« BackOur security auditor is an idiot. How do I give him the information he wants?serverfault.comSubmitted by gurjeet 16 hours ago
  • rurban 12 hours ago

    This is hilarious. Unfortunately not entirely fake. I myself had an totally unqualified idiot to do a security audit on a TLS implementation. He probably came from web security audits and insisted to get mime checks for the private and public keys. Ha! These keys where files on disc.

    I told him he was wrong. Management was helpful to bypass the idiotic parts.

    • SilverElfin 16 hours ago

      Is this real? Some auditor is asking for everyone’s raw passwords?

      • ddtaylor 10 hours ago

        I have seen this in a banking scenario. I later changed my password to an insult and for sure he knew that too!

        • gurjeet 13 hours ago

          As outlandish as it sounds, I don't have a reason to doubt the validity of this claim.

          On a tangent, I wish I had appended (2011) to it.