Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you may not be able to execute some actions.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

Topper Jake

jonsjava last edited by

I've been going crazy with a co-worker who recently started, and had to share some insights from "the best security guy out there"

I mentioned to -- let's call him "Jake" -- Jake that there was a proof-of-concept for modifying the firmware that interfaces with USB to place attack payloads on them. He is our security guy. Penetration Testing, checks for exploits, etc.

This is also the same guy who wanted to make sure that IPMC was closed, and called port 25 SNMP, and just
asked me if he was allowed to XXS test my servers (XSS obviously).

I couldn't make this next bit up. His response to my proof-of-concept report was this:

From: Jake

At NSA we were taught how to write a specific malware that was
embeeded in an MP3 song and all users had to do was play the song from the CD

it was a virus, worm and bot altogether

Other Jake-isms:

I set up a virtual Kali server for him, and told him to test access using X11 forwarding (we don't give people access to the hypervisor). He opens firefox, and asks for the URL

I set up an outside server for him, and tell him to try to connect via SSH. He asks for the URL.

I explain that a domain is separate from an IP, and both are completely different than a URL. He argued against my definition.

Any time I call him on his lack of knowledge, his excuse is that I didn't make myself clear, or I didn't listen to his
response.

My head hurts after talking to him from all the head-slapping he induces. Can anybody top my topper?
Reply Quote 10
1 Reply Last reply
dkf Discourse touched me in a no-no place last edited by

@jonsjava said:
At NSA we were taught how to write a specific malware that wasembeeded in an MP3 song and all users had to do was play the song from the CD

That's technically possible, but only if the player is written by a bunch of incompetent fuckmuppets.
Reply Quote 13
3 Replies Last reply
accalia FoxDev last edited by @dkf

@dkf said:
incompetent fuckmuppets.

so it was written by the NSA?
Reply Quote 8
1 Reply Last reply
Matches last edited by @dkf

. . .

You've seen itunes, right?
Reply Quote 10
1 Reply Last reply
Cursorkeys 🚽 Regular last edited by

@jonsjava said:
Any time I call him on his lack of knowledge, his excuse is that I didn't make myself clear, or I didn't listen to his response

People like this are really poisonous. Especially if they're charismatic and then start on a hate campaign against you to management (because you've spotted they're a sciolist).
Reply Quote 3
1 Reply Last reply
chubertdev last edited by

Isn't it toppers all the way up?
Reply Quote 2
1 Reply Last reply
Cursorkeys 🚽 Regular last edited by @dkf

@dkf said:
bunch of incompetent fuckmuppets

That is a perfect definition of the WinAmp ID3 tag vulnerability
Reply Quote 5
1 Reply Last reply
jonsjava last edited by

His latest:

came across a good py script to run to test for ShellShock vuln on
Apache OS's

So, apparently Apache is type of OS now.

Unrelated, my forehead is getting bloody today.
Reply Quote 5
1 Reply Last reply
Matches last edited by @jonsjava

If you ask him about it, it will be

Apache OS
Reply Quote 0
1 Reply Last reply

9
Posts

719
Views

Log in to reply