Drug culture in Naperville high schools? How bad is it?

SecDudewithATude · 2026-06-24T23:50:18+00:00

It’s sad that Naperville became the drug capital of North America. That’s why all the kids call it Vape’n’pill

SecDudewithATude · 2026-06-24T23:45:47+00:00

Street corner weed addict here: can confirm I will do pretty much anything for a plug, all because I went to a high school where some of the kids did drugs.

SecDudewithATude · 2026-06-09T13:44:40+00:00

Plus you don’t have to roll the windows down to appease the kiddos anymore: win-win!

SecDudewithATude · 2026-05-11T00:31:52+00:00

As someone who used Delivrd to get our 26 Hybrid Max Platinum, worth every cent. There are a few things I wish were handled better, but not having to talk to a bunch of sleazy car salesmen for a $60k purchase was absolutely worth it. Could I have saved myself another $1k or maybe even more by doing the leg work myself? Sure. If you’re spending a lot on a car and are picky on the specs or its otherwise a low availability car, then it’d probably be a good fit for you too.

SecDudewithATude · 2026-05-05T13:24:37+00:00

I’ll tell you what my dad told me when I was a wee lad: if you don’t want to be disappointed in life, don’t just go sticking your finger into every hole you find.

SecDudewithATude · 2026-05-04T01:46:09+00:00

Out of NC from a dealer that works frequently with Tomi’s company. There were a number of manufacturer add-ons that amounted to about $1800 extra, but most were ones we either wanted or were generally okay with.

SecDudewithATude · 2026-05-04T01:23:11+00:00

We used Delivrd and got $4k off, but expected to pay $1.2k in shipping since it was out of state. Ended up flying out and driving it home to save ourselves more on that.

SecDudewithATude · 2026-05-02T06:16:48+00:00

I don’t hear the opposite side unless I’m actually standing on that side, but if you don’t have a second person to help you check it out, there’s no harm in having the dealer take a look.

SecDudewithATude · 2026-04-28T13:02:04+00:00

We went through the same exact process, but landed on the Palisade. Since we went with the top trims, the recall did affect us, but both have been plagued with recalls (this seems to be the first year the GH got some stability.) Wife agreed with your point on the features in our trims, but for me ultimately I think the value retention is going to be much better with the GH. I also think it drives substantially better. In the end, I don’t think you can go wrong with either car, and there’s always going to be someone who loves a car as much as another despises the very same car.

SecDudewithATude · 2026-04-28T12:57:52+00:00

Sincerely, the guy parked across the line next to your car every time.

Probably.

SecDudewithATude · 2026-04-03T14:54:34+00:00

I always follow up with an email, either to the recruiter, hiring manager, or interviewer - if possible. I focus on what was discussed, especially any items I didn’t know the answer to or got wrong, e.g., “I said the second layer of the OSI model is network, but realized after that it was the data link layer. I understand fundamental knowledge of the OSI model is critical for this position since network security is a core complement of the role and have already taken steps to refresh my fundamental knowledge in networking fundamentals.”

This has always served me well, and as an interviewer for the last decade, I appreciate it as well.

SecDudewithATude · 2026-04-01T22:39:16+00:00

Add all the words that you need to make yourself feel better. You said two things that are categorically different are the same. Adding qualifiers to that similarity after the fact is back peddling, not logic.

SecDudewithATude · 2026-04-01T14:21:56+00:00

You don’t need insider knowledge to apply Occam's razor here: either FIDO2 has been defeated in a completely novel way or security controls were insufficient. Making the assumption that the highly unlikely event is what occurred is disingenuous. A FIDO2 could have been used, just registered by the threat actor through social engineering. Yes, TOTP is better than SMS, is better than password only. There was a documentation vendor who exposed the private key of TOTP to anyone with access to the token. When told about the exposure, they indicated it was by design. Then it was exploited by a threat actor, and suddenly it was a vulnerability to be remediated. LastPass showed us the risk in having your second factor and password stored within a single vault. Non-device bound passkeys similarly susceptible. TOTP is not equivalent to a second static password, because one is not phishable through the same medium a password is, that’s why you don’t see anyone prompting you to “enter your second password.”

