• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Your worst security blunder

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Goto page Previous  1, 2, 3, 4, 5  Next
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Exploits // System Weaknesses

View previous topic :: View next topic  
Author Message
Zilker
Just Arrived
Just Arrived


Joined: 02 Apr 2003
Posts: 0


Offline

PostPosted: Mon Apr 14, 2003 5:54 am    Post subject: Biff Reply with quote

I really would have liked to, but he was one of the clients. This pud added unauthorized DCs, attempted to redirect the WINS replication and make his WINS box the primary and troubleshot web development problems by adding the "everyone" group to the admins group on his web server (which also happened to be a domain controller.)

When i was told by management I could not remove his admin priveledge, I polished the resume and found another job.

The fun part is: in a couple months my new job will be pen-testing that company. VENGANCE IS MINE.....

/Zilker
Back to top
View user's profile Send private message
squidly
Trusted SF Member
Trusted SF Member


Joined: 07 Oct 2002
Posts: 16777215
Location: Umm.. I dont know.. somewhere

Offline

PostPosted: Mon Apr 14, 2003 6:33 am    Post subject: Reply with quote

Zilker how many holes are you gonig to tell them right off the batt. All of them or just the ones that the moron would open up.

LMAO what company was that... I'll "assist" the pen-test Twisted Evil
Back to top
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger
Zilker
Just Arrived
Just Arrived


Joined: 02 Apr 2003
Posts: 0


Offline

PostPosted: Mon Apr 14, 2003 8:32 pm    Post subject: Reply with quote

I figure I'll hit his personal box first, use that to attack the rest of the network. That should be embarrasing enough.

I appreciate the offer, maybe I'll let you know after I've delivered the report. You can then "verify" they have made the appropriate changes...

/Zilker
Back to top
View user's profile Send private message
Hackmo
Just Arrived
Just Arrived


Joined: 22 Jun 2003
Posts: 0


Offline

PostPosted: Sun Jun 22, 2003 1:24 am    Post subject: Reply with quote

This didnt do any harm but was extrememly stupid. When I was in irc awhile ago I used the /nickserv IDENTIFY command to log in but instead of putting a / before the command I put a . so everyone in that channel saw my password Embarassed luckily no one done anything with it and I changed my password quickly but still was pretty stupid.
Back to top
View user's profile Send private message Visit poster's website
bknows
Just Arrived
Just Arrived


Joined: 11 Jul 2003
Posts: 5


Offline

PostPosted: Fri Jul 11, 2003 5:39 pm    Post subject: Reply with quote

Immediatley after giving a family member a lecture on how stupid most users are and how little they understand about security, I left my laptop and briefcase in my driveway and drove to work (I put it down to move something else in my driveway).

Pride goeth before a fall Wink
Back to top
View user's profile Send private message
Guest







PostPosted: Mon Jul 21, 2003 11:19 pm    Post subject: Reply with quote

I've done something really bad when I tried linux for the first time:

It was 1996, I had bought a old box and I wanted to try linux so I borrowed a Redhat 5.* (don't remember the version correctly) disc of a friend and started to install a webserver (full install with all applications and they were put in init.d). After 3 weeks I got a call from a sysadmin from Sunet (it's a big gigabit network in Sweden(www.sunet.se)), and he said that I had killed alot of their boxes, I had no idea what he talk about but as you can imagine at this point I got hacked really quickly. That was about what I had to say about it Embarassed.
Back to top
tutaepaki
Trusted SF Member
Trusted SF Member


Joined: 02 May 2002
Posts: 3
Location: New Zealand

Offline

PostPosted: Mon Jul 21, 2003 11:29 pm    Post subject: Reply with quote

Remebered this in the sdfc irc the other day...

I was doing a vulnerability scan using Nessus for work one night, and kicked of the scan 'bout 10PM. I was doing it over a dialup link, and I kept getting disconnected, so I stayed up all night baby sitting the scan, and cursing my ISP. (Staying up all night is no mean feat at my age Sad )

The next day, I realised that I'd forgotten to disable the ATH0 exploit!

DUH!
Back to top
View user's profile Send private message
thehulky1
Just Arrived
Just Arrived


Joined: 29 Jul 2003
Posts: 0


Offline

PostPosted: Tue Jul 29, 2003 6:55 am    Post subject: Reply with quote

Mine is when dialing my ISP I trusted the DUN app and had a BO flashed into my bios by an ISP idiot.

see new topic, FW Rules for PC.
Back to top
View user's profile Send private message Send e-mail
whacker_mole
Just Arrived
Just Arrived


Joined: 12 Aug 2003
Posts: 0


Offline

PostPosted: Tue Aug 12, 2003 9:29 pm    Post subject: Reply with quote

Good old PHP mistake...

Threw it together early in the morning as the last item on my todo list... (This will always get ya) I simply made the mistake of taking a HTTP passed variable and issuing it directly to a local linux app...

