Careercow Elon Reeve Musk - Tesla, SpaceX and Twitter owner + ex-paypal CEO. Manchild, sexual deviant, spergy autist with access to space travel

[izaNAmI]

The Kiwi's above make good points regarding Azure. To add my piece:

Granted every org operates differently, but the part that doesn't make sense to me is how a malicious actor could log into an account almost immediately after being created, and not get flagged as a "Risky User" and immediately disabled. I also find it hard to believe they wouldn't have some sort of policy to immediately reset password and force MFA after logging in for the first time, which would make it obvious the account was compromised. The things this whistle blower highlights could easily be explained by a combination of legitimate confidential tasks, and malicious actors probing domains. All standard occurrences in large organisations and government entities.

You can claim the government is full of lazy retards, but the glaring holes in cybersecurity would have been exploited by every malicious actor on the planet if it were really this bad. There's no way something like that would go unnoticed - no service provider would have the US government as a client and ignore these things.

 

['Ole Dente]

...bros how many fucking times are we going to see absolute retardation from this government and cope about it.

 

[neger psykolog]

The Kiwi's above make good points regarding Azure. To add my piece:​

Granted every org operates differently, but the part that doesn't make sense to me is how a malicious actor could log into an account almost immediately after being created, and not get flagged as a "Risky User" and immediately disabled. I also find it hard to believe they wouldn't have some sort of policy to immediately reset password and force MFA after logging in for the first time, which would make it obvious the account was compromised. The things this whistle blower highlights could easily be explained by a combination of legitimate confidential tasks, and malicious actors probing domains. All standard occurrences in large organisations and government entities.

You can claim the government is full of lazy retards, but the glaring holes in cybersecurity would have been exploited by every malicious actor on the planet if it were really this bad. There's no way something like that would go unnoticed - no service provider would have the US government as a client and ignore these things.

• The times you actually hear about people exploiting these holes are only incidents that get publicized.
• A lot more of them get caught but never publicized for various reasons.
• Even then the times infiltrations/hacks actually get caught are probably like 1-5% of the number of times they actually happen.

• Yes, the people in charge of this stuff are lazy retards and there are glaring cybersecurity issues almost everywhere.
• Post-Snowden a lot of stuff is done on airgapped systems or done with physical prints to avoid situations like this (although databases of private information on public citizens for the purpose of taxes etc isn't done this way)
• Key points for everyone to be aware of:
  • Top level infosec/hacking/cybersecurity personnel can easily get upwards of $500k-1m USD+ per year, it is an extremely in demand industry and very few people are qualified to do it at a high level.
    • Some people in this space go into doing illegal stuff because it pays heaps of money
  • You simply cannot create more experts in this field - university degrees and courses do not create more. There are of course certificates and degrees but they are essentially worthless when you compare to them to "actual hackers". Real hardcore niggas are generally "actual hackers" who turn it into a job.
    • There are a finite number of them ("actual hackers") and an infinite number of jobs/industries/governments that want them. Therefore there are lots of incompetent people who go into this line of work - simply because big companies/governments have to show they have someone working on it. That of course does not mean the person is high-level. There aren't enough high-level people available.
  • The public sector/government pays SWEET FUCK ALL compared to the private sector - therefore the people doing cybersecurity are generally not the best, can't get a job in the private sector because they're incompetent or if you're lucky are there for passion/patriotism.

So to prove a point here: let's say you're an actual cybersecurity/infosec expert. You can either apply for a job at Google or whatever company and you will almost automatically get at least $250k USD as a starting package (and much, much more than that if you're experienced and high level).

Do you take the private sector/Google/whatever company job? or do you apply for this?



I'm using the British government's NHS (National Health Service) as an example here but the same will apply to cybersecurity jobs - the government pays fuck all compared to the private sector. So yes the people doing computer security in the government are either so average they can't get jobs in the private sector or are just going to do the absolute bare minimum.

edit: US government jobs in the same field (from https://www.usajobs.gov)

 

[Slav Power]

Completely unrelated to the discussion, here's a list of all the recent login attempts to my Microsoft account. If you also have one, you can check them here.

 

[Flaming Dumpster]

I also find it hard to believe they wouldn't have some sort of policy to immediately reset password and force MFA after logging in for the first time,

Microsoft has recently pushed out a policy forcing MFA for admins in Azure regardless of Conditional Access policies, whitelisted IPs, etc. When you open up portal.azure.com now, you will be forced to MFA no matter what.

