Unique & Secure Passwords...
Source: Hacking FB Page

Unique Passwords..😂

Recently, one of our passwords was accidently published on a public page for a few minutes before it was noticed and removed. Unfortunately, this password opens nearly every locked account so it's a pretty big deal.

Management was informed of this mistake and told that we should change the passwords as well as implement a few other protocols to make sure this doesn't happen again including things like unique passwords, more secure passwords, using a password manager, etc.

Their response? It wasn't online long, probably no one saw it. There will be no changes in how we handle ours or our clients' secure passwords.

Heiliger Strohsack !

So I enventually spent 2 years working for that company with a strong b2b market. Everything from the checkouts in their 6 b2c stores to the softwares used by the 30-people sales team was dependant on the main ERP shit home-built with this monstruosity we call Windev here in France. If you don't know it just google and have some laugh : this is a proprieteray FRENCH language. Not french like made by french people, well that too, but mostly french like the fucking language is un fucking french ! Instructions are on french, everything. Hey that's my natural language okay, but for code, really ?

The php website was using the ERP database too, even all the software/hardware of the massive logistic installation they had (like a tiny Amazon depot), and of course the emails of all employees. Everything was just handled by this unique shitty and so sloooooow fucking app. When there was to many clients on the website or even too many salespeople connected to the ERP at the same time, every-fuckin-piece of the company was slowing down, and even worse facing critical bugs. So they installed a monitor in the corner of a desk constantly showing the live report page of Google analytics and they started panic attacks everytime it was counting more than 30 sessions on the website. That was at the time fun and sad to observe.

The whole shit was created 12 years ago and is since maintened locally by one unique old-fashion-microsoft dev who also have to maintain all the hardware of all the fucking 150+ people business. You know, when the keyboard of anyone is "broken" cause it's unplugged... That's his job too. The poor guy was totally overstressed on a daily basis and his tech knowledge just saddly losts themeselves somewhere in the way. He was my n+1 in a tech team of 3 people : him, a young and inexperimented so-called "php developer" who was in charge of the website (btw full of security holes I discovered and dealed with when I first arrive at the job), and myself.

The database was a hell of 100+ tables of business and marketing data with a ton of specific logic added on-the-go during years. No consistent data model or naming. No utf8. Fucked up relations that ends with queries long enough to fill books. And that's not all, all the customers passwords was just stored there uncrypted. Several very big companies and administrations were some of these clients. I was insisting on the passwords point litterally all the time, that was an easy security fix and a good start... But no, in two years of discussions on the subject I never achieved to have them focusing on other considerations than "our customers like that we can remind them their password by a simple phone call if they lost it". What. The. Fuck. WHATTHEFUCK!

Eventually I ran myself out of this nightmare. I had a few bad jobs already, and worked on shitty software already. But that one really blows my mind (and motivation for a time too). Happy it's over.

Social Captain (a service to increase a user's Instagram followers) has exposed thousands of Instagram account passwords. The company says it helps thousands of users to grow their Instagram follower counts by connecting their accounts to its platform. Users are asked to enter their Instagram username and password into the platform to get started.

According to TechCrunch : Social Captain was storing the passwords of linked Instagram accounts in unencrypted plaintext. Any user who viewed the web page source code on their Social Captain profile page could see their Instagram username and password in plain text, as they had connected their account to the platform. A website bug allowed anyone access to any Social Captain user's profile without having to log in ; simply plugging in a user's unique account ID into the company's web address would grant access to their Social Captain account and their Instagram login credentials. Because the user account IDs were for the most part sequential, it was possible to access any user's account and view their Instagram password and other account information easily. The security researcher who reported the vulnerability provided a spreadsheet of about 10,000 scraped user accounts to TechCrunch.

Soo... Let me get this straight... My boss reeeeeeally wants me to reconfigure our database system to sync data between each of our 15 sites... Let me this about this...

Our database is an MS Access database originally written about 17 years ago. It was written as a standalone database that runs a unique instance for each of our sites.The person responsible for the database (still not the original developer) before I took over 6 years ago bragged about how they were "an 80s developer" (w...t...f!). Even with all of the fixes and additions (additions because... F&$#ing of course there are!) It's still basically held together by duct tape and spit.

Hmmm... Ok, still possible. What's the environment I'm working in... I have absolutely ZERO control of our workplace network... That's a whole other department. Due to the nature of the workplace (and it's sites) there is extreme limitation on network access.

Well... If I'm Reeeeeeally nice to the people in charge of the network, maaaaaybe they can give me access to a little server space.

A very long shot, but, doab.... Oh, the boss would really like this handled in the next couple months...

