|
Exactly.
They did all sorts of tests without being white listed.
But doing a DDoS is a weird choice for a "test", especially after being white listed. On a production system. Without communicating.
|
|
|
|
|
I don't know how you can be so calm about it.
I'd be absolutely %$#@#$% livid if some moron pulled a stunt like that.
"Oh, can you whitelist us, so we can hit your production system with a DDoS attack -- because that will make it look as though we're doing a great job, and we can charge more consultancy fees?"
@rses would be soundly and appropriately kicked, contracts would be torn up, and threats of civil action would be issued.
I wanna be a eunuchs developer! Pass me a bread knife!
|
|
|
|
|
Mark_Wallace wrote: I don't know how you can be so calm about it. I'm just a programmer who picked up the phone at the wrong time.
I haven't worked on that project for about half a year, so I have little to do with it
Besides, no harm done, except that their system was slow and customers complained.
And the most important part: it's not our fault
The customer I have been working for automatically kicked me out of their system (because I failed to do something which I cannot do and which I also didn't know anyone had to do) so I can't log in to their systems anymore. Been trying to get my access back for two weeks now, but the helpdesk can't do anything without approval of a manager (who I don't even know), the manager shouted "approved!" in a mail, but things don't work like that because it has to be formal. I can get it formal by using a tool I don't have access to. Then I get emails in a mailbox I can't access, I told them, but they can't help it because that's the email address the system sends it to. Then support changed all my passwords (to the first password any hacker would probably guess), but that didn't give me any additional access whatsoever. And now, of course, the helpdesk is not responding at all anymore
Actually, a DDoS doesn't sound so bad at all
|
|
|
|
|
heh.
Can somebody please, please, PLEASE kill the system?
Lemme guess: SAP and Lotus Notes?
I wanna be a eunuchs developer! Pass me a bread knife!
|
|
|
|
|
Mark_Wallace wrote: Lemme guess: SAP and Lotus Notes? Nope, not even close (really, I've never worked with either).
Unfortunately, I'm sworn to secrecy
|
|
|
|
|
In the same spirit as my other post on the thread; if done not stupidly vs what actually happened a DDOS type attack is of value for a pen test.
The most important part of doing it the right way is to coordinate with the company being tested to scale its size so the packet flood (or etc) stops just short of causing performance problems (ie only using up most of the spare bandwidth/server capacity). The point of this isn't just to see if a site is as DDOS hardy as the owners think it is (especially if they have some level of protection in place); but because real world attacks can hide themselves in a DDOS. With the immediately visible DDOS distracting both human operators and camouflaging attack/exfiltration/etc packets from security analytics tools that are looking for more sophisticated attacks.
Did you ever see history portrayed as an old man with a wise brow and pulseless heart, waging all things in the balance of reason?
Is not rather the genius of history like an eternal, imploring maiden, full of fire, with a burning heart and flaming soul, humanly warm and humanly beautiful?
--Zachris Topelius
Training a telescope on one’s own belly button will only reveal lint. You like that? You go right on staring at it. I prefer looking at galaxies.
-- Sarah Hoyt
|
|
|
|
|
What's the name of the company, by the way, so I can blacklist* them.
* The correct list.
I wanna be a eunuchs developer! Pass me a bread knife!
|
|
|
|
|
Pen testers needed you to white list them?
They officially suck, and don't appear to be able to provide a meaningful test result. It's not like it's hard to get malware onto a network...
"There are three kinds of lies: lies, damned lies and statistics."
- Benjamin Disraeli
|
|
|
|
|
No, they've done plenty of work before being white listed.
I guess they just wanted to do some additional tests while being white listed.
|
|
|
|
|
Well if they were running a scenario (such as an attack through a trusted partner network) then at least a courtesy call would be in order.
The lack of one smacks of incompetence.
"There are three kinds of lies: lies, damned lies and statistics."
- Benjamin Disraeli
|
|
|
|
|
It was a terrible summer for Humpty Dumpty, but he had a great fall.
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
|
|
|
|
|
His terrible summer was self-inflicted. He shouldn't have got so fried all the time.
Cheers,
Mick
------------------------------------------------
It doesn't matter how often or hard you fall on your arse, eventually you'll roll over and land on your feet.
|
|
|
|
|
He could not resist to spring into action.
The language is JavaScript. that of Mordor, which I will not utter here
This is Javascript. If you put big wheels and a racing stripe on a golf cart, it's still a f***ing golf cart.
"I don't know, extraterrestrial?"
"You mean like from space?"
"No, from Canada."
If software development were a circus, we would all be the clowns.
|
|
|
|
|
Ah, I remember it well, I had to spring into action to make a big honkin' omelette, with bacon of course.
"the debugger doesn't tell me anything because this code compiles just fine" - random QA comment
"Facebook is where you tell lies to your friends. Twitter is where you tell the truth to strangers." - chriselst
"I don't drink any more... then again, I don't drink any less." - Mike Mullikins uncle
|
|
|
|
|
And is it now the winter of his dis-content?
If you have an important point to make, don't try to be subtle or clever. Use a pile driver. Hit the point once. Then come back and hit it again. Then hit it a third time - a tremendous whack.
--Winston Churchill
|
|
|
|
|
What kind of crack was that? That yoke's a mere shell of your former glory.
To avoid the impression I'm pecking on you, my rant will be layed to roost.
Ravings en masse^ |
---|
"The difference between genius and stupidity is that genius has its limits." - Albert Einstein | "If you are searching for perfection in others, then you seek disappointment. If you are seek perfection in yourself, then you will find failure." - Balboos HaGadol Mar 2010 |
|
|
|
|
|
I finally got around to writing my first CP article! I wouldn't consider it anything terribly noteworthy, but writing an article is something I've wanted to do for quite some time so I worked on it over the weekend and finally completed it yesterday. If any of you veteran authors have any thoughts or suggestions about it, I would love to hear them.
https://www.codeproject.com/Articles/1164635/Converting-Numbers-to-Text-in-Csharp
The idea for a simple "number-spelling" toy just popped into my head on Saturday, so I thought I would take a stab at it. (You know you're a geek when the funnest thing you can think of doing on a lazy afternoon is to code a silly toy!)
|
|
|
|
|
I posted an article doing the same thing two years ago.
Converting Text Numbers to Numeric Values
".45 ACP - because shooting twice is just silly" - JSOP, 2010
- You can never have too much ammo - unless you're swimming, or on fire. - JSOP, 2010
- When you pry the gun from my cold dead hands, be careful - the barrel will be very hot. - JSOP, 2013
|
|
|
|
|
Brilliant! I did consider looking to see if anyone else had done this already (I figured it was probably inevitable), but I decided that would spoil the fun.
Actually, our articles are the dual of each other. You did text to numbers (much more difficult, no doubt), and I did numbers to text.
(And I used the American version of the number-words; apologies to y'all east of the pond!)
|
|
|
|
|
I did mine back in 2013 ... Converting numbers to the word equivalent. [^]
Mind you, some people do seem to have tried to use it to hand in their homework, judging by the comments...
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
|
|
|
|
|
OG, I stand in amazement -- that's some brilliant work! The wonderful thing about your approach is that it would seem natural to extend it to decimals, too!
|
|
|
|
|
I do like to help students to get the grade they deserve!
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
|
|
|
|
|
I can't believe there's so many 1 votes. I can't see any obvious bugs and it seems to work
|
|
|
|
|
You know, you really should start your own online university.
|
|
|
|
|