Your worst security blunder
Goto page Previous  1, 2, 3, 4, 5  Next  :||:
Networking/Security Forums -> Exploits // System Weaknesses

Author: goddessofsnarkLocation: New Jersey PostPosted: Tue Jun 08, 2004 3:03 am    Post subject:
    ----
This wasn't me, this was someone at compusa....

At compusa they have the macs on display, and someone had thought they could check their @mac.com email from the store, so they put in their username/pass combo on the page....realize it's not connected to the 'net, and leave it up, with his username and pass!

I copy and pasted it into appleworks, and i can't quite remember what it was, but it was certainly password-ish...that's pretty stupid, if you ask me...

My personal worst is adding a spywear/virus laden comp to the network without even firewalling it...i had to go through and take all the stuff it had spread through the network off the other computers....and i did that knowing that it was probably full of spywear/trojans/virii...

Author: PhiBerLocation: Your MBR PostPosted: Tue Jun 08, 2004 8:01 am    Post subject:
    ----
::sigh:: I am VERY ashamed of this...

When I first got into computers many YEARS AGO, I thought I was so cool because I knew how to use sub7. I didn't know anything about TCP/IP, true hacking, not even hardware. So i installed it and tried to send people the trojan. (I was probably 14 or 15 years old)

I couldn't figure out why I couldn't connect to certain people so I decided to install the virus on my own machine because I thought I could find out what port it used and so on. Yup, I couldn't figure out how to delete the virus and I had a VERY vulnerable machine.
Crying or Very sad


Last edited by PhiBer on Fri Jul 16, 2004 8:49 pm; edited 1 time in total

Author: AntiThesis PostPosted: Fri Jun 11, 2004 11:19 am    Post subject:
    ----
Many many many moons ago when I first started using IRC (read extreme newbie Laughing ) They told me that alt+f+a+x would pop up an easter egg. Bastards. Very Happy Embarassed

Needless to say, I've progressed a tad from those dark days... Rolling Eyes

Author: Phrekie PostPosted: Fri Jul 16, 2004 8:36 pm    Post subject:
    ----
A coworker of mine brought a laptop to the office from one of our users. The user had the described the problem as "having trouble using Internet Explorer". Fine he thought, just some adware-removal and we're set. He proceeded as usual by connecting it to our intranet and booting it. The moment he launches Internet explorer he gets an lsass crash. As an innocent bystander the first thought that crossed my mind was "man, we're screwed". Luckily the sasser virus started sending its load to some nonexsistant subnet, so it was all fine.

Later that day the same coworker decided to do a little sniffing on our lab-net to check if everything was behaving as it should. The only problem was he did it from the firewalled gateway (freebsd-box) bordering to our intranet, forgetting to specify which nic to sniff, resulting in arp-poisoning the whole admin-subnet Laughing

Let's just say we've had a couple of laughs during our coffee breaks Wink

Author: piccolo_21Location: NYC, USA PostPosted: Fri Jul 16, 2004 8:58 pm    Post subject:
    ----
wow that is some crazy stuff well i guess mean would have to be let me see... (i had so much eh he) I met someone on one of those pc forums who told me he had a copy of kav antivirus with a good key, so i told him to email me it and man!! i got like 4,000 and more viruses from that file when i installed it. dont know how but man i have to do so much, and i was out of town that weeken with my laptop....

Author: amadkowLocation: Bakersfield, CA PostPosted: Fri Jul 16, 2004 10:22 pm    Post subject:
    ----
the worst I have done so far is when I was first getting in to running a web server I set up IIS on a windows 2000 box and didn't get any updates. That server was hacked within the first few weeks of being up. This was years ago

Author: sim0n PostPosted: Fri Jul 16, 2004 10:22 pm    Post subject:
    ----
The worst I've ever had was a trojan and a buffer overflow exploit...

I've had a few virus situations, but nothing serious...though at times, it's difficult dealing with others mistakes. Smile

Author: UVLocation: Leicester, England PostPosted: Sat Jul 17, 2004 3:00 am    Post subject:
    ----
AntiThesis wrote:
Many many many moons ago when I first started using IRC (read extreme newbie Laughing ) They told me that alt+f+a+x would pop up an easter egg. Bastards. Very Happy Embarassed

Needless to say, I've progressed a tad from those dark days... Rolling Eyes

go on then, im thick. what does it do?



Also my worst would have been 4-5yrs ago back when i thought trojans were cool. No clue how i got infected or who it was but one day sitting in an old irc phreak channel and talking to my cuz on icq. Up pops a stupid chat window saying "thats right. im watching u ben".

ive never felt so sick and completely gutted!

and yesturday, every connection to the net was directed to http://outbreak.ntli.net/ . After scanning and being completely confused as to how id be infect by this, i realised i was flooding someones email earlier. Obviously enough to get ntls attenion! My bad, lame but fun.