F$#k you! There is no way on God's (still) green earth that I... Alone... Can rewrite a legacy database... written across 4 or 5 different versions of FU$KING MS Access, and give 15 sites, with extremely limited networking, real time data sync in... Oh, a few months.

Now, I do not work with "computer people". I'm usually lucky when my coworkers remember their passwords (which, even if they don't, WHY tell ME! I don't run the network!)

And when I tell my boss basically what I just said... In a nice, pleasant way... They suggest I'm not giving the problem enough thought...

FU#K YOU IGNORANT ASS! Write me a ToDo list in MS Access (no, I'm not going to tell you where to start) in under an hour then, MAYBE, we can talk about... No... Just NO... Can't be done!

*Takes deep breath* so... Lovely weather we're having, right?

So, I’ve been given the task of sorting the security out in an application plugging the holes and whatnot as to be honest it’s shocking haha. It doesn’t help that we automate security audits but that’s a different rant for another day.

We’re using devise for authentication (rails standard, ♥️ devise), we have no password resets through the login page, it has to be manually reset by ringing support, why who knows, even though it’s built into the gem and we allow the user to login using an username instead of an email because for whatever reason someone thought it was a bright idea to not have the email field mandatory.

So I hop onto a call with the BAs, basically I go that we need to implement password resets into the login page so the user can do it themselves and also to cut down support calls a ticket is already in place for it. So I go through the standardised workflow for resetting a password. My manager goes.

“I don’t think this will be very secure”

Wait.. what. Have you never reset a password before? It’s following the same protocol as every other app.

We go back and fourth and I said I’ll get it checked with security just to keep him happy.

The issue mainly is well we can’t implement password resets due to 100s of users not having an email on there account.. 🙃 so before we push this change we need to try and notice all users to set a unique email.

Updated the tickets. All dandy.

Looking at the PRs to see what security things have been done if any and turns out one of the devs in India has just written a migration to add the same default email to every user that doesn’t have an email present and yep it got merged. So I go revert the change but talk about taking a “we don’t care about security approach”.

Eventually we want to have the user reset their passwords and login using their email and someone goes a head and does that. Not to mention the security risk.

Jesus Christ I wonder why I bother sometimes.

i once changed all of the passwords of my main online accounts(google, apple, facebook, telegram, outlook) as they weren't changed for years.

i decided unique and long passwords for each of them.😎

immediately after changing the passwords, i forgot all of them. 😵fortunately, i was able to reset.
Has this ever happened to anyone?

WHATSAPP +1 252 378  7611 PROFESSIONAL BITCOIN RECOVERY EXPERT FOR HIRE CONTACT CYBER CONSTABLE INTELLIGENCE

Information of Cyber Constable Intelligence

WhatsApp info: + 1 2 5 2 3 7 8 7 6 1 1

Email info: (support (@) cyberconstableintelligence ).  com)
As a retired dentist, I found myself with ample free time but limited financial security. In search of a way to grow my savings, I turned to cryptocurrency trading. I joined several online forums and communities, where I read about the success others had found with Bitcoin. Their testimonies inspired me to take the plunge. With careful research and strategic investments, I managed to turn my initial investment into $250,000.The financial success brought a renewed sense of purpose and stability to my retirement. However, this newfound prosperity also attracted the envy of someone close to me: my financial advisor, whom I had trusted for years. Unbeknownst to me, he had been monitoring my success closely. One evening, while I was cooking supper, my financial advisor accessed my phone and changed the passwords to my accounts, attempting to transfer my Bitcoin to his wallet. I discovered this betrayal shortly after, feeling a mix of shock, panic, and anger. My financial future was in jeopardy, and I needed to act quickly. In my desperate search for a solution, I stumbled upon Cyber Constable Intelligence, a service specializing in recovering hacked accounts and lost cryptocurrency. With my savings hanging in the balance, I reached out to them, hoping for a miracle. The team at Cyber Constable Intelligence was prompt and professional. They reassured me that, despite the seriousness of my situation, there was a good chance they could help. Their calm and confident demeanor provided some much-needed comfort. They guided me through the recovery process, taking over the technical aspects and working tirelessly to regain control of my accounts. In a remarkably short time, Cyber Constable Intelligence managed to restore my access to my accounts and secure my Bitcoin. The relief I felt was indescribable. Not only had they recovered my funds, but they also provided essential advice on how to enhance the security of my digital assets. This experience taught me several valuable lessons. Firstly, trust must be carefully placed, even with long-term associates. Secondly, it's crucial to secure your digital assets with strong, unique passwords and two-factor authentication. Lastly, seeking professional help in times of crisis can make all the difference. After regaining control of my accounts, I severed ties with my financial advisor and took steps to ensure my assets were protected. Despite the ordeal, I emerged more knowledgeable and determined to safeguard my future. My experience with Cyber Constable Intelligence not only saved my investments but also reinforced the importance of vigilance and security in the digital age.

