My first thought was red team. Anyone that is capable of complying to the request is in breach. Ctrl-F "red team" found nothing.
But then I read the answers and apparently a couple of them had the same idea.
Not sure why it's not the most upvoted option, it seems like the only one that is is not self refuting, as the sincere version of those hypothetical businesses would starve from terminal stupidity... Perhaps my reasoning is wrong?
This is hilarious. Unfortunately not entirely fake. I myself had an totally unqualified idiot to do a security audit on a TLS implementation. He probably came from web security audits and insisted to get mime checks for the private and public keys. Ha! These keys where files on disc.
I told him he was wrong. Management was helpful to bypass the idiotic parts.
My first thought was red team. Anyone that is capable of complying to the request is in breach. Ctrl-F "red team" found nothing.
But then I read the answers and apparently a couple of them had the same idea.
Not sure why it's not the most upvoted option, it seems like the only one that is is not self refuting, as the sincere version of those hypothetical businesses would starve from terminal stupidity... Perhaps my reasoning is wrong?
Is this real? Some auditor is asking for everyone’s raw passwords?
As outlandish as it sounds, I don't have a reason to doubt the validity of this claim.
On a tangent, I wish I had appended (2011) to it.
I have seen this in a banking scenario. I later changed my password to an insult and for sure he knew that too!
This is hilarious. Unfortunately not entirely fake. I myself had an totally unqualified idiot to do a security audit on a TLS implementation. He probably came from web security audits and insisted to get mime checks for the private and public keys. Ha! These keys where files on disc.
I told him he was wrong. Management was helpful to bypass the idiotic parts.