Probably a boring answer but I know my grandmother’s credit card information. I live with and help take care of her, so she doesn’t mind sharing it with me. Not like I’m planning to do anything nefarious, but I guess technically it could ruin her financially.

  • @[email protected]
    link
    fedilink
    English
    1051 year ago

    Lawyers, accountants, and software engineers accumulate these things like you wouldn’t believe. We can’t tell you about current secrets, only stale ones.

    I once knew that the top level password used at a corporation valued at 6 billion dollars was ‘password123’. They had no backups, no VPN, and that password was used at all the high-value access points. It’s since been fixed, but it was that for years.

    • @[email protected]
      link
      fedilink
      381 year ago

      It’s since been fixed, but it was that for years.

      I like that this implies you regularly checked

      • @[email protected]
        link
        fedilink
        English
        21 year ago

        Regularly had to use it to do work I was contracted to do.

        Company went public one day, they restructured massively to become more efficient. I imagine that kind of stuff stopped then, but don’t really know.

    • @CinnerB
      link
      251 year ago

      “What the CEO wants, the CEO gets” - head of IT doing nothing for 300k/yr

      • @Zippy
        link
        41 year ago

        Actually it is usually the IT guys that are being risky or not implementing proper security procedures. Often though the companies are not allocating enough resources mind you.

        • @CinnerB
          link
          2
          edit-2
          1 year ago

          I know that’s usually the case since so much of IT should be slow, methodical and properly thought out and gets rushed, but a company worth $6bn that doesn’t even have backups hurts to think about. I’m overworked and solo IT and I do daily local semi-automated (encrypted) backups for my 200k/yr company. Granted backups take more work to implement as you scale, but not really that hard, or time consuming with rsync. Today there’s really no excuse as there is automated deployment of encrypted cloud backups as a service (the legitimate kind 😄). Depending on the business and how much cloud business-critical stuff they have or don’t have, they may be pretty much forced to close if they get hit with ransomware. At minimum the head of IT should at least be at the table with the CEO begging him weekly for an intern to help implement and manage backups.

          • @Zippy
            link
            21 year ago

            Agree. I know IT loves to take their shortcuts but companies typically don’t funds security well enough.

            I have was closely involved in a large ransomware attack. Locked down the entire company when they got into the backend of the virtual servers. The ransom was initially 1.5 million of which the company said they would pay 750,000. (They had professional negotiating team). When they offered that, the rate was increased to two million as they were ‘insulted’. During this period the IT head recalled he had made a backup to AWS if I recall. Just didn’t want to announce it till he was entirely sure it was complete. He ended up recovering with only about two weeks of lost days. Can’t imagine the CEO’S reaction when he was told of this. The ransomware dudes were told to pound sand. I would have sent 20 bucks.

            Looking at logs, they estimated they had been compromised for a month. Multiple client computers had key loggers. That in itself is not a fault of IT but where they went wrong was to expedite desktop updates, they would remote into secure machines from the less secure desktops to access machines that could see the VM backend and at one point they must have accessed the VM themself. Now the loggers have all the passwords. They knew not to do that but who wants to get their laptop all set up when you have a running machine in front of you? CEO can demand that doesn’t happen but they don’t know enough about the security issues to know what is a real risk and what isn’t.

            • @CinnerB
              link
              11 year ago

              Damn, I’m a bit surprised the ransomware team didn’t negotiate and was ‘offended’. Is that a known thing, not to try to negotiate? I suppose at that point the attackers know how much the company is worth, what profits are, etc. But now they also know you don’t have backups and are willing to pay a large amount of money to get your data back.

              The worst thing you can do at a large company is not have someone knowledgeable and active in network monitoring because if they successfully exfiltrated that data like they normally try to do, now not only are they ‘offended’ enough to demand 25% more, they’re pissed off and willing to sell your proprietary data to competitors for pennies.

