Anonymous company WTF-s
-
There's a good discussion thread on reddit where people anonymously whistleblow on their company's WTF practices. Here are a few IT-related highlights.
We store all your personal details in plaintext. I work for a company that sells Total Defense security software.
NEVER BUY TOTALDEFENSE IF YOU CARE ABOUT YOUR PASSWORDS AND CREDIT CARD DATA.
You're paying us to put your details in a form and click submit.
...
Nope, a marketing company. One of our services is setting up a Google places account. We literally put their details into a form, click submit and they pay us $340.
One week later they're on Google places.
I'm an analyst and supposed to be an expert in my field. The reality is I don't know shit and make up most of what I do. I'm starting to think all my coworkers are this way as well. We're just professional bullshitters.
That we actually have ZERO customers, that we burnt well over $3m of our investors money into a product that barely works and has no market potential.
I'm from a Third World country. One of the biggest computer software/hardware companies in the world outsource most of their services to us.
Now this major computer software company has an email service. If you forgot your password, or someone has hacked into your account, then it is our job to get you a new password or return the control of your account back to you.
So, you fill up a form with identifying details (full name, birthday, at least five contacts, subjects of your recent emails, etc) so we can determine if you really are the owner of that account. We cross-check the details that you've provided us with those in your account.
How do we do this? Well, we have 100 percent access to your account. WE CAN READ EVERY SINGLE EMAIL. We can see your contacts, your pictures, and everything. This software company doesn't have any method to prevent us, their outsourced agents, from reading other people's emails. They basically told us, "Hey, don't read clients' emails. You'll get a reprimand if you do."
Even if I don't have a ticket on my queue, I can easily open the emails of anyone I know who uses this email service, as long as I know their username.
The same goes for this company's cloud service; we can also open any files that you store in their cloud, even if you set them on private. I can blackmail a lot of people if I want to.
But I won't do that, because I'm a good person.
TL,DR: Some dude from a Third World country is reading your emails right now.Commenter that probably guesses it right:
My guess... Microsoft... and based on how you compose your sentences, you are not in India... I'm guessing Philippines.
I used to work for a large British Bank a few years ago. First day on the job in a internal IT support "call centre" I was shown how to access any customers bank details in the UK, alter their mortgages, adjust their overdrafts and ofc move money in and out of their accounts.
This was my first day on the job, no background or security checks nothing nada. I do not bank with these people anymore.
This one is amazing.
We keep track of all our inventory on a giant erasable white board. There is no other place physically or virtually to obtain this information. Literally someone could randomly walk by and force us to re-count thousands of tiny parts.
I work at a robotics company and our customers are various hospitals all over the country.A bunch of edits with clarifications and such, but they water down the initial impact IMO.
I work for a defense contractor that specializes in basically doing the thinking for the federal government. We are paid via no-bid contracts because we 'save them' money.
We rarely work more than 2 real hours in a given day; I bring beer to work for the whole office (homebrewer) once a month and people get hammered and then return to 'work'. We have a '59 minute' rule that basically says you can charge anything to main work so long as it's less than a full hour. Analytical tools I create recycle the same core code over and over, with small changes. We code in matlab. We regularly talk about how fucking stupid the government is for paying us so much. My first month I was told to 'slow down' on completing tasks or there wouldn't be any work available for me to charge to and that would 'look bad' for everyone else.
We have cost a lot of people their licenses and livelihoods.
We install interlocks, a machine that will allow your car to turn on if you don't have alcohol in your breath. The problem is that many do not function properly and report incorrectly. When the client fails a test and says, "I've been sober for a year!" we say, "well, the machine reported alcohol, and you can't prove otherwise" either you fork over $X to cover the violation fees or we will report non-compliance and you get your license revoked. They have no choice.
One day you wake up to go to work and your car doesn't turn on because of the machine. You wonder why, you ask us why, we tell you to tow the car to our shop (at your expense) and we will look at the unit and refund the tow, we say it was a "violation", we won't refund your tow and you also owe us $X for violation fees. The DMV gets a copy of this "violation", your program gets extended for 6months to a year because of our faulty equipment (which we say we replaced for "customer satisfaction" and not for "malfunctions".
