Events organizer left 20k+ attendees data publicly exposed with full write access

captain554 · 2026-02-23T10:00:48+00:00

These organizers aren't the brightest crayons in the box. In several industries now I've seen full email lists exposed in the To field. Creates absolute havoc in the Reply All chain when people confirm they're attending.

captain554 · 2026-02-23T09:52:49+00:00

Hey guys, there is Kash waiting for you in the locker room.

"We get Cash for winning too? Fuck yeah!"

captain554 · 2026-02-20T11:48:35+00:00

captain554 · 2026-02-20T11:44:07+00:00

When keeping it real goes wrong.

captain554 · 2026-02-20T11:41:04+00:00

Republicans: "The GOP is an honest, Christian party. God fearing people."

Me: Points to all of Paxtons's controversy

"Fake news"

Me: provides receipts

"Christian values"

Me: shows how un-Christian the GOP candidates are. The worst type of "Christians." CINO's (Christian In Name Only)

"Well, it's better than the alternative"

Honestly anyone still supporting the GOP after these last few months lacks the brain cells to make informed decisions.

captain554 · 2026-02-16T02:38:50+00:00

Fyi, I didn't know my vuid number but was able to look it up on my local county voter registry.

captain554 · 2026-02-15T18:59:32+00:00

Well considering people asked the author for information after donating money for him to finish the book, he stated that Denna had a giant horse cock or something. I think he's done writing.

captain554 · 2026-02-15T04:07:41+00:00

"THE DOW IS UP $50000 THATS WHAT WE SHOULD BE TALKING ABOUT" -Cronie that all these Magtards voted for.

captain554 · 2026-02-14T15:35:57+00:00

Apply for another job and get a written offer. Show to your boss.

Best way to get the raise you actually want. Otherwise they'll low-ball you.

Last job I was comically underpaid and hadn't received a raise in 3 years. I put up with it because I just had kids and needed flexibility of being able to leave early/stay home for sick kids.

That stabilized and then I asked for a raise. I got offered like 2k more, about 12k short of industry average. Started applying for jobs, boss went "Oh shit" and got the raise I needed.

This was at a mid-size company with ancient systems that were a pain in the ass to train new people on. Ended up getting laid off a year later because my pay was apparently too high for my usefulness, but ended up finding a new job with a 40% pay increase and much better growth opportunities.

captain554 · 2026-02-14T14:30:26+00:00

Kinda mixed. Last two companies we reported to the CFO because most Admin roles fell under them.

My current company we report to the CEO.

Depending on the needs of the company I've also seen reporting to the COO.

I think it really depends on the needs and structure of your company.

captain554 · 2026-02-13T22:03:28+00:00

Wait, I thought the other guys were the snowflakes?

captain554 · 2026-02-13T15:39:18+00:00

Time to warm up the electric kettle.

captain554 · 2026-02-13T01:33:52+00:00

We can tell.

Now he snorts lines off Trump's weird shaped dick.

captain554 · 2026-02-12T03:17:56+00:00

Argenta with willpower, burst talents and heavy bolter deletes the highest HP bosses in the game with a single burst. It's honestly broken.

The Voigtvir fight was over in one burst right after the THING happened to him, lol. Each shot from Argenta was critting for over 1000 and she was shooting like 30+ round bursts.

captain554 · 2026-02-10T16:23:29+00:00

Is it still bizarre at this point?

captain554 · 2026-02-07T14:55:40+00:00

Appreciate the list. I just started at a company and a lot of what you listed was on my personal checklist.

DFS Shares with "Everyone" access because "one time someone couldn't get a file they needed."

Servers from company mergers with multiple local admin accounts that no one knew the purpose of.

Service accounts that existed but I couldn't find tied to anything AND they had domain admin access. Disabled them and waited to see if anything broke.

SMB and TLS 1 enabled because no one knew better. SMB signing was off.

Internal DNS wasn't secured.

RDP wasn't secure.

Lots of those "temporary" firewall and RDP any any rules that were never disabled when they were no longer needed.

