Security!


  • Winner of the 2016 Presidential Election

    Background:

    I work for a little Fortune 500 company with presence in 71 countries/regions.

    For the past six months or so, we've been getting decrees from Security Operations that we must implement this or that new policy. Some of them are silly; some of them I can't believe weren't implemented before. One big one is that our website must implement SSL.

    WTF:

    Our Windows server admin just sent a plaintext1 email2 with our unencrypted3 PKCS #12 private key4!!! and public key pair to our Unix server admin, CCing two unrelated people5 (myself included), and two distribution lists6.


  • SockDev

    ..... why the supertext but no footnotes?


  • Winner of the 2016 Presidential Election

    @accalia said:

    ..... why the supertext but no footnotes?

    Just counting the WTFs.



  • Looks more like he's simply enumerating the WTFs...


  • SockDev

    ooooohh.

    i wonder, are you going to be doing a PCI complaince audit?

    because that should reveal a steaming pile of WTFs. :-D


  • Winner of the 2016 Presidential Election

    @accalia said:

    i wonder, are you going to be doing a PCI complaince audit?

    The thought terrifies me. I don't know what's coming next, they don't tell me until it's time to implement.


  • SockDev

    @error said:

    The thought terrifies me.

    as long as you aren't liable for any violations you can laugh all the way to the bank...

    unless you are liable for anything, or value having a personal life (instead of working 80 hour weeks to fix the violations)


Log in to reply
 

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.