopefully some context you’re leaving out for the sake of privacy or something, but… Why would your ex consider a move to Europe for your work? I wouldn’t even expect my wife to be 100% on board with uprooting her entire life to move halfway across the world.
I dont think they’re saying they expect her to. They appear to just be describing what’s happening.
As to why, probably custody arrangements and anti-kidnapping laws and treaties.
It’s the custody agreement part that I’m wrestling with, though I’m sure if I just ran off with the kids I’d hit kidnapping and Interpol issues too. That’d be exciting, though unlikely to be a productive outcome all around.
Ah, there’s a bit of miscommunication. My ex wouldn’t move with us in this situation.
Though, in this case, my wife is 100% on board. She and I have wanted to make this kind of move for a while, so I’ve got full support on that side of things. I wouldnt have even begun any applications without her total but in.
I see. But the custody part is kind of part of the game when having children, as and she’s fully entitled with not being interested in having her children move abroad. Your previous comment kind of painted her as being inconsiderate and stifling her children’s dreams. I’m curious as to why you even began applications without her buy in as well. She’s not your wife anymore, but she’s still the mother of the children.
Yeah I can see how this is complicated.
I don’t see why you don’t share that you got the job offer and then tell your kids that you’ll have to work out custody arrangements with their mother. And then share with the kids how those discussions go. I think they’re old enough (as teens) to have a say in those discussions, as well as be privy to how they go.
There’s no reason they shouldn’t see it unfold in front of them; just make sure that you’re never the one to specifically say “your mother won’t work anything out with me so moving overseas with me would mean I never see you again”
This is a passive aggressive and shitty thing to do.
Not wanting your kids to be moved overseas and only see them half the year is a normal reaction. Most teenagers are mature enough to see through the veil that mom is the reason they can’t go but not mature enough to truly understand why. They’d blame her regardless.
Yes, this advice about “just don’t be the one to say …” is 100% about covering OP’s own ass and not at all about it being the right thing to do.
Slimy.
only see them half the year is a normal reaction
Being pedantic here, but most custody arrangements are like this anyway.
Obviously, half the parents being overseas makes that significantly harder and probably untenable for most.
There’s two. Take one. People do it with dogs all the time.
I have a lot of relatives who look to me for tech support. I used to have them choose their own passwords, or tell them to change it if I set one for them (they never change it). Then, inevitably, I’d have to help them reset those passwords the very next time they need to log in on a new device, or their sessions expire.
I tried to set them up with password managers, and some picked it up (my siblings). Others quickly forgot their master password, meaning I then had to sort out recovering ALL their various accounts.
Once I literally used a known exploit to hack into an old android tablet that my youngest sibling managed to forget the screen-lock for.
Now I just shamelessly save a bunch of other people’s passwords, pin-codes and other access details using my password manager, because they literally do not care. And it’s straight up more secure than the post-it notes some of them would use if I let them. They know I do this, I’ve made it clear that if they want my help but won’t follow my advice when I’m not there, making my life harder, further help comes with giving me unreasonable levels of access to their digital lives.
I’ve never misused it, and I never will. I take steps to be extra secure because I know I’m a single point of failure should my password database ever be breached somehow. But I could ruin dozens of lives.
Writing passwords down isn’t that bad, actually. We humans are very good at securing little pieces of paper; just put the one you wrote your password on with the other valuable pieces of paper, in your wallet.
It’s “sticking the post-it note to the computer screen” that’s the problem.
Picked up a keyboard from the thrift store with a pink Post It on the back.
user: admin
pass: password
Who the hell needs to write that down?!
I wouldn’t do this for my own stuff, but I just might do it if I’m donating it to a thrift store…
My Internet help desk days are over 20 years behind me, but that’s the default user/password combination for some consumer routers. D-Links and maybe Netcomms I think?
As for who needs it: you’d be surprised at how technically inept some people are. It’s truly amazing.
Absolutely, but unless you do stick it to the monitor, you still rely on them remembering where the note is, what it’s for, and keeping it around.
And keeping some passwords in your wallet is only safe for as long as you don’t also include what they are for. Which would be necessary in this case…
I obviously also forbid them from using the same password for everything, which meant that even when they did write their passwords down, finding it was a scavenger hunt that’s an even bigger time-waste than a password reset. Because they never kept them organized or in even in one place!
Just in theory, could you be held accountable if they did something illegal and you have access to that stuff?
I’m not sure I see the scenario. If I gave you the key to my place then I murdered someone in it, are you accountable for any of it?
Here’s a scenario: You have the password to my paypal account. The police arrest me for an unrelated public indecency charge after I urinate on the local government courthouse building. The account is then used to purchase illegal drugs from another country while I am in custody. Having no access to my account or the internet, I could not have made the purchase. The police learn of this purchase when customs detects a strong odor from a package and decide to inspect it, finding a massive hoard of marijuana and jenkem. the police are alerted and ask me, the account owner, who else has access to the account. Me, under duress and probably having shitty withdrawals, tell them everything i know about you, specifically things that might implicate you. As the only known person with access and having no alibi for the time period, you are then arrested for suspicion of involvement in an international crime ring. After searching your computer they find a VPN and TOR and then you are sequestered in a secret military prison and forced to do the chicken dance naked until you confess to every unsolved crime ever.
While this scenario might be far-fetched, hyperbolic and not really accountability per se, it is a plausible worry some people may have. Just playing devils advocate here.
If you’re using bitwarden or keepass then it should be safe. Anything else is asking for trouble.
Self-hosted and entirely under my control, yes. Any other manager that encrypts the store in a way where even when breached it’s not useful, should also be safe…
But truly knowing is best.
The problem with that is that you can never truly know that they actually do that unless the clients are open source.
