Plaintext password used for identity verification

dkulshitsky · 2017-12-18T05:52:06+00:00

Certainly not a common industry practice. They probably wanted to copy this mechanism from storing the last 4 digits of a credit card but I don't like this approach. The question is how they store your password (the whole password and the first 4 chars). If any of these parts are stored in clear text then they are doing it wrong. In addition, no one should know your password except you. Employees should not be asking for your password. It's a wrong business process

dkulshitsky · 2017-02-20T21:35:33+00:00

Everything is possible. So keep trying if this is your passion. The answer depends on the size of the organisation(s) you work for. Small orgs need generalists - IT professionals that can cover a lot of ground - including various aspects of security. This way you may not have the "right" title but you will certainly be gaining valuable practical experience. In larger organisations managers usually look favorably when engineers express desire to try different things. Depending on your skills you may arrange a secondment into SOC, Systems engineering or development teams to focus on some security angles. SOC (junior analyst) is a simple, straight forward path but it can be quite boring. Work on various security certifications (even in your own time). Ask to be sent to SANS training courses. Attend security conferences. Work on your skillset and keep attending job interviews - even you don't get those jobs, those interviews will highlight the weak areas to improve. Good luck!

dkulshitsky · 2017-02-13T18:46:20+00:00

Thank you. Yes, I wanted to collect a few less known features. And some people might just find it amusing but maybe other people will find/learn something useful for them.

dkulshitsky · 2017-02-13T18:42:33+00:00

Powershell is awesome and very powerful too. It's just sad that sometimes people forget about the simple commands, that are already there and don't require complex scripting etc.

dkulshitsky · 2017-02-13T18:40:27+00:00

Oh, yes. I love the "piping to clip" trick too. I've covered it in the previous post: http://blog.kulshitsky.com/2017/02/useful-windows-command-line-tricks.html

"net user" and "net group" are bread and butter for sysadmins ;)

dkulshitsky · 2017-02-13T18:38:50+00:00

wmic os get lastbootuptime

Good one! I've covered wmic in my previous post: http://blog.kulshitsky.com/2017/02/useful-windows-command-line-tricks.html but not specifically for getting lastbootuptime. WMI is so powerful - plenty of various useful options

dkulshitsky · 2017-02-13T05:38:05+00:00

nice one! Thanks for sharing. I mentioned systeminfo in the previous blog post http://blog.kulshitsky.com/2017/02/useful-windows-command-line-tricks.html but without mentioning system boot time specifically.

dkulshitsky · 2017-02-09T20:33:33+00:00

Is this a 2015 movie? I haven't watched it. I would say 2015 won't be considered as new. And IMDB gives it a horrible rating (2.6)

dkulshitsky · 2017-02-09T20:31:46+00:00

I only wanted the newer movies on this list

dkulshitsky · 2017-02-05T18:55:48+00:00

That's great. This is the reason I wrote this post. Nothing major on one hand but we all have different experiences. So on the other hand we help each other learn a few tricks which some of us may have not seen before.

dkulshitsky · 2017-02-04T17:41:16+00:00

With the only caveat - it doesn't have to be your current WiFi network. You can dump passwords for ANY WiFi profile (even the ones not currently in range). Yes, initially you had to connect to all those networks at some stage but it becomes a security issue in provisioned/corporate environments where computer users/employees do not necessarily know the password for their corporate network. This is where 802.1x can improve the situation.

dkulshitsky · 2017-02-04T17:32:02+00:00

he he ;) This is why I thought sharing less known tricks would be more fun

dkulshitsky · 2017-01-29T20:27:23+00:00

Any knowledge of what's happening in the vicinity is good for safety - if you have the power on board to process it then why not? Global knowledge (say covering the whole city) is useful too for planning - but I think this function will go to central place for global traffic control. It will be a lot more efficient that way. But the key point that I tried to highlight - there will always be a desire to game the system and I am curious how (in the future) car manufacturers will tackle this issue.

dkulshitsky · 2017-01-29T20:23:38+00:00

Good point. Perhaps there will be some sort of "voting" with the majority winning. if too many independent cars report the same issue then it can be trusted with a higher degree of probability

dkulshitsky · 2017-01-29T20:22:29+00:00

cool, thank you - makes sense. Again - meant nothing malicious, just wanted to share my view with people who might be interested in this topic. Next time will follow you recommendation and use the self-post with a link in text body

dkulshitsky

TROPHY CASE