If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(CNBC)   Data security experts find trove of 360 million user credentials for sale online - all from companies that don't even realize that they've been hacked yet   (cnbc.com) divider line 41
    More: Scary, campus network, Adobe Systems, health records  
•       •       •

2994 clicks; posted to Geek » on 26 Feb 2014 at 3:48 PM (21 weeks ago)   |  Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



41 Comments   (+0 »)
   
View Voting Results: Smartest and Funniest
 
2014-02-26 02:12:24 PM
I'm starting to wonder just how long passwords and traditional credential use/storage will continue as the primary method of transacting online.
 
2014-02-26 02:38:19 PM
You know what would be nice, a list of companies, if available
 
2014-02-26 02:48:18 PM

Grand_Moff_Joseph: I'm starting to wonder just how long passwords and traditional credential use/storage will continue as the primary method of transacting online.


I maintain that ever more stringent password policy, while providing better security safeguards, is now at this point hindering productivity. If a user can't login to his workstation or website, no work will get done until it's resolved. Anecdotally, a good 10% of my time as an IT person is spent resetting user passwords.

We need to find a better way to uniquely credential users that is both easy and secure...
 
2014-02-26 02:53:31 PM
If you want to be routinely scared shiatless, forget Stephen King, read this guys' website...

http://krebsonsecurity.com/
 
2014-02-26 02:53:47 PM

make me some tea: Grand_Moff_Joseph: I'm starting to wonder just how long passwords and traditional credential use/storage will continue as the primary method of transacting online.

I maintain that ever more stringent password policy, while providing better security safeguards, is now at this point hindering productivity. If a user can't login to his workstation or website, no work will get done until it's resolved. Anecdotally, a good 10% of my time as an IT person is spent resetting user passwords.

We need to find a better way to uniquely credential users that is both easy and secure...


XKCD agrees:

imgs.xkcd.com
 
2014-02-26 03:09:41 PM

Torgo_of_Manos: If you want to be routinely scared shiatless, forget Stephen King, read this guys' website...

http://krebsonsecurity.com/


Mother of god.
 
2014-02-26 03:36:14 PM
So, like all of them.  As opposed to the ones that willingly sell your information.
 
2014-02-26 03:44:43 PM

make me some tea: Torgo_of_Manos: If you want to be routinely scared shiatless, forget Stephen King, read this guys' website...

http://krebsonsecurity.com/

Mother of god.


This one really read like a Ian Flemming novel (or a pre-Archer Vice episode)

http://krebsonsecurity.com/2014/02/these-guys-battled-blackpos-at-a- re tailer/
 
2014-02-26 03:54:03 PM
I don't suppose it occurred to him to keep his mouth shut aside from turning his findings over to the FBI so they stand a change of catching any of there folks?
 
2014-02-26 04:00:52 PM

make me some tea: Grand_Moff_Joseph: I'm starting to wonder just how long passwords and traditional credential use/storage will continue as the primary method of transacting online.

I maintain that ever more stringent password policy, while providing better security safeguards, is now at this point hindering productivity. If a user can't login to his workstation or website, no work will get done until it's resolved. Anecdotally, a good 10% of my time as an IT person is spent resetting user passwords.

We need to find a better way to uniquely credential users that is both easy and secure...


I worked with this person she was of the common clay and kept complaining how she hated her password and she had the best password ever. I showed her how to change her password on her login, she forgot it the next day. I just looked at her and shook my head.
 
2014-02-26 04:02:38 PM

AndreMA: I don't suppose it occurred to him to keep his mouth shut aside from turning his findings over to the FBI so they stand a change of catching any of there folks?


I think he was more interested in bragging about how smart he was.
 
2014-02-26 04:17:10 PM
Russians.
 
2014-02-26 04:19:37 PM
My PIN is 1111.
 
2014-02-26 04:24:13 PM

HotIgneous Intruder: My PIN is 1111.


The combination is 12345.
 
2014-02-26 04:25:35 PM

HotIgneous Intruder: My personal PIN number is 1111.


Pet peeve.
 
2014-02-26 04:57:28 PM

make me some tea: Grand_Moff_Joseph: I'm starting to wonder just how long passwords and traditional credential use/storage will continue as the primary method of transacting online.

I maintain that ever more stringent password policy, while providing better security safeguards, is now at this point hindering productivity. If a user can't login to his workstation or website, no work will get done until it's resolved. Anecdotally, a good 10% of my time as an IT person is spent resetting user passwords.

