Your worst security blunder
Goto page 1, 2, 3, 4, 5  Next  :||:
Networking/Security Forums -> Exploits // System Weaknesses

Author: chrisLocation: ~/security-forums PostPosted: Fri Feb 07, 2003 12:42 am    Post subject: Your worst security blunder
    ----
Embarassment time

Please post your worst security blunders here, either first hand or that of a friend / colleague

Smile

Author: b4rtm4nLocation: Bi Mon Sci Fi Con PostPosted: Fri Feb 07, 2003 12:54 am    Post subject:
    ----
Leaving a linux server unfirewalled on the net with wu-ftp enabled.

only took 3 weeks b4 it was 0\/\/n3d

Embarassed Embarassed Embarassed Embarassed Embarassed Embarassed Embarassed Embarassed Embarassed

4 years ago tho! Smile

Author: NetworkguyLocation: UK PostPosted: Fri Feb 07, 2003 1:47 am    Post subject:
    ----
Not me but very funny

The night shift in a certain data center were getting bored one night. Of course they could not access any of the hard core porn on the net due to the corporate firewall rules.

But hang on, somebody realises that the data center is also a core node on our Internet backbone with several 9.6-GB feeds to it Very Happy

So they head off down to a pair of very large and very expensive Juniper routers and patch into a spare gigabit ethernet port (this is a core internet transit router).

Next they build themselves a nice little proxy server and plug that in and from there route it back onto the corporate LAN.

You may have noticed that I didn't mention a firewall. Thats right. they didn't bother.

So for a few nights, they have the time of their lives surfing the darker side of the net and even help themselves to some spare space on a customers EMC storage array.

In 4 nights, they managed to use up half a terrabyte of storage with pictures, videos and mp3s Very Happy

But then somebody notices during a routine security check that there is an unsecure web connection on the corporate LAN so the investigation starts.

So here we have guys who have the intelligence to configure a Juniper transit router, build themselves a proxy, configure this onto the corporate LAN and even reallocate an EMC storage array.

BUT

What they didn't do (and this is what got them sacked).

SWITCH OFF THE LOGGING ON THE PROXY Surprised

Just how much evidence did they think HR would need to sack them?

Author: flwLocation: U.S.A. PostPosted: Fri Feb 07, 2003 2:38 am    Post subject:
    ----
saxo shouldn't you have started this with a example of your own. Just to show we all f*ckup sometimes. Here's two for me:

1. I forgot to shutoff sshd when under a active bot attack that looked for a open issue with ssh1 when we were using ssh2. I got it the next day. Oops Embarassed

2. I also excepted a job from a jack of all trades and master of none when it came to IT and security. Confused

Author: squidlyLocation: Umm.. I dont know.. somewhere PostPosted: Fri Feb 07, 2003 4:12 am    Post subject:
    ----
Ive not had anything as bad as that happen.. Just a friends was routing though my pc and he was dling some stuff from Kazaa. Well some script kiddie tracked it back to my ip and tired to attack me. At the time I had no firewall up, and no realy integerity checking. My schools firewall caught most of it.

On the other side of the fence I was playing around with arp-spoof and I killed one of the local cisco routers. Knocked apx 400 people off the net for a couple of hours. Embarassed Thanks goodness they didnt look at the logs and see where the fake arps were comeing from Smile

Author: myhatisred PostPosted: Fri Feb 07, 2003 4:31 am    Post subject:
    ----
leaving port 23 open on my firewall when I closed everything else and had a nice linux box running until someone decided to take control of it. it's alright, that was 2 years ago, i've grown up since then.

Author: Mongrel PostPosted: Fri Feb 07, 2003 7:57 am    Post subject:
    ----
FTP site on my win2k - local user account - upload AND admin rights - script kiddie - rooted -

fortunately I noticed the machine was rebooted in the AM, tracked down all the goodies for posterity and study sake - wiped 'er clean and re-installed.

Author: ThePsykoLocation: California PostPosted: Fri Feb 07, 2003 9:48 am    Post subject:
    ----
Ugh.. I wasn't thinking and I didn't think to sanatize the HTTP_REFERER variable when tracking how people were getting to my page... a friend of mine injected a bunch of javascript into my tables and flooded me with popups when I went to view the logs.. Although since then I've found that HTML & scripting injections can be fun Smile

A worse one though.. not my domain, & was never responsible for it.. but one night I was poking around her server.. just reading and browsing.. went to her hosts support page and saw something about a webcontrol panel that you access via the cgi bin.. so of course I took a peek.. but not only did I take a peek, I 0wned that domain in under 10 seconds.. damn scary.. since there wasn't an account configured, it took whatever u/p I put in there and made me the administrator.. Now for the lucky part... she says that was supposed to have been taken down about 2 years ago and she had been told it was... during that 2 years, that domain was (at first anyway) despised by almost everybody in alt.hackers.malicious - a couple of them SWORE they were going to r00t it.. two years they tried every brute force, apache exploit, cgi exploit.... but they never bothered to stop and read the 'site owners manual' on the hosting companys support page... 2 years they tried and didn't see the open door right in front of them LOL

