<rant>
I work as a Software Engineer at a pretty large consulting company in the city where I live.
I have known all along that this company doesn't bother about security much, and all my previous warnings about how dangerous it is to handle it so carelessly, have been completely pointless.
Yesterday I decided to prove a point by breaking into our "high security wireless network" (they call it that since we are using the best encryption available).
The problem with the "high security wireless network" is that the router has WPS available (Something I have pointed out a number of times).
So I setup a WiFI antenna in my office, and fired up wash to see if the router shows as a potential target, which it did.
I then started reaver and targeted the SSID, and then just sat back and watch.
It took less than 4 hours to bruteforce the WPS PIN and get the oh so long and uncrackable password that we have.
I sent all this to the person in charge, just to get a response that "We will fix this eventually" (which is the same as "we won't fix this" in this company).
It angers me that I have absolutely no power to fix this, and no one seems to listen to my warnings.
I even suggested that I act as a "real" attacker from the outside, and tried to deal some real damage (this suggestion earned me a warning from my boss).
My dream job is to work for a real IT security company, but they are usually small around here and hard to get employed at, so I guess I will just have to live with this for a while, and continue trying to find another more suitable job for me.
</rant>
Company IT security
Company IT security
"The best place to hide a tree, is in a forest"
Re: Company IT security
Did you apply for EC3?
Re: Company IT security
Yup ... only law enforcement accepted -.-ph0bYx wrote:Did you apply for EC3?
So I'm back on square one.
"The best place to hide a tree, is in a forest"
Re: Company IT security
Damn. Maybe try some part time IT security work? Something like a private IT detective or such Gain experience
Re: Company IT security
Yeah, actually recently applied to something similarph0bYx wrote:Damn. Maybe try some part time IT security work? Something like a private IT detective or such Gain experience
They wanted my CV, so I have sent it to them.
We'll see where that takes me
"The best place to hide a tree, is in a forest"
Re: Company IT security
Or start your own IT/Sec business
You would have a pretty solid team if you needed it.
Mabs
You would have a pretty solid team if you needed it.
Mabs
Re: Company IT security
too much bureaucracy for a business imo. But I've always dreamed of having an IT security group much like the Lightman Group from the show Lie To Me
- bad_brain
- Site Owner
- Posts: 11636
- Joined: 06 Apr 2005, 16:00
- 19
- Location: In your eye floaters.
- Contact:
Re: Company IT security
@cats
for them it's some kind of "time waste thing geeks do"...they don't even see the potential risks for their company behind that and how someone with financial interests ( a competitor) could make use of that. business is war, and most companies are poland.
@ph0
too much bureaucracy? actually not really. of course depends with who you work together with and how trustworthy you are labeled by new customers.
my business is, besides the computers and servers, pretty much this:
and this is not even a joke.
for them it's some kind of "time waste thing geeks do"...they don't even see the potential risks for their company behind that and how someone with financial interests ( a competitor) could make use of that. business is war, and most companies are poland.
@ph0
too much bureaucracy? actually not really. of course depends with who you work together with and how trustworthy you are labeled by new customers.
my business is, besides the computers and servers, pretty much this:
and this is not even a joke.
Re: Company IT security
Not really bureaucracy, but paper work was the word I was looking for. Managing your own company is more economy, organization, networking, damage control etc. than actually doing the work..
- bad_brain
- Site Owner
- Posts: 11636
- Joined: 06 Apr 2005, 16:00
- 19
- Location: In your eye floaters.
- Contact:
Re: Company IT security
ok, that's true. I spend at least 30% of the time with maintenance work like keeping the servers running properly or preparing for customers messing up their sites (doing backups).