We need to find a better way to uniquely credential users that is both easy and secure...


Teach your users Patterns.

For example, Birthyear.  It's 4 digits, but if you make it a pattern, it can become: 1qaz9ijn9ijn0okm  1'down', 9'down', 9'down', 0'down'.   Hold 'shift' at some point and it completely changes.  Now a 16 character password is easy to remember and is secure.  32 characters for your and your sig other's birth year.
 
2014-02-26 05:34:15 PM
I used to share an office with the IT guy of a small company. He would run a script once a week that would attempt to crack all the employees passwords and would then email the top ten to let them know how many seconds it took and that they needed to change their password to something harder to crack. I ended up using every trick I could get my hands on to make even a brute force attack useless.

In retrospect, control characters were probably overkill (and a pain to type in).
 
2014-02-26 05:55:40 PM

SewerSquirrels: I used to share an office with the IT guy of a small company. He would run a script once a week that would attempt to crack all the employees passwords and would then email the top ten to let them know how many seconds it took and that they needed to change their password to something harder to crack. I ended up using every trick I could get my hands on to make even a brute force attack useless.

In retrospect, control characters were probably overkill (and a pain to type in).


The IT department where I work has it set up so that everyone who has a username and password to access the systems at work has to change passwords every 60 days, they have to be at least 8 characters long, cannot be re-used until you have changed your password at least 32 times, they MUST include numbers (and you cannot use, say daam3226, because the system won't let you use the same character twice in a row, or damp3126 followed by hand3745 because the same character(s) are in the same position as the previous password). It annoys the fark out of everyone at work, but at least it forces people at work to come up with passwords that aren't as easy to crack as 12345 or password.
 
2014-02-26 06:04:36 PM
Farking shiat... Its getting to the point that I am going to have to use a different password on every farking site...   I am gonna need to up my password-management game.  Any recommendations on encrypted options?  I mean other than a text file I can encrypt myself...
 
2014-02-26 06:19:12 PM

ClavellBCMI: SewerSquirrels: I used to share an office with the IT guy of a small company. He would run a script once a week that would attempt to crack all the employees passwords and would then email the top ten to let them know how many seconds it took and that they needed to change their password to something harder to crack. I ended up using every trick I could get my hands on to make even a brute force attack useless.

In retrospect, control characters were probably overkill (and a pain to type in).

The IT department where I work has it set up so that everyone who has a username and password to access the systems at work has to change passwords every 60 days, they have to be at least 8 characters long, cannot be re-used until you have changed your password at least 32 times, they MUST include numbers (and you cannot use, say daam3226, because the system won't let you use the same character twice in a row, or damp3126 followed by hand3745 because the same character(s) are in the same position as the previous password). It annoys the fark out of everyone at work, but at least it forces people at work to come up with passwords that aren't as easy to crack as 12345 or password.


and chances are, half of those people have the password of the month jotted down on a post-it note in their top desk drawer, which completely defeats the purpose of the password policy.

/seen it happen far too often
 
2014-02-26 06:35:04 PM

ClavellBCMI: SewerSquirrels: I used to share an office with the IT guy of a small company. He would run a script once a week that would attempt to crack all the employees passwords and would then email the top ten to let them know how many seconds it took and that they needed to change their password to something harder to crack. I ended up using every trick I could get my hands on to make even a brute force attack useless.

In retrospect, control characters were probably overkill (and a pain to type in).

The IT department where I work has it set up so that everyone who has a username and password to access the systems at work has to change passwords every 60 days, they have to be at least 8 characters long, cannot be re-used until you have changed your password at least 32 times, they MUST include numbers (and you cannot use, say daam3226, because the system won't let you use the same character twice in a row, or damp3126 followed by hand3745 because the same character(s) are in the same position as the previous password). It annoys the fark out of everyone at work, but at least it forces people at work to come up with passwords that aren't as easy to crack as 12345 or password.


It also increases the occurence of "Hi, I can't remember my password. Can you tell me what it is?"

Havokmon: Teach your users Patterns.

For example, Birthyear.  It's 4 digits, but if you make it a pattern, it can become: 1qaz9ijn9ijn0okm  1'down', 9'down', 9'down', 0'down'.   Hold 'shift' at some point and it completely changes.  Now a 16 character password is easy to remember and is secure.  32 characters for your and your sig other's birth year.