Author: Mike PostPosted: Tue Feb 11, 2003 7:41 pm    Post subject:
    ----
on my freebsd server
i putted a copy of master.passwd in it
some users noticed it and decrypted the passwd so they could login without a notice Razz

but now i still see stupid wheel users what do that Wink

Author: chrisLocation: ~/security-forums PostPosted: Tue Feb 11, 2003 8:20 pm    Post subject:
    ----
Ive been caught out by classic social engineering

A few years back on irc, when there was the usual tonne of flaming and abuse, I accepted a file from what I thought was a trusted source. Checked the ISP(which at the time had dynamic IPs) and the ident / nickname / realname matched up so I accepted the file. I ran it, mcafee said it was fine.

Since it was from a trusted source (or so I thought) I didnt suspect anything. It opened a funny image, and a dos window spawned quickly at which point I knew something was wrong but not quite what. After analysis later turns out it was sub7 binded to a picture and editted slightly to bypass most signatures at the time Sad

Noticed a stack of connection attempts after which were denied by the software firewall I was using at the time, conseal, so pulled the plug and reformatted


Last edited by chris on Tue Dec 09, 2003 11:27 pm; edited 1 time in total

Author: browolf PostPosted: Tue Feb 11, 2003 11:16 pm    Post subject:
    ----
only last week i made a cunning bat file with delprof to delete all the bazillions of local profiles created on our win2k boxes. I was just using net view to get a list of computer names.

it was a honest mistake i didnt think about ppl's laptops. luckily i only wiped out one person's profile who had their laptop on the network but not logged in. that was certainly a close one.


about 9 months ago. something went wrong in the switch cabinet (8 stacked switches) i was trying to fix it by myself in the evening. there was a night class on. unfortunately i didnt do a very good job. and i think i inadvertently unplugged some switches from each other. in the morning no-one could remember how they were supposed to plug together. we had to get someone from the firm that put them in to come and sort us out. it was a hideous mess b4 i made it worse. so they just unplugged everything and put them all back in again in a better order and made us a diagram. Smile

Author: WHISP3R PostPosted: Tue Feb 11, 2003 11:24 pm    Post subject: Irc Screwup
    ----
Opening a telnet connection with my IRC channel eggdrop and finding out that through /msg IDENT password the bot had set my hostmask to *bob*@*.undernet.org And I was on the Auto Op list, Allowing anyone with bob as a username logged into X to be Auto-oped
Embarassed Embarassed Embarassed
Moral: ALWAYS Always Add your eggdrop hostnames manually. Or ident and then change them.

Author: ComSec PostPosted: Wed Feb 12, 2003 2:24 am    Post subject:
    ----
dont laugh ,an EX AOL member through work.......till i got booted and lost me job Very Happy Very Happy........even had a spam collection box called e-mail LOL

"thank you aol"

Author: tutaepakiLocation: New Zealand PostPosted: Wed Feb 12, 2003 3:23 am    Post subject:
    ----
I was asked by a collegue to scan his ADSL connection to see how secure he was. Turned he wasn't at all, the ADSL modem was wide open, and it took all of 5secs to google to turn up his config password.

The trick was when I showed him how easy it was, and left his work PC connected to the config screen of his ADSL modem, with auto-refresh enabled. In a classic case of timing, he'd just upgraded to a 10MB connection with a very low data cap.

He still blames me for the $600 bill he got from his ISP Laughing

Author: Zilker PostPosted: Sat Apr 12, 2003 9:53 pm    Post subject: NT blunder
    ----
So I'm sr. sysadmin on a NT 4.0 network of about 8,000 users. I get a call from the helpdesk that "no one" can login. Hmmm. That's strange? I check and I can login, seems everyone around me (sysadmin team) can login. What could the problem be?

Everyone who has admin privledge can login, but no one else can? What could it be.

Then the "HOLY CRAP!!!!" moment hits. What would allow me, an administrator, to login but not anyone else? "Access this computer from the network"

Well, it seems one of the other administrators (read client) had decided to build themself a test domain controller. He wanted to secure the system so what does he do? He removed everyone except "Administrators" from the "Access this computer from the network" on his "test DC".

Of course, any policy change on a Backup DC is actually performed on the PDC and propogated. So in effect, by trying to secure his system, he had blocked everyone from accessing the NT domain.

Author: ThePsykoLocation: California PostPosted: Sun Apr 13, 2003 3:02 am    Post subject:
    ----
?? he put an unauthorized DC onto an existing network for "testing" purposes?? without realizing the impact or notifying anybody?? holy smokes... did you take him out back at the end of the day and beat the crap outta him at least?



Networking/Security Forums -> Exploits // System Weaknesses


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Goto page 1, 2, 3, 4, 5  Next  :||:
Page 1 of 5

Powered by phpBB 2.0.x © 2001 phpBB Group