Your worst security blunder
Goto page Previous  1, 2, 3, 4, 5  Next  :||:
Networking/Security Forums -> Exploits // System Weaknesses

Author: Zilker PostPosted: Mon Apr 14, 2003 5:54 am    Post subject: Biff
    ----
I really would have liked to, but he was one of the clients. This pud added unauthorized DCs, attempted to redirect the WINS replication and make his WINS box the primary and troubleshot web development problems by adding the "everyone" group to the admins group on his web server (which also happened to be a domain controller.)

When i was told by management I could not remove his admin priveledge, I polished the resume and found another job.

The fun part is: in a couple months my new job will be pen-testing that company. VENGANCE IS MINE.....

/Zilker

Author: squidlyLocation: Umm.. I dont know.. somewhere PostPosted: Mon Apr 14, 2003 6:33 am    Post subject:
    ----
Zilker how many holes are you gonig to tell them right off the batt. All of them or just the ones that the moron would open up.

LMAO what company was that... I'll "assist" the pen-test Twisted Evil

Author: Zilker PostPosted: Mon Apr 14, 2003 8:32 pm    Post subject:
    ----
I figure I'll hit his personal box first, use that to attack the rest of the network. That should be embarrasing enough.

I appreciate the offer, maybe I'll let you know after I've delivered the report. You can then "verify" they have made the appropriate changes...

/Zilker

Author: Hackmo PostPosted: Sun Jun 22, 2003 1:24 am    Post subject:
    ----
This didnt do any harm but was extrememly stupid. When I was in irc awhile ago I used the /nickserv IDENTIFY command to log in but instead of putting a / before the command I put a . so everyone in that channel saw my password Embarassed luckily no one done anything with it and I changed my password quickly but still was pretty stupid.

Author: bknows PostPosted: Fri Jul 11, 2003 5:39 pm    Post subject:
    ----
Immediatley after giving a family member a lecture on how stupid most users are and how little they understand about security, I left my laptop and briefcase in my driveway and drove to work (I put it down to move something else in my driveway).

Pride goeth before a fall Wink

Author: Guest PostPosted: Mon Jul 21, 2003 11:19 pm    Post subject:
    ----
I've done something really bad when I tried linux for the first time:

It was 1996, I had bought a old box and I wanted to try linux so I borrowed a Redhat 5.* (don't remember the version correctly) disc of a friend and started to install a webserver (full install with all applications and they were put in init.d). After 3 weeks I got a call from a sysadmin from Sunet (it's a big gigabit network in Sweden(www.sunet.se)), and he said that I had killed alot of their boxes, I had no idea what he talk about but as you can imagine at this point I got hacked really quickly. That was about what I had to say about it Embarassed.

Author: tutaepakiLocation: New Zealand PostPosted: Mon Jul 21, 2003 11:29 pm    Post subject:
    ----
Remebered this in the sdfc irc the other day...

I was doing a vulnerability scan using Nessus for work one night, and kicked of the scan 'bout 10PM. I was doing it over a dialup link, and I kept getting disconnected, so I stayed up all night baby sitting the scan, and cursing my ISP. (Staying up all night is no mean feat at my age Sad )

The next day, I realised that I'd forgotten to disable the ATH0 exploit!

DUH!

Author: thehulky1 PostPosted: Tue Jul 29, 2003 6:55 am    Post subject:
    ----
Mine is when dialing my ISP I trusted the DUN app and had a BO flashed into my bios by an ISP idiot.

see new topic, FW Rules for PC.

Author: whacker_mole PostPosted: Tue Aug 12, 2003 9:29 pm    Post subject:
    ----
Good old PHP mistake...

Threw it together early in the morning as the last item on my todo list... (This will always get ya) I simply made the mistake of taking a HTTP passed variable and issuing it directly to a local linux app...

Realized the mistake the next morning, when the *thoughtful* intruder snagged dir structures of all of my home/office machines through an 'ls' of my /mnt dir.

doh!.

Author: uncletomLocation: Isle of Man PostPosted: Tue Aug 12, 2003 9:44 pm    Post subject:
    ----
Not necessarily my worst security blunder, but one made by a co-worker that I discovered one bored saturday night.

Netbios was being exported to the world, as was LDAP/ Active Directory and a copy of surf control with a tree recursing bug in.

My what a shock they got when they read the e-mail I has sent them over the weekend with full details of the user names, shares, etc on the mail server (the one that was exporting all the above things).

Made myself very popular! Laughing

Author: cisco studentLocation: SFDC USA: Chico, California PostPosted: Thu Oct 16, 2003 5:48 pm    Post subject:
    ----
typing my password into the username field.

Author: chewiepmLocation: hellbound PostPosted: Thu Oct 16, 2003 8:46 pm    Post subject:
    ----
Leaving that porn on my hard disk unencrypted...
________
TOYOTA TS010


Last edited by chewiepm on Sat Feb 19, 2011 4:57 am; edited 1 time in total

Author: TXLeXTCLocation: The Great Republic Of Texas PostPosted: Thu Oct 16, 2003 9:28 pm    Post subject:
    ----
Forgetting that I still have big brother in other offices....

And assuming that the latest version of IIS was secure and leaving the webserver out there unattended...

Author: LÓm GravecryerLocation: Holland!! PostPosted: Tue Dec 09, 2003 11:17 pm    Post subject:
    ----
Im living in Holland, and KPN (our phone company) is very weird...
they know about the follwing and yet wont do anything against it Confused

My cousin and a lot of other ppl here in holland got hacked by some company, wich went calling sex-lines with their phone account Exclamation
luckily my uncle read the phone bill and saw SOMEONE had called a sex-line for over 12 hours!! (he first blamed his kids RazzRazzRazz)

Author: cyn1c4lLocation: Canada PostPosted: Sat Jan 17, 2004 12:13 am    Post subject:
    ----
LOL to all of you. I think we've all made mistakes, and hopefully some of us (at least I have) learned from them.

My worst blunder ever I commited about a year ago. I was setting up Windows 2K Advanced Server, and before I did updates or ANYTHING I hooked it up behind the router. I got distracted, as my g/f wanted me to come home, etc. So, I left this unprotected box, chilling behind the router, IN FRONT of the firewall, because I didn't notice where I was placing it. I also had the Telnet service running, with Guest and Guest (UID and PWD) with full r00t access.

I was pwnd in under 8 hours. Call it a lucky strike, or an act of God, but I lost EVERYTHING. It wasn't even a good h4ckz0r who wants to use my comp to attack someone else... NOOOO, it was a frigging l4m3 kid who formatted everything, Evil or Very Mad

*sigh*

Let's just say I didn't do that again.

-Cyn

Author: ToblopoLocation: Australia PostPosted: Wed Feb 04, 2004 12:23 am    Post subject:
    ----
At the school i work at we had a program called Networx. Or something to that extent which was a remote network admin program. It was good. and kept the average user inline. There were ways to exploit it but most of the students arn't that smart. Anyway the main thing was it worked. until browsing the network one of the students stumpled across a shared folder that contained the Networx install file. now that wouldn't have been a problem apart from the Txt file that contained the password to disable it.

There was another instant of shared stuff being leaked and that was an Excel spreadsheet containing the teachers usernames and passwords.

Both these mistakes were made by the old It tech when i was a student here.



Networking/Security Forums -> Exploits // System Weaknesses


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Goto page Previous  1, 2, 3, 4, 5  Next  :||:
Page 2 of 5

Powered by phpBB 2.0.x © 2001 phpBB Group