Recruiters

comment by #4zA La Fica Napules - 🇮🇹🇺🇦 (U22472)
posted 1 hour, 2 minutes ago
I have degree in Inglish
----------------------------------------------------------------------
And speak it finer than most on here

comment by Irishred (U2539)
posted 23 seconds ago
comment by #4zA La Fica Napules - 🇮🇹🇺🇦 (U22472)
posted 1 hour, 2 minutes ago
I have degree in Inglish
----------------------------------------------------------------------
And speak it finer than most on here
----------------------------------------------------------------------
Thx man
That meens the wurld 2 me

comment by פlǝuƃɥᴉs (U19365)
posted 1 hour, 12 minutes ago
comment by Dwight K Schrute (U22590)
posted 1 hour, 34 minutes ago
comment by Boca Seniors (U19731)
posted 18 minutes ago
You saying you are working as a IT security which I have doubts about. Which skills do you need to do the job required. I know you will Google all the information but I want prove you are not lying. Can you hack a JA account of your biggest enemy on here? If not you are a facking despicable liar.
----------------------------------------------------------------------
Lol what a randomly aggressive post.

But to play your hypothetical situation out.

Firstly you would need to find some flaws in the web app that is ja606.co.uk, I won’t use buzz words because you’ll say it’s just googled.

But essentially you would find a way to access a directory, you’d identify the user list, we’ve all signed up with email etc

I doubt many have used burner accounts.

Once you had the email address first part of recom would ironically be to run it through Google, you’d be surprised how many hits your own email address would return because you’ve used it so frivolously.

The next part is then to tie that information down to a person. Once you’ve isolated and identified that person then it really depends what you want to do.

Could find all the forums, sites, social media they use and run some graphql scripts etc to find embarrassing information. You could track down their IP and do a variety of things.

You just could just brute force their email, log into ja606 and hit reset password and collect that link and reset the password with them locked out and start posting random drivel

Opportunities really are endless.

But we tend to focus on corporate threats not just messing with JA
----------------------------------------------------------------------
What a total pile of shiyte.

I stopped reading after "find a way to access a directory, you'd identify the user list"

How exactly are you going to identify the user list from some random directory you've somehow managed to access?

To my knowledge, no websites store their user lists as text files in random directories. For a start that would be a GDPR no no.

Websites tend to use a CMS (content management system) involving relational databases which are often on a separate server from the web app.
----------------------------------------------------------------------
This.

If you’re any good at what you do, a decent rule I think is to ask the recruiter if they’ll meet in person (and come to you) to give you the lowdown on their agency and contacts, and explain why you’d want to work with them. If they aren’t willing to do that, bin them off.

In the area I was in, most people who had been around a while already knew the top recruiters/agencies. Asking other (quality/respected/experienced) people you’re working with who they’ve worked with might be useful.

I was an estate agent in England and did everything honourably.

comment by פlǝuƃɥᴉs (U19365)
posted 5 hours, 41 minutes ago
comment by Dwight K Schrute (U22590)
posted 1 hour, 34 minutes ago
comment by Boca Seniors (U19731)
posted 18 minutes ago
You saying you are working as a IT security which I have doubts about. Which skills do you need to do the job required. I know you will Google all the information but I want prove you are not lying. Can you hack a JA account of your biggest enemy on here? If not you are a facking despicable liar.
----------------------------------------------------------------------
Lol what a randomly aggressive post.

But to play your hypothetical situation out.

Firstly you would need to find some flaws in the web app that is ja606.co.uk, I won’t use buzz words because you’ll say it’s just googled.

But essentially you would find a way to access a directory, you’d identify the user list, we’ve all signed up with email etc

I doubt many have used burner accounts.

Once you had the email address first part of recom would ironically be to run it through Google, you’d be surprised how many hits your own email address would return because you’ve used it so frivolously.

The next part is then to tie that information down to a person. Once you’ve isolated and identified that person then it really depends what you want to do.

Could find all the forums, sites, social media they use and run some graphql scripts etc to find embarrassing information. You could track down their IP and do a variety of things.

You just could just brute force their email, log into ja606 and hit reset password and collect that link and reset the password with them locked out and start posting random drivel

Opportunities really are endless.

But we tend to focus on corporate threats not just messing with JA
----------------------------------------------------------------------
What a total pile of shiyte.

I stopped reading after "find a way to access a directory, you'd identify the user list"

How exactly are you going to identify the user list from some random directory you've somehow managed to access?

To my knowledge, no websites store their user lists as text files in random directories. For a start that would be a GDPR no no.

Websites tend to use a CMS (content management system) involving relational databases which are often on a separate server from the web app.
----------------------------------------------------------------------
You’re assuming Ja606 is far more advanced than it is.

You’re assuming there is some level of plain text to hash system going into a database that is then recalled and unencrypted on use.

CMS? Not sure you even grasp what that is because it’s application in relation to storing usernames and passwords makes no sense.

If this application was being hosted in say AWS then I’d assume all log ins passwords etc would be held in a separate s3 bucket as server side storage. But it’s not.

It also wouldn’t be hard to query the log files to find events timed around your comments as the website is not “that” busy would be pretty easy to query those and find events specifically at the time you were posting.

I’ll also assume you’re not so paranoid as to be using a VPN so your IP would be easy.

GDPR? IP addresses are what’s considered ‘weak’ PII and JA can store those in log files for prescribed period provided they are regularly deleted (say 30 days) and they themselves can attribute them to you should you submit a forget me request.

I was one of the founders of GDPR.

comment by Culèr: Back Soon (U9489)
posted 35 minutes ago
I was one of the founders of GDPR.
----------------------------------------------------------------------
You were working for the European Commission or the UK DPA?

Legally unable to say

comment by Culèr: Back Soon (U9489)
posted 53 minutes ago
Legally unable to say
----------------------------------------------------------------------
There’s nothing preventing you telling anyone that you were working for the Office of the ICO or the European Commission.