I set up my mom and brother with a multivault password manager (1password) where our vault passwords are saved to a shared vault in case we forget our passwords/die - given the level of familial trust I think it’s an acceptable risk especially with how badly we got burnt by trying to get into utility accounts and the like after my father died.
BitWarden does have something similar via “backup access” and “organisation” vaults. I’ve not looked at setting up either, yet.
Bitwarden is kinda insane for the amount of features it offers. I recently found that you can create an organisation and add family members, and have it set up so that you can reset their password if they’ve forgotten it, while still securely encrypting the passwords. This was a really cool feature that I didn’t know was even possible.
I haven’t gotten to that point yet, but I am very close.
Nice try, FBI.
Not today, CIA.
Go away, NSA.
Adios ASIO
Can’t catch me, CBP.
See ya wouldn’t want to KG B ya
🤨
There’s a teacher at my kid’s school that I fucked multiple times a few years before I got married. She was married at the time, though I didn’t know it.
I have pictures, and videos. Not just ones with me, she kept such things with other lovers as well. She showed them to me by sending them to me. I have permission to have kept them, though I had forgotten about them until my kid started high school and I ran into her.
Now, her husband is fine with it, they’re open. He was kinda surprised when I quit having sex with her when I found out she was married (I just don’t like complications, even with mostly casual sex and minimum complications).
But if it got out at the school, or to the school board? It would be a huge problem. Our town isn’t totally backwards, but it isn’t exactly a hotbed of open minds either.
There’s no way in hell I’d ever say anything to anyone where it could be found out, and I sure as hell wouldn’t break trust and show anyone the files. But I’ve been debating erasing those files just to be sure. They’re on a drive that isn’t connected to anything, which is why I haven’t already; I’d have to dig the thing out and hook it up.
Even if her husband was OK with it, she still should have told you she was married. The fact that she didn’t would be enough to make me end it. I mean, if they have an open marriage, why avoid mentioning it?
That was my opinion as well.
She said that she didn’t think it would be a regular thing, and by the time she realized we were good enough together sexually to keep at it, she just forgot to mention it for a while.
Which, I could see that being a realistic occurrence. We didn’t exactly talk much when we would meet up.
School boards can be wildly conservative when practicing CYA.
I was dumb enough to have been fucking my neighbor for a year. If I told her school what she gets up to, she’d be gone.
For example, her and the other neighbors were partying all night. Guess who didn’t go to work today. This is a common occurrence.
What does CYA mean in this context?
Cover Your Ass
Probably simplest to just take some power tools to the HDD.
Just make sure you’ve got a backup first
A backup … of the data you want to destroy?
Especially for data you’re going to destroy.
I hope that drive is encrypted
Yes, actually!
deleted by creator
i know someone whose husband…
hummmmmmmm
I see s pattern here too.
Adultery
I have to ask if you don’t mind telling: How did you find out and is your dad the only one who doesn’t know?
deleted by creator
So I guess technically she is your half sister?
deleted by creator
I know someone whose husband thinks her daughter is his but she isn’t. (She isn’t my daughter either lol.)
You should tell him. That’s fucked up.
To the contrary, it could fuck up several people’s lives if someone were to interfere with their peace. It’s just part of human nature that males can not be that certain about their offspring.
Wow what the actual fuck is your problem? You’ve clearly got some fucked up shit going on in your head that you need to work on. I see a lot of assumptions about reality that are absolutely off base in your horrendously delusional comment.
Fwiw its not their place really to get involved, but man did you go off the deep end.
It’s it possible that you read too much into this?
Barring extreme situations, when a baby is born the mother knows it’s hers because it literally comes out of her. But the biological difference is that nine months ago the father was used to make the baby… he thinks. But most of the time, he doesn’t truly know for sure.
Anyway, that might be what they were going for…
Exactly, thanks.
I could also have said something about misguided patriarchic structures but if they react like that just on female promiscuity, such an effort would be wasted.
(Yes i mean to say that monogamy is an invention of male dominance cultures.)
If the other company would end the contract without hesitation if they knew what was going on, that means people are getting hurt.
Man, for me it would be funny to do the opposite question.
“What secret do you know that could fix someone else’s life?”
I would tell half my family that they are a bunch of conservative hypocrites and that they waste so much f*king money showing others they have money. (Expensive cars, clothing and stuff).
Maybe if they stopped wasting money and being so critical of others, they would have actual friends and lasting relationships.
Sorry, i needed to vent.
FWIW I see you. :( Good luck with them.
If someone’s else’s problems are leading to you needing to vent, there’s more going on than you just being concerned about them.
deleted by creator
Glorious. Some may see it as petty, but I see it as you protecting children.
Jokes on you, people don’t tell me shit, I only know secrets that could ruin my own life
Also fun fact if you forget your secrets that would also probably ruin your life as well.
Wait what
An IT company I used to work for stored the domain admin credentials for hundreds of client’s WSAD/AzureAD tenants on a pastbin document. When I explained how outrageous that was they deleted the file and changed all the passwords.
To the same password.
Which I still know.
And it still works.
EIGHT YEARS LATER.
I’m a financial services professional with access to so much info that could be used for identity theft and other nefarious purposes. I’ve been doing this forever and still feel weird asking people for their checking account info.
I mentioned before “spelunking” is something that is common amongst people I know, and some friends once caused a collapse because something overheated, damaging a huge source of pride.
But nobody on Lemmy will connect the dots, right? Right?
Ex was flamboyantly gay.
The amount of straight men in relationships who will approach gay men for sex is much higher than you think.
Multiple coworkers were in his dms and he probably got propositioned weekly from people who would generally be negative towards gay people.
All it takes is a screenshot and a dm to a spouse.
The shame makes it better.