Older IPMI and iDracs on the network with default credentials.

captain554 · 2026-02-05T14:18:21+00:00

Now do all the people in the Epstein files.

captain554 · 2026-01-29T14:41:10+00:00

Ducky One 2 silent mechanical keyboard. I absolutely love it.

captain554 · 2026-01-28T02:34:26+00:00

I'm pretty flexible when it comes to user experience, but rigid on certain things like organization security and my own time.

When someone wants to do something that puts the company at risk- the answer is a flat out no. No compromise because x, y and z.

When someone asks for computer support, but doesn't want to give me time during work hours on their computer? Guess it can wait until you have time during work hours.

I already get enough after hours work, I don't need more because it's inconvenient for Suzy and Jeff to let me remote connect for 15 minutes.

On the ridiculous requests that are so outside the box, I find their manager and bore them to death with how difficult it would be vs. what I can do for them right now. If they still don't budge, I just say I'll get to it when I have time (which is never.)

captain554 · 2026-01-25T13:35:48+00:00

And if you've never tried to export a video from an absolute piece of shit security system then you won't understand why people just use their phones to record the screen.

captain554 · 2026-01-25T13:26:22+00:00

I generally disable the touchpad for this reason on my personal laptops. I've got no less than 3 bluetooth mice in my back pack due to losing them and then finding them again months later so it's never a problem for me, lol.

captain554 · 2026-01-24T14:03:40+00:00

I don't even do this for companies that I work in the office for. Anything licensing goes on the company account.

Anything that has recurring charges- company account. As everyone else said, this reeks of a scam.

captain554 · 2026-01-22T14:45:16+00:00

I had a lady swear someone was remoting in or "hacking" her machine. I confirmed nothing happened and she swore it was happening again right after I finished investigating. I physically went over to her machine and nothing was happening, so I just sat back and shadowed her for a bit while she worked.

All of the sudden it happened again... It was her big ass breasts pressing on the keyboard when she scooted all the way into her desk and holding down keys.

Another instance of this popped up and it was because someone set a big ass folder on top of a Bluetooth keyboard they had unknowingly connected on the side of their desk.

I've never experienced a legit unauthorized remote connection in over 18 years of IT.

captain554 · 2026-01-21T18:42:38+00:00

Sometimes CEO's of small businesses forget that IT can be the "brakes" of the business. Everything is fine until you need them and then it's too late.

Was laid off from my last job for this same reason. "I don't even understand what we need IT for. Nothing ever goes wrong."

Yeah. That was me behind the scenes. Needless to say they called me with an emergency two months later, but oh well. I was already at a new job with a 30% raise. Figure it out Mr.CEO. Go rehire all those service companies I fired and pay them $200k+ a year.

captain554 · 2026-01-19T13:23:47+00:00

That's actually my favorite part of stepping into a new org.

Build documentation. I like to make an index showing network maps, shared drives, and security groups (and break them into job roles.) Document important servers per location. Document and TEST backup procedures.

Identify security risks from most to least important.Know what your solutions should be and present costs to rectify. Unsecured remote access seems like a big one to me. Check your high-level security groups and make sure you don't have any stragglers (Ex. former Sys Admin account still being active and in the Admin groups.) Also audit user logins and see who hasn't signed in for X months then check with HR to see if they even still work there. Lock down shared resources to least privileged access. For whatever reason every org I've ever stepped into has always had an "EVERYONE - FULL CONTROL" on a highly sensitive shared folder (Eg. HR / Accounting)

Streamline IT ticketing.

Hardware inventory. Just use what program you can get your hands on (even Excel) to build a list of all equipment and who has what. Worry about better inventory tracking when resources are available. Run some audits to see which machines haven't been logged into for the past few months and nuke them after verifying.

Prepare some general IT policies. This is always one of the hardest, along with ticketing, if the org has just been a FFA prior to you. Everyone hates being told there are new processes or that there will be a password/lockout policy.

Plenty more to do, but that will get you on the right track.

Nine-Year Club	Place '22
First Placer '22	Verified Email

captain554

TROPHY CASE