              Ransomware gangs operate on the honor system (funny, but true) because if it’s known that you won’t get your data back even after you pay, nobody is going to pay. I think some of them have policies of dumping your data for free if you don’t pay.

              • @Zippy
                link
                21 year ago

                I think it was right at the beginning. They may have low balled then the ransom guys came back with even a higher value. I don’t think the data have much in the value as it was mainly their ap and AR. One issue was they had in-house project management software developed that had hundreds of projects on the go and the stage they were at if I recall correctly.

                I think you almost need to have a seperate department with a single IT guy whose only job is to test the security procedures. Not implement them but to just double check on the normal IT security procedures.

    • Trollivier
      link
      fedilink
      9
      edit-2
      1 year ago

      I’m surprised the password wasn’t 1-2-3-4-5, like on their luggage.

      • @rifugee
        link
        71 year ago

        What kind of idiot uses that on their luggage?

        • @GraniteM
          link
          41 year ago

          Damn, I’ve got to go change the combination on my luggage!

  • @[email protected]
    link
    fedilink
    801 year ago

    That I’ve had to turn down some really cool overseas job opportunities. I couldn’t tell my kids that I even got the job offers because their mother (my ex wife) refuses to consider the move and how we’d need to share the kids time with them overseas.

    If I told the kids (now late teens) that their dream of living overseas was stymied so far by their mother’s recalcitrance they might disown her, at least for a while.

    It really sucks because not only don’t I get to take the jobs, but I also have to hide my excitement at even getting the offer from my own family so that I can maintain my kids’ relationship with their mother.

    • folkrav
      link
      fedilink
      241 year ago

      There’s hopefully some context you’re leaving out for the sake of privacy or something, but… Why would your ex consider a move to Europe for your work? I wouldn’t even expect my wife to be 100% on board with uprooting her entire life to move halfway across the world.

      • @[email protected]
        link
        fedilink
        14
        edit-2
        1 year ago

        I dont think they’re saying they expect her to. They appear to just be describing what’s happening.

        As to why, probably custody arrangements and anti-kidnapping laws and treaties.

        • @[email protected]
          link
          fedilink
          11 year ago

          It’s the custody agreement part that I’m wrestling with, though I’m sure if I just ran off with the kids I’d hit kidnapping and Interpol issues too. That’d be exciting, though unlikely to be a productive outcome all around.

      • @[email protected]
        link
        fedilink
        11 year ago

        Ah, there’s a bit of miscommunication. My ex wouldn’t move with us in this situation.

        Though, in this case, my wife is 100% on board. She and I have wanted to make this kind of move for a while, so I’ve got full support on that side of things. I wouldnt have even begun any applications without her total but in.

        • folkrav
          link
          fedilink
          61 year ago

          I see. But the custody part is kind of part of the game when having children, as and she’s fully entitled with not being interested in having her children move abroad. Your previous comment kind of painted her as being inconsiderate and stifling her children’s dreams. I’m curious as to why you even began applications without her buy in as well. She’s not your wife anymore, but she’s still the mother of the children.

    • @[email protected]
      link
      fedilink
      91 year ago

      Yeah I can see how this is complicated.

      I don’t see why you don’t share that you got the job offer and then tell your kids that you’ll have to work out custody arrangements with their mother. And then share with the kids how those discussions go. I think they’re old enough (as teens) to have a say in those discussions, as well as be privy to how they go.

      There’s no reason they shouldn’t see it unfold in front of them; just make sure that you’re never the one to specifically say “your mother won’t work anything out with me so moving overseas with me would mean I never see you again”

      • This is a passive aggressive and shitty thing to do.

        Not wanting your kids to be moved overseas and only see them half the year is a normal reaction. Most teenagers are mature enough to see through the veil that mom is the reason they can’t go but not mature enough to truly understand why. They’d blame her regardless.

        • @[email protected]
          link
          fedilink
          121 year ago

          Yes, this advice about “just don’t be the one to say …” is 100% about covering OP’s own ass and not at all about it being the right thing to do.

