• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Your worst security blunder

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Goto page Previous  1, 2, 3, 4, 5  Next
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Exploits // System Weaknesses

View previous topic :: View next topic  
Author Message
goddessofsnark
Just Arrived
Just Arrived


Joined: 17 May 2004
Posts: 0
Location: New Jersey

Offline

PostPosted: Tue Jun 08, 2004 3:03 am    Post subject: Reply with quote

This wasn't me, this was someone at compusa....

At compusa they have the macs on display, and someone had thought they could check their @mac.com email from the store, so they put in their username/pass combo on the page....realize it's not connected to the 'net, and leave it up, with his username and pass!

I copy and pasted it into appleworks, and i can't quite remember what it was, but it was certainly password-ish...that's pretty stupid, if you ask me...

My personal worst is adding a spywear/virus laden comp to the network without even firewalling it...i had to go through and take all the stuff it had spread through the network off the other computers....and i did that knowing that it was probably full of spywear/trojans/virii...
Back to top
View user's profile Send private message AIM Address
PhiBer
SF Mod
SF Mod


Joined: 11 Mar 2003
Posts: 20
Location: Your MBR

Offline

PostPosted: Tue Jun 08, 2004 8:01 am    Post subject: Reply with quote

::sigh:: I am VERY ashamed of this...

When I first got into computers many YEARS AGO, I thought I was so cool because I knew how to use sub7. I didn't know anything about TCP/IP, true hacking, not even hardware. So i installed it and tried to send people the trojan. (I was probably 14 or 15 years old)

I couldn't figure out why I couldn't connect to certain people so I decided to install the virus on my own machine because I thought I could find out what port it used and so on. Yup, I couldn't figure out how to delete the virus and I had a VERY vulnerable machine.
Crying or Very sad


Last edited by PhiBer on Fri Jul 16, 2004 8:49 pm; edited 1 time in total
Back to top
View user's profile Send private message
AntiThesis
Just Arrived
Just Arrived


Joined: 10 Jun 2004
Posts: 0


Offline

PostPosted: Fri Jun 11, 2004 11:19 am    Post subject: Reply with quote

Many many many moons ago when I first started using IRC (read extreme newbie Laughing ) They told me that alt+f+a+x would pop up an easter egg. Bastards. Very Happy Embarassed

Needless to say, I've progressed a tad from those dark days... Rolling Eyes
Back to top
View user's profile Send private message
Phrekie
Just Arrived
Just Arrived


Joined: 15 Jul 2004
Posts: 0


Offline

PostPosted: Fri Jul 16, 2004 8:36 pm    Post subject: Reply with quote

A coworker of mine brought a laptop to the office from one of our users. The user had the described the problem as "having trouble using Internet Explorer". Fine he thought, just some adware-removal and we're set. He proceeded as usual by connecting it to our intranet and booting it. The moment he launches Internet explorer he gets an lsass crash. As an innocent bystander the first thought that crossed my mind was "man, we're screwed". Luckily the sasser virus started sending its load to some nonexsistant subnet, so it was all fine.

Later that day the same coworker decided to do a little sniffing on our lab-net to check if everything was behaving as it should. The only problem was he did it from the firewalled gateway (freebsd-box) bordering to our intranet, forgetting to specify which nic to sniff, resulting in arp-poisoning the whole admin-subnet Laughing

Let's just say we've had a couple of laughs during our coffee breaks Wink
Back to top
View user's profile Send private message
piccolo_21
Just Arrived
Just Arrived


Joined: 07 Jan 2004
Posts: 0
Location: NYC, USA

Offline

PostPosted: Fri Jul 16, 2004 8:58 pm    Post subject: Reply with quote

wow that is some crazy stuff well i guess mean would have to be let me see... (i had so much eh he) I met someone on one of those pc forums who told me he had a copy of kav antivirus with a good key, so i told him to email me it and man!! i got like 4,000 and more viruses from that file when i installed it. dont know how but man i have to do so much, and i was out of town that weeken with my laptop....
Back to top
View user's profile Send private message Send e-mail AIM Address
amadkow
Just Arrived
Just Arrived


Joined: 02 Jun 2004
Posts: 0
Location: Bakersfield, CA

Offline

PostPosted: Fri Jul 16, 2004 10:22 pm    Post subject: Reply with quote

the worst I have done so far is when I was first getting in to running a web server I set up IIS on a windows 2000 box and didn't get any updates. That server was hacked within the first few weeks of being up. This was years ago
Back to top
View user's profile Send private message AIM Address
sim0n
Just Arrived
Just Arrived


Joined: 10 Jul 2003
Posts: 3


Offline

PostPosted: Fri Jul 16, 2004 10:22 pm    Post subject: Reply with quote

The worst I've ever had was a trojan and a buffer overflow exploit...