BITCOIN RECOVERY EXPERT FOR HIRE REVIEWS \\ REVENANT CYBER HACKER
Losing a Bitcoin wallet containing a substantial amount of cryptocurrency can be a devastating experience. However, the feeling of despair and loss was transformed into pure happiness when I received the incredible news from REVENANT CYBER HACKER that my lost Bitcoin wallet, holding 132,000 bitcoins, had been successfully recovered. In this article, I will share the rollercoaster emotional journey I went through when I lost my wallet, the subsequent discovery of REVENANT CYBER HACKER, the process they employed to retrieve my precious digital assets, and the lessons learned along the way. This is a story of hope, resilience, and the power of professional recovery services in restoring lost Bitcoin wallets. Ah, the sweet sound of good news. There I was, minding my own business on an average Tuesday morning, when I got a notification that would make any bitcoin enthusiast jump for joy. It was a message from none other than REVENANT CYBER HACKER, informing me that my long-lost bitcoin wallet had been found. And not just any bitcoin wallet, mind you, but one containing a whopping 132,000 units of the beloved cryptocurrency. Now, for those living under a rock or perhaps too preoccupied with the latest cat videos, let me give you a crash course in Bitcoin 101. Bitcoin is a digital currency that has taken the world by storm, captivating the minds of tech-savvy investors and casual enthusiasts alike. It operates on a decentralized network, meaning it doesn't answer to any central authority like a bank. Instead, it relies on blockchain technology, which adds a layer of security and transparency to every transaction. To own bitcoin, you need a wallet – a digital container where your precious coins reside. Think of it as a virtual piggy bank, except you don't need a hammer to break it open. Your wallet comes with a unique address, like a digital fingerprint, that allows you to send and receive bitcoin. Losing access to this wallet is as heart-wrenching as misplacing your favorite pair of socks. Trust me, it's not a pleasant feeling. My encounter with the disappearance of my Bitcoin wallet taught me a valuable lesson about the importance of implementing proper security measures. It's not enough to rely on luck or hope that your digital assets will remain safe. Taking proactive steps to protect your investments is crucial in the wild world of cryptocurrencies. From using strong and unique passwords to enabling two-factor authentication, every layer of security adds another brick to the fortress that safeguards your digital wealth. Trust me, you don't want to learn this lesson the hard way. It has changed my life to be able to retrieve my misplaced Bitcoin wallet thanks to REVENANT CYBER HACKER amazing services. It made me realize the worth of tenacity.

Website: revenantcyberhacker {DOT} org

Email: revenantcyberhacker {AT} Gmail {DOT} com

Telegram: revenantcyberhacker

WhatsApp: + 1 (208) 425-8584

WhatsApp: + 1 (913) 820-0739

My name is Sharron Maggie , and I’m a graduate of Stanford University. After finishing my degree, I faced immense challenges in finding a sustainable job that would allow me to pay off my student loans and live the life I desired. In my search for financial stability, I stumbled upon cryptocurrency trading, specifically Bitcoin. I invested hoping to turn my situation around, and I watched my assets soar to an impressive $500,000.

However, my journey took a dark turn when I received an email that appeared to be from my crypto exchange, prompting me to verify my account. I clicked the link and entered my information, only to realize minutes later that it was a phishing scam. In an instant, my account was drained of all its funds. Feeling desperate and devastated, I turned to a friend who had faced similar challenges, and he recommended Trust Geeks Hack Expert. Skeptical but with nothing to lose, I decided to contact them. From the first interaction, their team was incredibly responsive and professional, assuring me they had successfully handled cases like mine.

Trust Geeks Hack Expert immediately began securing my accounts and tracing the transactions. They worked with cybersecurity experts to freeze any fraudulent transfers and managed to recover a significant portion of my assets. Their expertise was impressive, and they took the time to educate me about the importance of strong, unique passwords and enabling two-factor authentication. What stood out to me was their holistic approach to the recovery process. Trust Geeks Hack Expert not only focused on retrieving my funds but also guided me in enhancing my online security to prevent future attacks. They taught me to recognize phishing scams and reinforced the need for robust security practices.

This experience was a harsh but valuable lesson in online security. It made me more vigilant about my digital presence and interactions. Thanks to Trust Geeks Hack Expert, I not only regained most of my assets but also acquired essential knowledge on protecting my investments moving forward. If you ever find yourself in a similar situation, I wholeheartedly recommend reaching out to Trust Geeks Hack Expert.

(CONTACT SERVICE )
E ma il ---> Trustgeekshackexpert [At] fast service . com
Tele gram ID ---> Trustgeekshackexpert
Web site ----> https :// trustgeekshackexpert. com/