All the while you're missing work because we're only open Mon-Fri 8-5.
X= anywhere between $50 and $100
We basically hold licenses for ransom.
If you have an Interlock right now, feel free to ask me anything. I'll help you beat this monster.
That all our passwords are the same or just a variant in numbers. We can all access each others accounts and if we don't we just ask for the password. It makes life easier for when somebody is on holidays and only he has a specific access to fix a problem, for example. The only reason we do this is because security is so tight and the deadlines are so awful that going through the right paperwork to grant temporary access would cost us money because it takes too long.
Now, no biggy you'd think, but I work in IT and our clients are some of the biggest in aerospace industry. They take security very seriously.
If I was savvy enough, I could easily plant a backdoor in one of the programs through the account of someone higher up. I could stop a missile launch, costing millions, or find out the administrator's password and sell it on the black market to terrorists, making myself millions.
This one makes me mad.
My former employer (that Rhymes with ju-jitsu) made a routine process out of finding small startups with interesting tech, promising them a joint development venture then giving their designs to the in house development teams to get a build on their basic ideas and get a boxed product on the shelves before the people in the startup were even aware. Give them just enough cash advances to keep them from signing anything "Hey you just take the money, we haven't even signed anything yet so this is all yours, we can call it a consulting fee, we'll draw up papers when we get to a point where you're ready to release."
And of course they never have enough money to defend themselves and w/out anything signed it's all too late.
They still do this to this day easily 25% of their company is based on stolen tech, products and services.
It's way cheaper to throw 5-100K at someone and steal their product than it is to do a buyout.
They literally make Billions off crushing startups. "Feel free to take legal action, here are the 7 firms that represent us, pick one."
Oh and this was always done through an intermediary as well "Hi I'm Greg and I'm the lead developing consultant working with Ju-Jitsu and they've authorized me to...." further insulating themselves from any possible actions.
Not exactly IT, but still amazing.
When you call a cable company, and your call drops randomly, so you have to call back, that isn't random. Customer Service Reps (CSRs) are judged on bullshit metrics, including average call length. Many calls go over the average accepted call length, so, to bring their average back down, CSRs have to hang up on a few calls a day. Those '9 second' calls bring their averages in line with job requirements.
They hate it, too.
CSRs also add pay services you didn't ask for onto your account, under their employee number, then remove those services and zero out charges under another rep's number, to meet their sales quotas. You might call, but you will be told we upgraded your software and added it on by mistake, and caught it before you were charged.
There is no Customer Service in cable: just sales, driven by made up metrics based in no earthly reality by VPs who have never spoken to a customer in tbeir life.
I retouch and repair graphics for things like pictures, documents, books etc. A lot of times the book covers will be especially tricky, so I hide dicks in the graphics so I can recognize my work in the wild.
Edit: the processClick the link.
At a former non profit where I was a project manager:
Your credit card information (name, number, CVV) is in an unencrypted CSV file that sits on a FTP site.
I worked as a goverment contractor in a server cluster engineering team. We had 8 people making over 100k a year that had no project and did absoulety nothing for over a year.
We all worked remotely from home.
Online subscription service, and we don't encrypt your password.
That's right, lady on the phone. "cumdumpster69" is right there in the database next to your name and your email address.
I work for a company that provides credit cards/fleet cards to company's for their employees who are out in the field. We ask them if they want the P.O.S. machines to ask for an employee number, etc., for additional security so the cards can't be used by just anyone.
Found out recently....that's all bullshit. This can be bypassed by simply entering 0's at the machine and any one can use the card and you'd never know what happened.
Left out: All the non-IT WTFs, some of which are amazing. Just to give you a taste:
My father works for an excavating company. They find human remains a couple times a year, and if they're not somewhat fresh (~10 years) they just bury them back in the ground. The government will delay the project for months, sometimes costing employees their wages and companies millions in delays...so everyone just pretends they didn't see it.