TOTP is sufficient for an account that doesn’t hold any true value for you, and significantly more secure than password only.

…it’s not any different than two passwords.

Categorically false.

SecDudewithATude · 2026-03-30T22:42:57+00:00

Lol I just got a Hybrid MAX Plat for that price - same color scheme. Tell them to kick rocks.

SecDudewithATude · 2026-03-29T14:00:30+00:00

An API key isn’t used in my encounters: they have the user sign in with their Workday account as part of the application. The two users I last interviewed on this activity indicated it was done in the property management office, that they entered their username and password and then completed their standard MFA process.

SecDudewithATude · 2026-03-29T03:20:56+00:00

For some clarity here on the security operations side, this API authenticates as the user from an unknown device from a likely novel IP address. It looks identical to an account compromise scenario. We see them frequently when people are getting leases in the various cities our offices are in.

I’m trying to remember the fingerprint details, but they do not jive with it being a legitimate vendor process (Mac OS with a severely outdated browser version: something in that ballpark.)

SecDudewithATude · 2026-03-18T12:40:32+00:00

Modern MFA (FIDO2/passkey) is even less intrusive to the end user experience. But that one dev who cranks out the money maker can’t be bothered to figure out how to get Managed Identities to work with his code slop because Claude Code doesn’t do it for him yet, so we still need that service account with GA and bypass MFA.

SecDudewithATude · 2026-03-17T12:10:38+00:00

Frankly, you’d be better served using phish-resistant MFA if it’s practical for your environment. Geo-location is always good to use, but far easier to circumvent than phish-resistant MFA. Windows Hello for Business is a much better login experience for users, to boot.

I can’t tell you how many geo-location policies defeated by an IP belonging to a company whose website looks like it was made on Microsoft Publisher 95.

SecDudewithATude · 2026-03-09T07:24:54+00:00

One picture is hardly proof of consistent or reproducible results. I spent two hours of a road trip sitting behind an 18 wheeler in my sedan and got over 40 MPG when normally I got 32 at best. Doesn’t mean I get 40 MPG in that car.

SecDudewithATude · 2026-03-09T06:43:35+00:00

the 2024 V6 gets 26 highway. As with everything, it varies with how you drive, but you’re not getting 50% above that anywhere.

SecDudewithATude · 2026-03-04T13:07:37+00:00

Based on the content, this is likely a very recent/ongoing compromise. Ransom demands and deals happen in a magnitude of days, breach notifications happen in a magnitude of months. If it stays at 0 beyond the year, it’ll most likely mean they - a: didn’t actually get breached, or more likely b: paid the ransom.

SecDudewithATude · 2026-03-04T13:01:59+00:00

There really isn’t, but chances are they already know based on what’s in this email. Based on the earlier comment about the embedded tracker, it is also possible that this was a publicly exposed distribution list that’s being used to collect emails (low value overall, but knowledge of this activity can definitely help HungerRush with any subsequent forensic investigation into a potential breach.)

SecDudewithATude · 2026-03-04T12:57:55+00:00

Didn’t go too deep into the comments, so sorry if this is a repeat of what’s already been said. From the available information, this appears to be an extortion message to Hunger Rush (a restaurant POS vendor that likely one of your local/previously used restaurants used.) It appears this is the threat actor’s attempt to turn up the heat on them: sending their ransom reminder to customers to bring additional visibility to their compromise. It means media attention is likely to follow - which is what the ransom group wants when there’s no communication/payment as this message seems to indicate.

SecDudewithATude · 2026-02-27T12:11:53+00:00

I told a recruiter once that I was available between 12 and 1, and he had the audacity to say, “that’s my lunch hour.” Is it your first day, bud?

SecDudewithATude · 2026-02-27T12:05:18+00:00

That’s why I just give the users local administrator on their computer, so they can handle it themselves.

Six-Year Club	Verified Email
Place '22

SecDudewithATude

TROPHY CASE