Topper Jake



  • I've been going crazy with a co-worker who recently started, and had to share some insights from "the best security guy out there"

    I mentioned to -- let's call him "Jake" -- Jake that there was a proof-of-concept for modifying the firmware that interfaces with USB to place attack payloads on them. He is our security guy. Penetration Testing, checks for exploits, etc.

    This is also the same guy who wanted to make sure that IPMC was closed, and called port 25 SNMP, and just
    asked me if he was allowed to XXS test my servers (XSS obviously).

    I couldn't make this next bit up. His response to my proof-of-concept report was this:

    From: Jake

    At NSA we were taught how to write a specific malware that was
    embeeded in an MP3 song and all users had to do was play the song from the CD

    it was a virus, worm and bot altogether

    Other Jake-isms:

    I set up a virtual Kali server for him, and told him to test access using X11 forwarding (we don't give people access to the hypervisor). He opens firefox, and asks for the URL

    I set up an outside server for him, and tell him to try to connect via SSH. He asks for the URL.

    I explain that a domain is separate from an IP, and both are completely different than a URL. He argued against my definition.

    Any time I call him on his lack of knowledge, his excuse is that I didn't make myself clear, or I didn't listen to his
    response.

    My head hurts after talking to him from all the head-slapping he induces. Can anybody top my topper?


  • Discourse touched me in a no-no place

    @jonsjava said:

    At NSA we were taught how to write a specific malware that wasembeeded in an MP3 song and all users had to do was play the song from the CD

    That's technically possible, but only if the player is written by a bunch of incompetent fuckmuppets.


  • sockdevs

    @dkf said:

    incompetent fuckmuppets.

    so it was written by the NSA?



  • . . .

    You've seen itunes, right?



  • @jonsjava said:

    Any time I call him on his lack of knowledge, his excuse is that I didn't make myself clear, or I didn't listen to his response

    People like this are really poisonous. Especially if they're charismatic and then start on a hate campaign against you to management (because you've spotted they're a sciolist).



  • Isn't it toppers all the way up?



  • @dkf said:

    bunch of incompetent fuckmuppets

    That is a perfect definition of the WinAmp ID3 tag vulnerability



  • His latest:

    came across a good py script to run to test for ShellShock vuln on
    Apache OS's

    So, apparently Apache is type of OS now.

    Unrelated, my forehead is getting bloody today.



  • If you ask him about it, it will be

    Apache OS


Log in to reply
 

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.