KeysightCare; you now need a paid subscription to ask simple questions?

[Cerebus]

I should have asked earlier today, when reporting what appeared to be clearly unintentional data exposure of other assets to my account, if I needed a Keysight Care subscription to let them know about a potentially major problem of their platform security.

That sounds like a perfect excuse to start shitposting about them on Tw*tter. When organisations devolve to the point where you can't even do them a favour without jumping through hoops it's time they died and deserve any public flack they get in the run-up to their demise.

[HighVoltage]

As someone that really likes the Keysight products (and I have lots of them), it is really sad to read all these posts about their service so deteriorating.

Maybe they just need a new CEO?

[Cerebus]

No, they need to get the old HP culture back, which was was ruined and destroyed by a succession of new CEOs. As our Italian friends say "A fish rots from the head." and cutting the head off once the rest has started to rot won't make the rest of the fish good again. It takes years, even 10s of years, to build a good, positive, effective company culture; it can be destroyed in months.

[xrunner]

I've had a Keysight account for years because I've bought parts for older hp and Agilent stuff I was repairing. Yes they used to have some parts for older gear.

But they send me several emails a week like this tutorial -

"Now Save Time Analyzing Frequency Response "

Before you can get the video or brochure or tutorial they ask about your project needs, interest area, form factor, preferred distributor ... You can't simply watch the video or get the PDF of the information they are peddling. Sure I can fib about all that and get the video but isn't that ruining their database of information? My answers mean nothing.

They even send me links to buy new equipment but their policy is to not sell to "hobbyists" any longer. I don't think my account there is worth a rat's a** anymore. 

[Zenith]

It's notoriously hard to change an organisation which has developed a dysfunctional culture.

There's a lack of commonsense and customer awareness in this. Some whizz kid has come out with all these exciting scaled packages to monetise support for corporate and institutional users. They are still prepared to sell, especially low end stuff, to individuals who can't really be expected to pay for these packages. What if those people come across software bugs, errors in manuals, clear defects in products etc? This could be considered valuable feedback which should be used to correct the product. It would make more sense to make it plain they won't touch that part of the market and concentrate on large customers, than to do it badly, or present gotchas after products have been bought.

[mawyatt]

As someone that really likes the Keysight products (and I have lots of them), it is really sad to read all these posts about their service so deteriorating.

Maybe they just need a new CEO?

A number of years ago we met the CTO Jay at a meeting in Sana Rosa about their new DAC (Griffin) for possible use in EW applications and later about getting access to their 600GHz InP process which we did some preliminary chip designs with. Asked after they split off from Agilent and noted the "new" culture and asked if they were trying to reinvent themselves as the new HP, the answer I got was absolutely!! Unfortunately, guess Jay didn't have much say so in the direction they were/are heading!!

Agree this is very sad and painful as we had always held HP in the highest regards, less with Agilent, and now way less with KS. We are watching the destruction of a technology icon in real time, just like we've already witnessed with Tektronix and long ago with Bell Labs 

Best,

[mawyatt]

No, they need to get the old HP culture back, which was was ruined and destroyed by a succession of new CEOs. As our Italian friends say "A fish rots from the head." and cutting the head off once the rest has started to rot won't make the rest of the fish good again. It takes years, even 10s of years, to build a good, positive, effective company culture; it can be destroyed in months.

Agree, a new CEO won't get this fixed, this will take decades to turn around. The total US business culture has evolved to short term management of the stock price for the short term good of the shareholders and executives, nobody cares about long term investments and strategies anymore here in US.

Best,

[AVGresponding]

No, they need to get the old HP culture back, which was was ruined and destroyed by a succession of new CEOs. As our Italian friends say "A fish rots from the head." and cutting the head off once the rest has started to rot won't make the rest of the fish good again. It takes years, even 10s of years, to build a good, positive, effective company culture; it can be destroyed in months.

Agree, a new CEO won't get this fixed, this will take decades to turn around. The total US business culture has evolved to short term management of the stock price for the short term good of the shareholders and executives, nobody cares about long term investments and strategies anymore here in US.

Best,

Not just the US, it's normal practice here in the UK nowadays too.

[arcitech]

I should have asked earlier today, when reporting what appeared to be clearly unintentional data exposure of other assets to my account, if I needed a Keysight Care subscription to let them know about a potentially major problem of their platform security.

That sounds like a perfect excuse to start shitposting about them on Tw*tter. When organisations devolve to the point where you can't even do them a favour without jumping through hoops it's time they died and deserve any public flack they get in the run-up to their demise.

I'll leave that to someone else. Last time I shit posted on Twitter about a company's tech ineptitude, it was because their SaaS software placed assets in a public S3 bucket, differentiated in URL by only a SEQUENTIAL 10-digit number, and then told me this wasn't a problem when I opened a support request asking wtf. After having them nuke all my company's assets and terminate our account, I took to Twitter and shortly thereafter so other customers could be made aware. The (developing country-based) SaaS company's fancy NYC law firm sent correspondence to several C-suite folks claiming I was using stolen credentials to access private data. This proved they didn't get the point. Then this software company, who was just the data processor, tried to get their biggest client (Tata) to sue me personally.

That was the last time I've ever used an identifiable/traceable account to let a company know about a serious problem, until now. But IMHO this time it's not as serious since instead of passports and other rather sensitive info of all types being exposed, it just seemed to be serial numbers and vague location. (I didn't exactly poke around.)

Unrelated, don't ever use SaaS with the word "fresh" in the name.

[bd139]

Interesting thread. I have a lot of experience in this space on both sides of the fence. Formerly on the attack side, now on the defence side.

If you want to fuck with corporates on the security front, some tips:

1. Do all business via Twitter where possible.
2. Make sure you use a shitty foreign VPN with no support as an egress point for doing it.
3. Use a completely different browser or Firefox container to do the shitposting.
4. Use a pseudonym always. Never use your real name.
5. Keep that pseudonym used for one activity only then burn it.
4. Do all drops via pastebin or equivalent.
5. Never accept a reward, attribution or contact request via any primary or side channel other than one you set up and agreed yourself.

Most corporates who have climbed the organisational risk ladder have an incident management process in place to establish who you are and how they can silence you quickly and efficiently. They will actually buy software in that tracks and analyses what is posted and looks for correlating information to build a case against you. And then they will set the lawyers on you. They don't give a fuck. They see you as an enemy even if you're doing responsible disclosure or genuinely trying to help. You are a risk.

Reason?

Most of them are running a pretty thick facade over a pile of burning excrement and if anyone finds out their customers will fuck off faster than a seagull after some chips. so reputation management is more important than actually fixing shit.

This isn't universally the case and I would not lower myself to working for one of those organisations but even in the more reputable ones you have to beat the internal vultures off the corpse of someone who is trying to help you.

If you give someone a job title which enables them to do something bad for society, they will do their job to the best of their ability...

[Zenith]

I suppose they could just run a decent forum with a couple of sensible and mature types assigned to sorting out the wheat from the chaff, answering legitimate questions and reporting back on genuine problems.

Too hard in a bureaucracy I suppose.

[bd139]

That's technically about 50% of my job.