          Slimy.

        • @beetus
          link
          3
          edit-2
          1 year ago

          only see them half the year is a normal reaction

          Being pedantic here, but most custody arrangements are like this anyway.

          Obviously, half the parents being overseas makes that significantly harder and probably untenable for most.

        • @Zippy
          link
          11 year ago

          There’s two. Take one. People do it with dogs all the time.

  • MentalEdge
    link
    fedilink
    72
    edit-2
    1 year ago

    I have a lot of relatives who look to me for tech support. I used to have them choose their own passwords, or tell them to change it if I set one for them (they never change it). Then, inevitably, I’d have to help them reset those passwords the very next time they need to log in on a new device, or their sessions expire.

    I tried to set them up with password managers, and some picked it up (my siblings). Others quickly forgot their master password, meaning I then had to sort out recovering ALL their various accounts.

    Once I literally used a known exploit to hack into an old android tablet that my youngest sibling managed to forget the screen-lock for.

    Now I just shamelessly save a bunch of other people’s passwords, pin-codes and other access details using my password manager, because they literally do not care. And it’s straight up more secure than the post-it notes some of them would use if I let them. They know I do this, I’ve made it clear that if they want my help but won’t follow my advice when I’m not there, making my life harder, further help comes with giving me unreasonable levels of access to their digital lives.

    I’ve never misused it, and I never will. I take steps to be extra secure because I know I’m a single point of failure should my password database ever be breached somehow. But I could ruin dozens of lives.

    • @[email protected]
      link
      fedilink
      251 year ago

      Writing passwords down isn’t that bad, actually. We humans are very good at securing little pieces of paper; just put the one you wrote your password on with the other valuable pieces of paper, in your wallet.

      It’s “sticking the post-it note to the computer screen” that’s the problem.

      • @shalafi
        link
        English
        201 year ago

        Picked up a keyboard from the thrift store with a pink Post It on the back.

        user: admin

        pass: password

        Who the hell needs to write that down?!

        • [email protected]
          link
          fedilink
          41 year ago

          I wouldn’t do this for my own stuff, but I just might do it if I’m donating it to a thrift store…

        • @[email protected]
          link
          fedilink
          2
          edit-2
          1 year ago

          My Internet help desk days are over 20 years behind me, but that’s the default user/password combination for some consumer routers. D-Links and maybe Netcomms I think?

          As for who needs it: you’d be surprised at how technically inept some people are. It’s truly amazing.

      • MentalEdge
        link
        fedilink
        3
        edit-2
        1 year ago

        Absolutely, but unless you do stick it to the monitor, you still rely on them remembering where the note is, what it’s for, and keeping it around.

        And keeping some passwords in your wallet is only safe for as long as you don’t also include what they are for. Which would be necessary in this case…

        I obviously also forbid them from using the same password for everything, which meant that even when they did write their passwords down, finding it was a scavenger hunt that’s an even bigger time-waste than a password reset. Because they never kept them organized or in even in one place!

    • @[email protected]
      link
      fedilink
      91 year ago

      Just in theory, could you be held accountable if they did something illegal and you have access to that stuff?

      • folkrav
        link
        fedilink
        121 year ago

        I’m not sure I see the scenario. If I gave you the key to my place then I murdered someone in it, are you accountable for any of it?

        • lattrommi
          link
          fedilink
          中文
          51 year ago

          Here’s a scenario: You have the password to my paypal account. The police arrest me for an unrelated public indecency charge after I urinate on the local government courthouse building. The account is then used to purchase illegal drugs from another country while I am in custody. Having no access to my account or the internet, I could not have made the purchase. The police learn of this purchase when customs detects a strong odor from a package and decide to inspect it, finding a massive hoard of marijuana and jenkem. the police are alerted and ask me, the account owner, who else has access to the account. Me, under duress and probably having shitty withdrawals, tell them everything i know about you, specifically things that might implicate you. As the only known person with access and having no alibi for the time period, you are then arrested for suspicion of involvement in an international crime ring. After searching your computer they find a VPN and TOR and then you are sequestered in a secret military prison and forced to do the chicken dance naked until you confess to every unsolved crime ever.

