Legendary Stack Overflow Post About Incompetent Security Auditor Demanding Plaintext Passwords
Description
A screenshot of the famous Stack Overflow question titled 'Our security auditor is an idiot. How do I give him the information he wants?' with 2507 upvotes, asked 14 years 5 months ago, modified 4 years 2 months ago, and viewed 562k times. The question describes a security auditor who demanded within two weeks: a list of current usernames and plain-text passwords for all user accounts on all servers, a list of all password changes for the past six months in plain-text, a list of every file added to the server from remote devices in the past six months, the public and private keys of any SSH keys, and an email sent to him every time a user changes their password containing the plain text password. The right sidebar shows 'The Overflow' blog links and 'Featured on Meta' section. This is one of the most legendary posts in Stack Overflow history, showcasing a security auditor who fundamentally misunderstands security
Comments
9Comment deleted
The auditor's next request: 'Also, please print out the firewall rules and tape them to the front door for easy reference.'
social engineering in action Comment deleted
https://serverfault.com/questions/293217/our-security-auditor-is-an-idiot-how-do-i-give-him-the-information-he-wants Comment deleted
Absolute cinema email thread Comment deleted
Serve him a public page with all requested info for readability and comfort) Comment deleted
Brother I hope you don't take this as an insult but you kinda look like a white snoop dogg Comment deleted
"No information will be provided. In light of this, I believe I have passed your social engineering audit". Comment deleted
- Nice try, leatherman Comment deleted
If a security auditor asked me for these details I would assume he's a scammer trying to phish account details from me. I wojldn't even reply, I'd show it to my boss, haha Comment deleted