-
And the sad part is none of these even remotely surprise me any more.
-
And the sad part is none of these even remotely surprise me any more.
Ah, the hopeless empty eyes of a TDWTF veteran.
-
It's like you know me.
-
-
Feel free to ignore my nitpicking at these, but nothing is remotely surprising here.
On the one you labeled as making you mad, please don't tell me you were surprised by it. That is standard (except most people doing a good start up aren't dumb enough to share things without proper paperwork).
The call centers hanging up on people is normal. Hell, I remember having to do things like that in a call center that was provided as a free service to help kids with homework (basically so the school could write off what they paid students as charity stuff) much less one that is focused on making money.
And everyone who has done construction knows about the non-IT one you listed.
-
My guess... Microsoft... and based on how you compose your sentences, you are not in India... I'm guessing Philippines.
OK, maybe I'm giving them too much credit, but Microsoft is trying really hard to compete with Google's cloud services, including things like security (they even offer SMS-sent temporary passwords, which Google does not). They know any mistake would ruin their remaining reputation, so I find it hard to believe they'd just give unlimited access to email accounts to a random outside company. Not saying your @outlook.com emails will be perfectly safe from prying eyes, but I'd hope they have some access controls.Now Yahoo, that would sound about right. But he said "computer software/hardware companies". So I'd say probably Apple or a smaller, lesser-known one.
I wonder, is there any way to know for sure where companies outsource things like that?
-
I wonder, is there any way to know for sure where companies outsource things like that?
Not really, asmost of it gets outsourced to someone big who either:
- has places all over (and will do all they can to not tell the customer where they are doing the work)
- subcontracts the actual fulfillment of services to another company that in turn does 1
-
1. has places all over (and will do all they can to not tell the customer where they are doing the work)
Wow, it's like an analog version of Tʜᴇ Cʟᴏᴜᴅ!
-
Not exactly a WTF, but I worked IT for a collection agency. Every week I would upload a file to Equifax that ruined the credit of 10,000s of Canadians.
If you got a ding on your Equifax credit report between 2005 and 2007, that was probably me who told them.
-
There's a tiny part of me screaming in agony at these. But I just told Tim to shut up and go back to his corner.
-
OK, maybe I'm giving them too much credit, but Microsoft is trying really hard to compete with Google's cloud services, including things like security (they even offer SMS-sent temporary passwords, which Google does not). They know any mistake would ruin their remaining reputation, so I find it hard to believe they'd just give unlimited access to email accounts to a random outside company. Not saying your @outlook.com emails will be perfectly safe from prying eyes, but I'd hope they have some access controls.
Now Yahoo, that would sound about right. But he said "computer software/hardware companies". So I'd say probably Apple or a smaller, lesser-known one.
I wonder, is there any way to know for sure where companies outsource things like that?
Uhhh, what?
They have every possibility of being the offenders.
-
Reminds me of this:
-
This one makes me mad.
My former employer (that Rhymes with ju-jitsu) made a routine process out of finding small startups with interesting tech, promising them a joint development venture then giving their designs to the in house development teams to get a build on their basic ideas and get a boxed product on the shelves before the people in the startup were even aware. Give them just enough cash advances to keep them from signing anything "Hey you just take the money, we haven't even signed anything yet so this is all yours, we can call it a consulting fee, we'll draw up papers when we get to a point where you're ready to release."And of course they never have enough money to defend themselves and w/out anything signed it's all too late.They still do this to this day easily 25% of their company is based on stolen tech, products and services.It's way cheaper to throw 5-100K at someone and steal their product than it is to do a buyout.They literally make Billions off crushing startups. "Feel free to take legal action, here are the 7 firms that represent us, pick one."Oh and this was always done through an intermediary as well "Hi I'm Greg and I'm the lead developing consultant working with Ju-Jitsu and they've authorized me to...." further insulating themselves from any possible actions.
I wish this one surprised me. They've got some really good people, but good luck on actually working with one of them instead of the scum.
CNN Apple app sends user transmissions in clear text - IT Security Guru