The lack of information from the whistleblower makes it impossible to figure out whether MFA was a factor though.

 

[neger psykolog]

Completely unrelated to the discussion, here's a list of all the recent login attempts to my Microsoft account. If you also have one, you can check them here.
View attachment 7244066

The real deal is to set up a new box/server on the internet with SSH or FTP port open and you'll eventually get like 20-30k login attempts per day (easily). It has been like that for years.

 

[Slav Power]

The real deal is to set up a new box/server on the internet with SSH or FTP port open and you'll eventually get like 20-30k login attempts per day (easily). It has been like that for years.

I have seen some fun stuff pop up in my router's log back when I didn't understand it fully and had it improperly configured. Even got occasional DNS hijacks to porn sites because I didn't knew what the fuck I was doing with a local DNS server and I ended up opening the damn thing up to the Internet. Thank God that was the worst thing that happened from that mishap, now I know how to keep it airtight.

People have no idea how hostile the Internet as a network is and how much beating your home router takes on the daily, assuming you're not behind a CGNAT.

 

[neger psykolog]

People have no idea how hostile the Internet as a network is and how much beating your home router takes on the daily, assuming you're not behind a CGNAT.

I think people even underestimate (or are just clueless) about how many glaring bugs, security holes and whatever else inhabits every single device they connect to their wifi as well as bugs and zero-days on their phones and everything else.

4chan is the perfect example - even though the website is what it is, people likely assumed it'd at least be relatively secure but instead it hadn't been updated at all in like an entire fucking decade. Now apply that mindset to literally every website and device that you use and you end up with the same result.

Once people really start to use AI* for hacking (and it has already slightly started, just not scaled up so far) we should expect to see some massive hacks happening - but then again if you follow hacking news you'll see the sheer number of companies that are hacked every single fucking day and how many massive private company databases are offered for sale all the time.

* when I mention AI it's not as a meme or it becoming sentient but rather that it can look through huge swaths of data that no single human being or even a team of humans can do efficiently or effectively. AI means someone can do all these test intrusions and other minor attacks and then sort through terabytes of data to find tangible targets and uncover things that hackers of the past 2-3 decades would've easily missed. It also means someone can set it up to rotate through millions of proxies/VPNs/accounts/passwords/ports/whatever, and when you start throwing shit at the wall at that kind of scale, a lot of more of it will start to stick than ever before.

 

[Pat's Pointer Finger]

Everyone saying it's a gayop like the top of government didn't invite a journalist into a GC 'by mistake' as if using the app in the first place wasn't the most retarded thing I've ever heard. I'd put 20k on half the chain of command being retarded enough to do this (bearing in mind journalists found email address' and scraped leaks to find passwords of current sitting heads of government. You think governments don't have the iq to google "leak database"? These mongoloids definitely share passwords too.

Normally, that wouldn't matter because of the system of separating personal and government data by both airgapping and encrypting anything remotely important.

We've now seen the government "clear on OPSEC". You really think zoomers wouldn't sell everything to Russia for 20k in Monkey NFT's? You think they aren't retarded enough to use regular windows 10 on their alienware RBG gamer laptops?

Why give benefit of the doubt ever again after that?

elon and crew are the type of people who think "clear on OPSEC" is a super cool thing to say. the reality is a lot of security work is really boring

 

[bindar dundat]

On top of that, the data DOGE exfiltrates from government organizations is done so towards unknown servers. So for all we know, confidential government data might've been directly sent out to US adversaries.

this reeks of a glow-op to further de-legitimize DOGE — while bonus: remind people of the Steele Dossier Russia Collusion hoax.

THE DANG HAXXOR RUSSIANS ARE USING LEGITIMATE LOGINS SOMEHOW GET OUR DATA OMG OMG OMG

Hi Kelly Nellie Ohr getting her ham license, or whatever…

Hi Uranium One backchannels

Hi Clinton Foundation.

Hey, wasn't Hillary Clinton… Secretary of State?

Doesn't the Secretary of State control USAID?

https://whistlebloweraid.org/dan-berulis-disclosure-cyber-security-breach-and-data-exfiltration-through-doge-systems-and-whistleblower-witness-intimidation/

Whistleblower Aid… what is that… oh, founded in 2017?