That's all well and good, but when credentials are intercepted or decrypted by third parties, it doesn't matter how strong your password is.
 
2014-02-26 06:47:18 PM

Torgo_of_Manos: If you want to be routinely scared shiatless, forget Stephen King, read this guys' website...

http://krebsonsecurity.com/


I honestly wonder how he's still alive. The stuff he documents isn't script kiddies, it's serious criminal organisations like the Russian mafia.
 
2014-02-26 06:52:37 PM
This one is why League of Legends has been DDOS'ed twice a day, every day, for the last month. They also use CloudFlare.

http://krebsonsecurity.com/2014/02/the-new-normal-200-400-gbps-ddos- at tacks/#more-24271

It is absolutely shocking to me that this hasn't been reported in the news. Major ISPS are being taken to their knees, daily.
 
2014-02-26 06:53:23 PM
make me some tea:
That's all well and good, but when credentials are intercepted or decrypted by third parties, it doesn't matter how strong your password is.

Too true.  If a user doesn't know their credentials have been compromised they have no reason to reset their password(s).
 
2014-02-26 06:55:09 PM

mjones73: HotIgneous Intruder: My PIN is 1111.

The combination is 12345.


That's amazing, I've got the same combination on my luggage!
/oblig
 
2014-02-26 09:04:27 PM

Maul555: Farking shiat... Its getting to the point that I am going to have to use a different password on every farking site...   I am gonna need to up my password-management game.  Any recommendations on encrypted options?  I mean other than a text file I can encrypt myself...


1password is good enough for the majority of sites. You should only have a couple critical passwords to remember: email, banking, paypal.
 
2014-02-26 10:12:44 PM

make me some tea: ClavellBCMI: SewerSquirrels: I used to share an office with the IT guy of a small company. He would run a script once a week that would attempt to crack all the employees passwords and would then email the top ten to let them know how many seconds it took and that they needed to change their password to something harder to crack. I ended up using every trick I could get my hands on to make even a brute force attack useless.

In retrospect, control characters were probably overkill (and a pain to type in).

The IT department where I work has it set up so that everyone who has a username and password to access the systems at work has to change passwords every 60 days, they have to be at least 8 characters long, cannot be re-used until you have changed your password at least 32 times, they MUST include numbers (and you cannot use, say daam3226, because the system won't let you use the same character twice in a row, or damp3126 followed by hand3745 because the same character(s) are in the same position as the previous password). It annoys the fark out of everyone at work, but at least it forces people at work to come up with passwords that aren't as easy to crack as 12345 or password.

It also increases the occurence of "Hi, I can't remember my password. Can you tell me what it is?"

Havokmon: Teach your users Patterns.

For example, Birthyear.  It's 4 digits, but if you make it a pattern, it can become: 1qaz9ijn9ijn0okm  1'down', 9'down', 9'down', 0'down'.   Hold 'shift' at some point and it completely changes.  Now a 16 character password is easy to remember and is secure.  32 characters for your and your sig other's birth year.

That's all well and good, but when credentials are intercepted or decrypted by third parties, it doesn't matter how strong your password is.


Well of course, IMHO, the PP was trying to solve the password reset and occurrences of luggage codes.

We're not getting into encryption during transmission, proper kerberos auth, or storing one-way hashes instead of multitudes of encrypted passwords with a single key. That's the Lavabit lesson - no matter how many circles you run in encrypting and decrypting data and whitepapers you write, if your underlying tech is garbage anyone with physical access has full access.
 
2014-02-26 10:19:03 PM
I use song lyrics or poems for my work password - 8 digits, one capital letter, at least one number

Previous one was from Springsteen: Tlubwb2r  ("Tramps like us, baby we're born to run") Or, coworkers use their middle name followed by a sequential number because Robert15 is WAY more secure than Robert14
 
2014-02-26 10:22:53 PM

make me some tea: Grand_Moff_Joseph: I'm starting to wonder just how long passwords and traditional credential use/storage will continue as the primary method of transacting online.

I maintain that ever more stringent password policy, while providing better security safeguards, is now at this point hindering productivity. If a user can't login to his workstation or website, no work will get done until it's resolved. Anecdotally, a good 10% of my time as an IT person is spent resetting user passwords.

We need to find a better way to uniquely credential users that is both easy and secure...


Genital imprint.

Done.
 
