Our security auditor is an idiot. How do I give him the information he wants?(serverfault.com)
6 pointsby gurjeet7 hours ago2 comments
  • rurban3 hours ago
    This is hilarious. Unfortunately not entirely fake. I myself had an totally unqualified idiot to do a security audit on a TLS implementation. He probably came from web security audits and insisted to get mime checks for the private and public keys. Ha! These keys where files on disc.

    I told him he was wrong. Management was helpful to bypass the idiotic parts.

  • SilverElfin7 hours ago
    Is this real? Some auditor is asking for everyone’s raw passwords?
    • ddtayloran hour ago
      I have seen this in a banking scenario. I later changed my password to an insult and for sure he knew that too!
    • gurjeet4 hours ago
      As outlandish as it sounds, I don't have a reason to doubt the validity of this claim.

      On a tangent, I wish I had appended (2011) to it.