Wow, relatively new organization. And they use Bluesky instead of Twitter.



Claim to be non-partisan?

gimme a break d00d

there ain't nothin' in this burger

except a fear sandwich

involving some familiar global cabal hallmarks

edit: got Nellie Ohr's name wrong

friendly reminder: spouses can't testify against each other… hi Bruce Ohr!

 

[Troonos]

There was a whistleblower leak, with somebody from within the government coming forwards with detailing how the activity of DOGE has led to a significant cybersecurity leak. I have the full pdf file attached to this post, but needless to say... if these findings are true... the implications are terrifying. Let me give a quick abridged description of the document.

I'm getting fed up with this shit. These repeated embarrassments of incompetence are just making Trump's circle look retarded and may prevent a Republican win in 2026. They're getting so sloppy. This administration needs to stop playing fast and loose and get things done without violating the confidence of their own base. The DoD text message leaks were pathetic enough. Trump needs to work harder to prevent slip-ups like this, otherwise his successor might not get enough support because he's looking as demented as Joe. Get your shit together, Don.

 

[cringy cunt]

any thoughts on the claim from berulis that he's being stalked and threatened?

https://www.newsweek.com/doge-whistleblower-stalked-threatened-raising-alarm-2061087

I don't buy any "elon and doge are good for the country uwu" arguments, but I wonder if they really wanted to silence this guy wouldnt they just do it?

 

[Skylavijas]

Damn, I should make more politically inflammatory posts like this, just to annoy all the nerds smarter than me into borderline collaborating as a team into disseminating drop of notable new information or leaks they would be too lazy to analyze otherwise. These are some high-effort posts. It's a good thing people within the thread moved on from talking about Musk's bizarre sex life.

@neger psykolog @Flaming Dumpster @izaNAmI @Silent Seeth @inception_state @Tiggletown @T-2EW/H @General Emílio Médici

 

[JaneThough]

Slightly OT but has the general IQ in this thread and on this board gone down significantly since 4chan imploded or what?

 

[BinaricHate]

this reeks of a glow-op to further de-legitimize DOGE

musk is already doing a stellar job at that

 

[Slav Power]

Slightly OT but has the general IQ in this thread and on this board gone down significantly since 4chan imploded or what?

Nah I think it dropped below room temperature the moment AT rapefugees infested it and turned it into their circlejerk hugbox to be MATI at him instead of laughing at his baby momma shenanigans.

 

[TheTrollToll69]

Whole thing screams gay op to me. He has like 3 screenshots showing the same information from his Palo Alto NGFW but nothing from the DOGE user's blocked sign ins. Also: Why didn't he log into the Palo and view the session data from there? Those things do layer 7 inspection and have searchable flow data which could at least give some hints as to what passed through it, but there's nothing presented here.

If this is whistleblower is legit, we will probably know who it is very shortly. It is best practice to log whenever a user goes to the ACC or Monitoring tabs, which he did, so his activity would be logged as well. Additionally, this just seems like internet radiation associated with any public ip. I have seen these kind of requests daily, mostly coming from Russia and China. User cred attempts and ip scanning are the laziest but easiest to implement, so any Chinese or Russian entity usually just sets those up along with their more direct spearphising attempts.

 

[dongykung]

@dongykung thoughts?

obviously investigate who ever is in charge of cybers security because it sounds like gross negligence

Um would I rather give money to get lesbians high than to buy Elon ketamine? Yes.

sorry but trannies are part of the package lol

"he's a liar... but he's cucking the libs heh heh" is centrist brainrot

how dare you implied im a centrist lol

. $700k savings in the context of a $2t budget deficit would be 0.000035%.

its been barely a few months and thats just one example you even said it takes time?

If this is whistleblower is legit, we will probably know who it is very shortly.

cant they stay anonymous?

 

[JaneThough]

obviously investigate who ever is in charge of cybers security because it sounds like gross negligence


sorry but trannies are part of the package lol


how dare you implied im a centrist lol


its been barely a few months and thats just one example you even said it takes time?


cant they stay anonymous?

Ok id rather get trannies high than Musk. You disagree?

 

[dongykung]

Ok id rather get trannies high than Musk. You disagree?

if they overdose then we are on the same page