2014-02-26 10:41:24 PM

ClavellBCMI: SewerSquirrels: I used to share an office with the IT guy of a small company. He would run a script once a week that would attempt to crack all the employees passwords and would then email the top ten to let them know how many seconds it took and that they needed to change their password to something harder to crack. I ended up using every trick I could get my hands on to make even a brute force attack useless.

In retrospect, control characters were probably overkill (and a pain to type in).

The IT department where I work has it set up so that everyone who has a username and password to access the systems at work has to change passwords every 60 days, they have to be at least 8 characters long, cannot be re-used until you have changed your password at least 32 times, they MUST include numbers (and you cannot use, say daam3226, because the system won't let you use the same character twice in a row, or damp3126 followed by hand3745 because the same character(s) are in the same position as the previous password). It annoys the fark out of everyone at work, but at least it forces people at work to come up with passwords that aren't as easy to crack as 12345 or password.


Flip their keyboards over or the drawer underneath the keyboard. Thanks, IT department for forcing everyone to write their passwords down.
 
2014-02-26 10:45:02 PM

Shakin_Haitian: make me some tea: Grand_Moff_Joseph: I'm starting to wonder just how long passwords and traditional credential use/storage will continue as the primary method of transacting online.

I maintain that ever more stringent password policy, while providing better security safeguards, is now at this point hindering productivity. If a user can't login to his workstation or website, no work will get done until it's resolved. Anecdotally, a good 10% of my time as an IT person is spent resetting user passwords.

We need to find a better way to uniquely credential users that is both easy and secure...

Genital imprint.

Done.


Some guy did that with the iphone sensor.
 
2014-02-26 10:56:50 PM

Maul555: Farking shiat... Its getting to the point that I am going to have to use a different password on every farking site...   I am gonna need to up my password-management game.  Any recommendations on encrypted options?  I mean other than a text file I can encrypt myself...


Keepass looks promising.
 
2014-02-26 11:26:23 PM

Havokmon: make me some tea: ClavellBCMI: SewerSquirrels: I used to share an office with the IT guy of a small company. He would run a script once a week that would attempt to crack all the employees passwords and would then email the top ten to let them know how many seconds it took and that they needed to change their password to something harder to crack. I ended up using every trick I could get my hands on to make even a brute force attack useless.

In retrospect, control characters were probably overkill (and a pain to type in).

The IT department where I work has it set up so that everyone who has a username and password to access the systems at work has to change passwords every 60 days, they have to be at least 8 characters long, cannot be re-used until you have changed your password at least 32 times, they MUST include numbers (and you cannot use, say daam3226, because the system won't let you use the same character twice in a row, or damp3126 followed by hand3745 because the same character(s) are in the same position as the previous password). It annoys the fark out of everyone at work, but at least it forces people at work to come up with passwords that aren't as easy to crack as 12345 or password.

It also increases the occurence of "Hi, I can't remember my password. Can you tell me what it is?"

Havokmon: Teach your users Patterns.

For example, Birthyear.  It's 4 digits, but if you make it a pattern, it can become: 1qaz9ijn9ijn0okm  1'down', 9'down', 9'down', 0'down'.   Hold 'shift' at some point and it completely changes.  Now a 16 character password is easy to remember and is secure.  32 characters for your and your sig other's birth year.

That's all well and good, but when credentials are intercepted or decrypted by third parties, it doesn't matter how strong your password is.

Well of course, IMHO, the PP was trying to solve the password reset and occurrences of luggage codes.

We're not getting into encryption during transmission, proper kerberos auth, or storing one-way hashes instead of multitudes of encrypted passwords with a single key. That's the Lavabit lesson - no matter how many circles you run in encrypting and decrypting data and whitepapers you write, if your underlying tech is garbage anyone with physical access has full access.


The FBI had to get a court to order lava bit to turn over the key. Physical access wasn't enough.
 
2014-02-27 09:13:52 AM
Sudo_Make_Me_A_Sandwich:


The FBI had to get a court to order lava bit to turn over the key. Physical access wasn't enough

Actually, it would have been. Company policy stating "We don't run in debug mode and save passwords in clear text" does not trump law and a lawful subpoena for data.
Levison tried to milk the taxpayers to implement an archive system after he already provided the historical email data ([sarcasm] encrypted data so secure even he couldn't access it [/sarcasm]).  The FBI said screw your demands, it's trivial to 'sniff, filter and save' (caveat: we need your SSL key). Then Levison hypocritically claimed that US law (subpoena only requesting specific data) isn't as strong as his company policy and everyone's data was at risk.  Result: People who were suckered in by his claims because of the NSA's overly reaching program threw money at him - giving him exactly what he wanted.