          While this scenario might be far-fetched, hyperbolic and not really accountability per se, it is a plausible worry some people may have. Just playing devils advocate here.

      • MentalEdge
        link
        fedilink
        81 year ago

        Self-hosted and entirely under my control, yes. Any other manager that encrypts the store in a way where even when breached it’s not useful, should also be safe…

        But truly knowing is best.

        • Jolteon
          link
          fedilink
          41 year ago

          The problem with that is that you can never truly know that they actually do that unless the clients are open source.

    • @[email protected]
      link
      fedilink
      41 year ago

      I set up my mom and brother with a multivault password manager (1password) where our vault passwords are saved to a shared vault in case we forget our passwords/die - given the level of familial trust I think it’s an acceptable risk especially with how badly we got burnt by trying to get into utility accounts and the like after my father died.

      • MentalEdge
        link
        fedilink
        4
        edit-2
        1 year ago

        BitWarden does have something similar via “backup access” and “organisation” vaults. I’ve not looked at setting up either, yet.

        • @scarilog
          link
          21 year ago

          Bitwarden is kinda insane for the amount of features it offers. I recently found that you can create an organisation and add family members, and have it set up so that you can reset their password if they’ve forgotten it, while still securely encrypting the passwords. This was a really cool feature that I didn’t know was even possible.

    • Jolteon
      link
      fedilink
      21 year ago

      I haven’t gotten to that point yet, but I am very close.

  • southsamurai
    link
    fedilink
    451 year ago

    There’s a teacher at my kid’s school that I fucked multiple times a few years before I got married. She was married at the time, though I didn’t know it.

    I have pictures, and videos. Not just ones with me, she kept such things with other lovers as well. She showed them to me by sending them to me. I have permission to have kept them, though I had forgotten about them until my kid started high school and I ran into her.

    Now, her husband is fine with it, they’re open. He was kinda surprised when I quit having sex with her when I found out she was married (I just don’t like complications, even with mostly casual sex and minimum complications).

    But if it got out at the school, or to the school board? It would be a huge problem. Our town isn’t totally backwards, but it isn’t exactly a hotbed of open minds either.

    There’s no way in hell I’d ever say anything to anyone where it could be found out, and I sure as hell wouldn’t break trust and show anyone the files. But I’ve been debating erasing those files just to be sure. They’re on a drive that isn’t connected to anything, which is why I haven’t already; I’d have to dig the thing out and hook it up.

    • @z00s
      link
      351 year ago

      Even if her husband was OK with it, she still should have told you she was married. The fact that she didn’t would be enough to make me end it. I mean, if they have an open marriage, why avoid mentioning it?

      • southsamurai
        link
        fedilink
        81 year ago

        That was my opinion as well.

        She said that she didn’t think it would be a regular thing, and by the time she realized we were good enough together sexually to keep at it, she just forgot to mention it for a while.

        Which, I could see that being a realistic occurrence. We didn’t exactly talk much when we would meet up.

    • @shalafi
      link
      English
      91 year ago

      School boards can be wildly conservative when practicing CYA.

      I was dumb enough to have been fucking my neighbor for a year. If I told her school what she gets up to, she’d be gone.

      For example, her and the other neighbors were partying all night. Guess who didn’t go to work today. This is a common occurrence.

    • @SpaceNoodle
      link
      81 year ago

      Probably simplest to just take some power tools to the HDD.