Realized the mistake the next morning, when the *thoughtful* intruder snagged dir structures of all of my home/office machines through an 'ls' of my /mnt dir.

doh!.
Back to top
View user's profile Send private message
uncletom
Just Arrived
Just Arrived


Joined: 21 Jun 2003
Posts: 8
Location: Isle of Man

Offline

PostPosted: Tue Aug 12, 2003 9:44 pm    Post subject: Reply with quote

Not necessarily my worst security blunder, but one made by a co-worker that I discovered one bored saturday night.

Netbios was being exported to the world, as was LDAP/ Active Directory and a copy of surf control with a tree recursing bug in.

My what a shock they got when they read the e-mail I has sent them over the weekend with full details of the user names, shares, etc on the mail server (the one that was exporting all the above things).

Made myself very popular! Laughing
Back to top
View user's profile Send private message Send e-mail
cisco student
Just Arrived
Just Arrived


Joined: 07 Sep 2003
Posts: 8
Location: SFDC USA: Chico, California

Offline

PostPosted: Thu Oct 16, 2003 5:48 pm    Post subject: Reply with quote

typing my password into the username field.
Back to top
View user's profile Send private message
chewiepm
Just Arrived
Just Arrived


Joined: 05 Jul 2003
Posts: 3
Location: hellbound

Offline

PostPosted: Thu Oct 16, 2003 8:46 pm    Post subject: Reply with quote

Leaving that porn on my hard disk unencrypted...
________
TOYOTA TS010


Last edited by chewiepm on Sat Feb 19, 2011 4:57 am; edited 1 time in total
Back to top
View user's profile Send private message
TXLeXTC
Just Arrived
Just Arrived


Joined: 04 Sep 2003
Posts: 2
Location: The Great Republic Of Texas

Offline

PostPosted: Thu Oct 16, 2003 9:28 pm    Post subject: Reply with quote

Forgetting that I still have big brother in other offices....

And assuming that the latest version of IIS was secure and leaving the webserver out there unattended...
Back to top
View user's profile Send private message
LÓm Gravecryer
Just Arrived
Just Arrived


Joined: 08 Dec 2003
Posts: 0
Location: Holland!!

Offline

PostPosted: Tue Dec 09, 2003 11:17 pm    Post subject: Reply with quote

Im living in Holland, and KPN (our phone company) is very weird...
they know about the follwing and yet wont do anything against it Confused

My cousin and a lot of other ppl here in holland got hacked by some company, wich went calling sex-lines with their phone account Exclamation
luckily my uncle read the phone bill and saw SOMEONE had called a sex-line for over 12 hours!! (he first blamed his kids RazzRazzRazz)
Back to top
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger
cyn1c4l
Just Arrived
Just Arrived


Joined: 22 Nov 2003
Posts: 2
Location: Canada

Offline

PostPosted: Sat Jan 17, 2004 12:13 am    Post subject: Reply with quote

LOL to all of you. I think we've all made mistakes, and hopefully some of us (at least I have) learned from them.

My worst blunder ever I commited about a year ago. I was setting up Windows 2K Advanced Server, and before I did updates or ANYTHING I hooked it up behind the router. I got distracted, as my g/f wanted me to come home, etc. So, I left this unprotected box, chilling behind the router, IN FRONT of the firewall, because I didn't notice where I was placing it. I also had the Telnet service running, with Guest and Guest (UID and PWD) with full r00t access.

I was pwnd in under 8 hours. Call it a lucky strike, or an act of God, but I lost EVERYTHING. It wasn't even a good h4ckz0r who wants to use my comp to attack someone else... NOOOO, it was a frigging l4m3 kid who formatted everything, Evil or Very Mad

*sigh*

Let's just say I didn't do that again.

-Cyn
Back to top
View user's profile Send private message AIM Address Yahoo Messenger MSN Messenger
Toblopo
Just Arrived
Just Arrived


Joined: 02 Feb 2004
Posts: 0
Location: Australia

Offline

PostPosted: Wed Feb 04, 2004 12:23 am    Post subject: Reply with quote

At the school i work at we had a program called Networx. Or something to that extent which was a remote network admin program. It was good. and kept the average user inline. There were ways to exploit it but most of the students arn't that smart. Anyway the main thing was it worked. until browsing the network one of the students stumpled across a shared folder that contained the Networx install file. now that wouldn't have been a problem apart from the Txt file that contained the password to disable it.

There was another instant of shared stuff being leaked and that was an Excel spreadsheet containing the teachers usernames and passwords.

Both these mistakes were made by the old It tech when i was a student here.
Back to top
View user's profile Send private message MSN Messenger
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Exploits // System Weaknesses All times are GMT + 2 Hours
Goto page Previous  1, 2, 3, 4, 5  Next
Page 2 of 5


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register