Here's my blog for the whole story with all the details - from the perspective of someone who's run a public email service for over a decade, has received the exact same documents - and never gave up an SSL key.   That is, a competent admin.
http://havokmon.blogspot.com/2013/12/lavabit-theres-sucker-born-ever y- minute.html
 
2014-02-27 10:15:15 AM

SewerSquirrels: I used to share an office with the IT guy of a small company. He would run a script once a week that would attempt to crack all the employees passwords and would then email the top ten to let them know how many seconds it took and that they needed to change their password to something harder to crack. I ended up using every trick I could get my hands on to make even a brute force attack useless.

In retrospect, control characters were probably overkill (and a pain to type in).


I used to do that back in the day when I ran an NT4 domain for a small company.  Friday afternoon I used to run L0phtcrack across the domain user list.  It was hilarious how quickly some of the passwords fell.  A significant percentage fell within the first 10 seconds.


justtray: This one is why League of Legends has been DDOS'ed twice a day, every day, for the last month. They also use CloudFlare.

http://krebsonsecurity.com/2014/02/the-new-normal-200-400-gbps-ddos- at tacks/#more-24271

It is absolutely shocking to me that this hasn't been reported in the news. Major ISPS are being taken to their knees, daily.


These amplification attacks are such a farking pain.  A particular client that I do a lot of work for got their main website taken offline with a DNS Reflection amplification DDoS.  Hit the connection limits of the firewalls in under 2 minutes.  10k individual DNS servers spitting data at their webserver.

Nothing I could do to mitigate it at the firewall level, firewall was already dropping the traffic, but by that point it's already eaten up the incoming bandwidth, and the firewall has to at least process the packet to know to drop it. :-(

Had a no-nothing manager whinging and moaning that "we pay a lot of money for this firewall, why did the IDS module not pick this up".  Err, because it's dropped by the firewall engine before it gets to the IDS engine, IDS only scans accepted packets, as there's no point in inspecting a packet you aren't going to pass. Hid response "well, that's useless, why do we even pay for IDS".  Then he started gibbering about how Palo Alto are so great and how that would have done a better job.

/they also decided that ISP level IPS/IDS was "too expensive"
 
2014-02-27 01:36:50 PM

sinanju: HotIgneous Intruder: My personal PIN number is 1111.

Pet peeve.


Redundant pet peeve is redundant.

http://en.wikipedia.org/wiki/Personal_identification_number
 
2014-02-27 03:52:43 PM

Havokmon: Here's my blog for the whole story with all the details


That's interesting - thank you. $30/year for the metadata mitagator might be worth it, since it's not a whole lot more than I was paying lavabit anyway.
 
2014-02-27 04:06:45 PM

theresnothinglft: sinanju: HotIgneous Intruder: My personal PIN number is 1111.

Pet peeve.

Redundant pet peeve is redundant.

http://en.wikipedia.org/wiki/Personal_identification_number


Joke <<<<<<<-------
-> Your head
 
2014-02-27 04:15:54 PM

Pinko_Commie: SewerSquirrels: I used to share an office with the IT guy of a small company. He would run a script once a week that would attempt to crack all the employees passwords and would then email the top ten to let them know how many seconds it took and that they needed to change their password to something harder to crack. I ended up using every trick I could get my hands on to make even a brute force attack useless.

In retrospect, control characters were probably overkill (and a pain to type in).

I used to do that back in the day when I ran an NT4 domain for a small company.  Friday afternoon I used to run L0phtcrack across the domain user list.  It was hilarious how quickly some of the passwords fell.  A significant percentage fell within the first 10 seconds.


justtray: This one is why League of Legends has been DDOS'ed twice a day, every day, for the last month. They also use CloudFlare.

http://krebsonsecurity.com/2014/02/the-new-normal-200-400-gbps-ddos- at tacks/#more-24271

It is absolutely shocking to me that this hasn't been reported in the news. Major ISPS are being taken to their knees, daily.

These amplification attacks are such a farking pain.  A particular client that I do a lot of work for got their main website taken offline with a DNS Reflection amplification DDoS.  Hit the connection limits of the firewalls in under 2 minutes.  10k individual DNS servers spitting data at their webserver.