    • @NOT_RICK
      link
      English
      51 year ago

      I hope that drive is encrypted

  • @the_q
    link
    43
    edit-2
    10 months ago

    deleted by creator

    • sour
      link
      fedilink
      25
      edit-2
      1 year ago

      i know someone whose husband…

      hummmmmmmm

    • Ragdoll XOP
      link
      7
      edit-2
      1 year ago

      I have to ask if you don’t mind telling: How did you find out and is your dad the only one who doesn’t know?

      • @the_q
        link
        7
        edit-2
        10 months ago

        deleted by creator

      • @the_q
        link
        1
        edit-2
        10 months ago

        deleted by creator

  • @[email protected]
    link
    fedilink
    361 year ago

    I know someone whose husband thinks her daughter is his but she isn’t. (She isn’t my daughter either lol.)

    • @Iamdanno
      link
      271 year ago

      You should tell him. That’s fucked up.

      • To the contrary, it could fuck up several people’s lives if someone were to interfere with their peace. It’s just part of human nature that males can not be that certain about their offspring.

        • @[email protected]
          link
          fedilink
          51 year ago

          Wow what the actual fuck is your problem? You’ve clearly got some fucked up shit going on in your head that you need to work on. I see a lot of assumptions about reality that are absolutely off base in your horrendously delusional comment.

          Fwiw its not their place really to get involved, but man did you go off the deep end.

          • @[email protected]
            link
            fedilink
            English
            5
            edit-2
            1 year ago

            It’s it possible that you read too much into this?

            Barring extreme situations, when a baby is born the mother knows it’s hers because it literally comes out of her. But the biological difference is that nine months ago the father was used to make the baby… he thinks. But most of the time, he doesn’t truly know for sure.

            Anyway, that might be what they were going for…

            • Exactly, thanks.
              I could also have said something about misguided patriarchic structures but if they react like that just on female promiscuity, such an effort would be wasted.
              (Yes i mean to say that monogamy is an invention of male dominance cultures.)

              @[email protected]

    • @[email protected]
      link
      fedilink
      251 year ago

      If the other company would end the contract without hesitation if they knew what was going on, that means people are getting hurt.

  • Granixo
    link
    fedilink
    34
    edit-2
    1 year ago

    Man, for me it would be funny to do the opposite question.

    “What secret do you know that could fix someone else’s life?”

    I would tell half my family that they are a bunch of conservative hypocrites and that they waste so much f*king money showing others they have money. (Expensive cars, clothing and stuff).

    Maybe if they stopped wasting money and being so critical of others, they would have actual friends and lasting relationships.

    Sorry, i needed to vent.

    • @drislands
      link
      51 year ago

      Glorious. Some may see it as petty, but I see it as you protecting children.

  • meow
    link
    fedilink
    251 year ago

    Jokes on you, people don’t tell me shit, I only know secrets that could ruin my own life

  • @[email protected]
    link
    fedilink
    English
    221 year ago

    An IT company I used to work for stored the domain admin credentials for hundreds of client’s WSAD/AzureAD tenants on a pastbin document. When I explained how outrageous that was they deleted the file and changed all the passwords.

    To the same password.

    Which I still know.

    And it still works.

    EIGHT YEARS LATER.

  • Wenchette
    link
    fedilink
    12
    edit-2
    1 year ago

    I’m a financial services professional with access to so much info that could be used for identity theft and other nefarious purposes. I’ve been doing this forever and still feel weird asking people for their checking account info.

  • Call me Lenny/Leni
    link
    fedilink
    English
    61 year ago

    I mentioned before “spelunking” is something that is common amongst people I know, and some friends once caused a collapse because something overheated, damaging a huge source of pride.

    But nobody on Lemmy will connect the dots, right? Right?

  • @TwoBeeSan
    link
    6
    edit-2
    1 year ago

    Ex was flamboyantly gay.

    The amount of straight men in relationships who will approach gay men for sex is much higher than you think.

    Multiple coworkers were in his dms and he probably got propositioned weekly from people who would generally be negative towards gay people.

    All it takes is a screenshot and a dm to a spouse.