Author: dadragon PostPosted: Mon Dec 13, 2004 6:33 pm    Post subject:
    ----
Anyways as the best man for the job i installed the 2 firewalls in HA at the data centre and went through all the configuration and decided that the last thing i was gonna do was to change the default passwords when handing over to the clients before they went live. Half way through my fourth pint in the pub i remembered what i forgot to do....ARRGHHHH!!!! I screamed but luckily for me the reseller was not that dumb afterall he had changed the passwords for the clients and already sent an email detailing my blunder...I will never forget the remaining half of the pint as it was then i realised that larger was indeed BITTER!!!! but let's not tell anyone i made that blunder. Very Happy

Author: SteelValorLocation: Central New York PostPosted: Tue Dec 21, 2004 6:19 pm    Post subject:
    ----
I was ftp'ing the final UT patch from home to a server at work for a co-woker to get. I had zipped it as utup.exe. The upload was slow so I stopped it and went to work. Weeks pass and I was reviewing the ftp logs and see this upload started by admin, uploaded a filenamed update.exe and seconds later deleted it and sign off. I panic! "OMGZ!! We got hacked!!" I yell to the other webmaster and then I start the nslookups and requests for ip stuff. I chase this around for 2 days and finally track down the ISP and their support. They say "You're kidding right? Get ****ing warrant." I then lmao and say sarcastically "Good Game!! Thanks for the cooperation. I'll keep it in mind when the high schools turn on you" and hang up. It then dawns on me that I've been chasing me for 2 days. Embarassed x2

Author: x3n0n PostPosted: Mon Mar 07, 2005 5:32 am    Post subject:
    ----
omg, this one is pretty bad (not in comparison to some, but to me it was bad)...
a long time ago, back when i was a total n00b at computers and the net, i found kazaa, and im thinking "great, free downloads all the time" so after a while i think to myself, "well, besides warez, i could download some porn", so i start a search for "pamela anderson", after about a minute, a full list of results return and there is this one item that is called something like "pamela712351.exe" and i thought to myself "hey, this might be some sort of screensaver with her, or some sort of game" so i download it, and attempt to install it.
suddenly, all my programs start to open slowly and my computer is basically rendered unuseable. because i didn't have a lan, or even a burner, i had to copy all i could onto floppy disks and re-format the whole computer.
that is when i first realised that not every exe is safe, lol

Author: InBan PostPosted: Thu Apr 21, 2005 2:42 am    Post subject:
    ----
One that wasn't me; A site admin wanted to open a port in the primary corporate firewall so he could synch the clocks of his computers with a clock on the internet. He asked the 'firewall admin', a real bright fellow, to open the appropriat port. the guy couldn't remember which port he was supposed to open, let alone that it only needed to be open for outgoing traffic, so he just opened up everything. Brilliant. Since then the firewall has been replaced, and netbios and rpc are closed now.

One time I 'accidently' removed IIS from a production exchange server *doh*. That was a late night rebuild.

Early 90's I infected my home computer with Sub7 because I just wanted to see what the hell it did, dumbdumbdumb.

Author: Colonel_Panic PostPosted: Thu Apr 21, 2005 3:22 pm    Post subject:
    ----
Getting hit with CWS long time ago...

More recently, not exactly security blunder but stupid anyway:

I logged into one webserver I manage for some routine administration. I logged in from my laptop which happens to have same os as the server, and in general pretty much the same 'look and feel'. So, I log in through ssh, do the work and as it was friday night I tought I'll go home early. So I proceed to shut down my laptop

shutdown -h now

halfway through shutdown I realize:
Oh for f#$% sake, I didn't log out from the server!

I dash to NOC to boot the damn thing back up, but unlike almost any other time, the door was not open. So I have to spent half an hour to find someone with a key (my 'going home early' is still pretty late) and of course I had to come up with some reason why. Luckily that server has had some harware issues with boot process (fixed though) so I mumbled something vague about 'testing'.

So much for going home early. Absent-mindedness and root account don't mix well...

Author: eiuolnmuLocation: 127.0.0.1 PostPosted: Tue Apr 26, 2005 6:55 am    Post subject:
    ----
When I was in college I was taking a class in Win2K Server and I gave all the users in my directory Admin rights. Needless to say someone locked me out of my own box. Rolling Eyes


Thanks,
Oz

Author: Cybertrion-Systems PostPosted: Tue May 03, 2005 8:15 pm    Post subject: Cpanel exploit
    ----
1 year back i was working on one of my website and i had seen the webmail for the cpanel can take only 8 characters and is more vulnerable to brute force attack.
I thought it's just a bug in the server but later after few months someone had released the same thing in all the mailing list.
I had reported this to my host admin but that fool don't know what to do?
Then after few months realised that it's was the bug in the cpanel not the server.

Author: monkranterLocation: Texas, USA PostPosted: Tue May 03, 2005 10:42 pm    Post subject:
    ----
A couple of years ago I was researching a problem that was giving me grief. (I can't recall the nature of the problem.) I was looking on one of those tech forum thingys were people post problems and others try to help them. I think most of you are familiar with such sites. Smile

Well, I saw that someone was having the exact same issue as me (I used the Search feature for the forum) and someone else was kind enough to post a reply with a link to a fix. I didn't pay close attention to the URL and when I clicked the link, I was sent to a site that flooded me with popups of some guy's naked back side. There was also an audio loop that said, "Hey everybody. I am looking at g4y p0rn."

Did I mention I worked in a cube environment and it just so happened that I had my speakers at a relatively HIGH volume!!! I was ridiculed for weeks.



Networking/Security Forums -> Exploits // System Weaknesses


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Goto page Previous  1, 2, 3, 4, 5  Next  :||:
Page 3 of 5

Powered by phpBB 2.0.x © 2001 phpBB Group