> [Opexus] said that “the individuals responsible for hiring the twins are no longer employed by Opexus.”<p>I was half-expecting to read next the classic Monty Python line: "Those responsible for sacking the people who have just been sacked, have been sacked."<p>Jokes aside, stuff like this sucks because I suspect many employers will take from it the most extreme, dehumanizing lessons, e.g.: (a) make firings more abrupt, (b) never give second chances to anyone with any sort of criminal record (even say decades old marijuana posession or something).<p>I'd prefer a more balanced version: limit unilateral access to sensitive systems in general (not just of recently-fired employees), when someone is fired immediately shut off particularly sensitive credentials if they do exist (but not their general-purpose login/email account), avoid hiring people convicted of wire fraud as sysadmins.
> At 4:58 pm, he wiped out a Department of Homeland Security database using the command “DROP DATABASE dhsproddb.”<p>This article is hilarious. The two bickering brothers remind me of the guys in the Oceans movies played by Casey Affleck and Scott Caan. It’s amazing they got this close to sensitive data.
Those two in the movies were always a highlight for me, especially when the one joins the other in the Mexican factory riot.
I think its them on video: <a href="https://youtu.be/Rx19zOzQeis" rel="nofollow">https://youtu.be/Rx19zOzQeis</a>
Nice handwritings, though.
No back ups? Skill issue.
I have no problem with my credentials being revoked everywhere before I know about a layoff. I don't really care how I learn about it, just please don't make me come in to the office.
> <i>just please don't make me come in to the office.</i><p>But how do you pick up the stuff from your desk? I once lost a nice pair of headphones this way.
So this was why the FBI Director Kash Patel was in a panic when he couldn't log in one day. Revoking credentials before firing someone makes a lot of sense in security.
Professionally, he spells his name thusly: FBI Director Ka$h Patel, so you know he’s serious.
no, becaus the simple and pragmatic solution for ANYONE who is subject to arbitrary termination, is to litter everything they build with caltrops and dead man triggers
and then hint that they will go into "consulting" when fired.<p>I know of one case where this was totaly unintentional, and a machinest at a local pulp and paper plant had self delegated to
write the software that controlled tension
on the giant machines in the mill, but as it was his only real forey into sofware, nobody else could operate it, and they fired him after a manegment reshuffle, and then after the next scheduled shut down, nothing worked right, greasy dusty ancient screen with a blinking cursor was what they had, plugged into the important bits of a half sqare mile plant.
still funny to think about!
Or if you don't want to booby trap your code, buy one of those tiny devices that make a cricket noise randomly every 5-15 minutes, and hide it somewhere in the restroom.<p><a href="https://annoyingpcb.com/" rel="nofollow">https://annoyingpcb.com/</a>
These are too obvious - 5-15 minutes gives your victim way too many opportunities to narrow down the location.<p>What you really need is one that chirps once every (multiple of) 20-28 hours (with weighting towards 23-25 to keep it roughly around the time you set it going and an infrequent skipping of a day.) Also with different volumes and, ideally, different chirps. Occasionally a double chirp just for extra insanity causing.<p>(A Michael Jackson "hee heee" would be another good option.)
That is some top notch wrongthink… HN does NOT find it funny!
[flagged]
It’s crazy that people are desperate for jobs and these clowns get hired.
> Muneeb Akhter asked Sohaib Akhter for the plaintext password of an individual who submitted a complaint to the Equal Employment Opportunity Commission’s Public Portal, which was maintained by the Akhters’ employer. Sohaib Akhter conducted a database query on the EEOC database and then provided the password to Muneeb Akhter.<p>WTF?
> On Feb. 1, 2025, Muneeb Akhter asked Sohaib Akhter for the plaintext password of an individual who submitted a complaint to the Equal Employment Opportunity Commission’s Public Portal, which was maintained by the Akhters’ employer. Sohaib Akhter conducted a database query on the EEOC database and then provided the password to Muneeb Akhter. That password was subsequently used to access that individual’s email account without authorization.<p>It should be a federal crime with prison time to make a DB for a federal agency and not hash and salt passwords or other auth credentials.
How on earth did someone previously convicted of what sounds like hacking get job access to so many prod government databases? Wild that it took them so long to get caught.
I had the same questions. Apparently discovery of the prior conviction is what lead to them being fired:<p>> When the company discovered Sohaib Akhter’s felony conviction, it terminated both brothers’ employment during an online remote meeting on Feb. 18, 2025<p>from <a href="https://www.justice.gov/opa/pr/federal-jury-convicts-virgina-man-charges-relating-deletion-us-government-databases" rel="nofollow">https://www.justice.gov/opa/pr/federal-jury-convicts-virgina...</a> which is a better source on this.<p>That prompts the question of why background checks are so lax that they were hired before this was discovered.
The company involved here is apparently based in Washington, DC, which has a "Ban the Box" ordinance that limits employment background checks for most kinds of jobs. And apparently DC's version of the law is particularly strict.
And I recently couldn't get a job through a federal contractor for a federal position (requiring NO security clearance) because they didn't like something on my credit report.
[dead]
so, apparently, the passwords were stored in cleartext.
Remind me of a forum a long time ago that sent me my password in clear when I used the "forgot password" link.<p>When I advised them that it was a bad idea to store password in clear, they answered that they keep it in clear so that they can send it when someone forget.<p>Defeated by such argument, I deleted my account.
In my free time, I help maintain the web presence for a small non-profit org with memberships. The original system when I started helping was a bespoke system that was smart in many ways (essentially a static site generator with membership control years before SSGs were cool, with regular automated tests), but the guy who wrote it absolutely insisted on storing passwords in plaintext and could not be convinced otherwise. Eventually he had to drop the volunteer position due to other things in life, and the first thing we did was correct this issue.
There was a screenshot of some website floating around a few years ago, where if you entered the correct password but a wrong username, it would helpfully tell you <i>which user the password is really for.</i>
Gnu Mailman still does this, and sends a monthly reminder email of your password.
I've got a better one. I once had the same argument mentioned to me by my manager at the time when I pointed out that passwords were being stored in clear text. That it needs to be this way so that it is read/sent when the users forget their passwords(which happened a lot). I tried to explain that typically a "reset password" flow is used for that but that fell on deaf ears. That system contained healthcare data.<p>Something bad did end up happening due to that lax security and there were oh so many meetings about it.
> Something bad did end up happening due to that lax security and there were oh so many meetings about it.<p>This is the sort of thing that makes me want to check out of the whole circus. Here I am, telling you ahead of time, and you ignored me<p>So how there's a circus that we could have avoided and not only do I get zero recognition for identifying the threat ahead of time, the people who ignored me keep their jobs and turn it into a zoo where everyone is scrambling in endless meetings<p>And I've seen it play out a few times. After a point, why bother...
Greetings, Bioconductor