Nothing I could do to mitigate it at the firewall level, firewall was already dropping the traffic, but by that point it's already eaten up the incoming bandwidth, and the firewall has to at least process the packet to know to drop it. :-(

Had a no-nothing manager whinging and moaning that "we pay a lot of money for this firewall, why did the IDS module not pick this up".  Err, because it's dropped by the firewall engine before it gets to the IDS engine, IDS only scans accepted packets, as there's no point in inspecting a packet you aren't going to pass. Hid respo ...


I used to work InfoSec for a large retailer (no, not Target :) - we had a manager come in that we were embarrassed to have with us in meetings with other departments. If he didn't fall asleep, he would ask the stupidest questions.  At one point we were involved in an iPad rollout, and his answer for securing them was "SSL VPN! If you had an SSL VPN on there, that would solve everything!"  And why was that different from IPSEC?  "Because it's an SSL VPN and will solve everything!" *sigh*
He had his CISSP.  I have nothing (not even college), and I was on the verge of being convinced to go for my CISSP when he started - he totally turned me off to it.  At one point I wrote a script to mine the CISSP certificate site to find his certificate because we didn't believe he actually passed..  Yeah, he had it.  Unbelievable.
 
2014-02-27 06:57:01 PM

Havokmon: Pinko_Commie: SewerSquirrels: I used to share an office with the IT guy of a small company. He would run a script once a week that would attempt to crack all the employees passwords and would then email the top ten to let them know how many seconds it took and that they needed to change their password to something harder to crack. I ended up using every trick I could get my hands on to make even a brute force attack useless.

In retrospect, control characters were probably overkill (and a pain to type in).

I used to do that back in the day when I ran an NT4 domain for a small company.  Friday afternoon I used to run L0phtcrack across the domain user list.  It was hilarious how quickly some of the passwords fell.  A significant percentage fell within the first 10 seconds.


justtray: This one is why League of Legends has been DDOS'ed twice a day, every day, for the last month. They also use CloudFlare.

http://krebsonsecurity.com/2014/02/the-new-normal-200-400-gbps-ddos- at tacks/#more-24271

It is absolutely shocking to me that this hasn't been reported in the news. Major ISPS are being taken to their knees, daily.

These amplification attacks are such a farking pain.  A particular client that I do a lot of work for got their main website taken offline with a DNS Reflection amplification DDoS.  Hit the connection limits of the firewalls in under 2 minutes.  10k individual DNS servers spitting data at their webserver.

Nothing I could do to mitigate it at the firewall level, firewall was already dropping the traffic, but by that point it's already eaten up the incoming bandwidth, and the firewall has to at least process the packet to know to drop it. :-(

Had a no-nothing manager whinging and moaning that "we pay a lot of money for this firewall, why did the IDS module not pick this up".  Err, because it's dropped by the firewall engine before it gets to the IDS engine, IDS only scans accepted packets, as there's no point in inspecting a packet you aren't going to pass. Hid respo ...

I used to work InfoSec for a large retailer (no, not Target :) - we had a manager come in that we were embarrassed to have with us in meetings with other departments. If he didn't fall asleep, he would ask the stupidest questions.  At one point we were involved in an iPad rollout, and his answer for securing them was "SSL VPN! If you had an SSL VPN on there, that would solve everything!"  And why was that different from IPSEC?  "Because it's an SSL VPN and will solve everything!" *sigh*
He had his CISSP.  I have nothing (not even college), and I was on the verge of being convinced to go for my CISSP when he started - he totally turned me off to it.  At one point I wrote a script to mine the CISSP certificate site to find his certificate because we didn't believe he actually passed..  Yeah, he had it.  Unbelievable.


Recently I've been running into a hell of a lot of TDAs, working for the bigger service providers, who claim they have a CCIE in routing & switching, yet couldn't route their way out of a paper bag.

I work with a CCIE and he's shiat hot, but these guys honestly couldn't even do basic subneting.

The other favorite is management raving about Palo Alto. They seem to think it's actually magic and is the fix for all your woes.
 
2014-02-27 07:22:15 PM
We just need to up the punishment. No more prison time. Instant executions once found guilty of identity theft.
 
Displayed 41 of 41 comments

View Voting Results: Smartest and Funniest


This thread is closed to new comments.

Continue Farking
Submit a Link »






Report