I've had a few virus situations, but nothing serious...though at times, it's difficult dealing with others mistakes. Smile
Back to top
View user's profile Send private message
UV
Just Arrived
Just Arrived


Joined: 30 Jun 2004
Posts: 0
Location: Leicester, England

Offline

PostPosted: Sat Jul 17, 2004 3:00 am    Post subject: Reply with quote

AntiThesis wrote:
Many many many moons ago when I first started using IRC (read extreme newbie Laughing ) They told me that alt+f+a+x would pop up an easter egg. Bastards. Very Happy Embarassed

Needless to say, I've progressed a tad from those dark days... Rolling Eyes

go on then, im thick. what does it do?



Also my worst would have been 4-5yrs ago back when i thought trojans were cool. No clue how i got infected or who it was but one day sitting in an old irc phreak channel and talking to my cuz on icq. Up pops a stupid chat window saying "thats right. im watching u ben".

ive never felt so sick and completely gutted!

and yesturday, every connection to the net was directed to http://outbreak.ntli.net/ . After scanning and being completely confused as to how id be infect by this, i realised i was flooding someones email earlier. Obviously enough to get ntls attenion! My bad, lame but fun.
Back to top
View user's profile Send private message
dadragon
Just Arrived
Just Arrived


Joined: 20 Oct 2004
Posts: 5


Offline

PostPosted: Mon Dec 13, 2004 6:33 pm    Post subject: Reply with quote

Anyways as the best man for the job i installed the 2 firewalls in HA at the data centre and went through all the configuration and decided that the last thing i was gonna do was to change the default passwords when handing over to the clients before they went live. Half way through my fourth pint in the pub i remembered what i forgot to do....ARRGHHHH!!!! I screamed but luckily for me the reseller was not that dumb afterall he had changed the passwords for the clients and already sent an email detailing my blunder...I will never forget the remaining half of the pint as it was then i realised that larger was indeed BITTER!!!! but let's not tell anyone i made that blunder. Very Happy
Back to top
View user's profile Send private message
SteelValor
Just Arrived
Just Arrived


Joined: 14 Oct 2004
Posts: 0
Location: Central New York

Offline

PostPosted: Tue Dec 21, 2004 6:19 pm    Post subject: Reply with quote

I was ftp'ing the final UT patch from home to a server at work for a co-woker to get. I had zipped it as utup.exe. The upload was slow so I stopped it and went to work. Weeks pass and I was reviewing the ftp logs and see this upload started by admin, uploaded a filenamed update.exe and seconds later deleted it and sign off. I panic! "OMGZ!! We got hacked!!" I yell to the other webmaster and then I start the nslookups and requests for ip stuff. I chase this around for 2 days and finally track down the ISP and their support. They say "You're kidding right? Get ****ing warrant." I then lmao and say sarcastically "Good Game!! Thanks for the cooperation. I'll keep it in mind when the high schools turn on you" and hang up. It then dawns on me that I've been chasing me for 2 days. Embarassed x2
Back to top
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger
x3n0n
Just Arrived
Just Arrived


Joined: 07 Mar 2005
Posts: 0


Offline

PostPosted: Mon Mar 07, 2005 5:32 am    Post subject: Reply with quote

omg, this one is pretty bad (not in comparison to some, but to me it was bad)...
a long time ago, back when i was a total n00b at computers and the net, i found kazaa, and im thinking "great, free downloads all the time" so after a while i think to myself, "well, besides warez, i could download some porn", so i start a search for "pamela anderson", after about a minute, a full list of results return and there is this one item that is called something like "pamela712351.exe" and i thought to myself "hey, this might be some sort of screensaver with her, or some sort of game" so i download it, and attempt to install it.
suddenly, all my programs start to open slowly and my computer is basically rendered unuseable. because i didn't have a lan, or even a burner, i had to copy all i could onto floppy disks and re-format the whole computer.
that is when i first realised that not every exe is safe, lol
Back to top
View user's profile Send private message
InBan
Just Arrived
Just Arrived


Joined: 17 Apr 2005
Posts: 4


Offline

PostPosted: Thu Apr 21, 2005 2:42 am    Post subject: Reply with quote

One that wasn't me; A site admin wanted to open a port in the primary corporate firewall so he could synch the clocks of his computers with a clock on the internet. He asked the 'firewall admin', a real bright fellow, to open the appropriat port. the guy couldn't remember which port he was supposed to open, let alone that it only needed to be open for outgoing traffic, so he just opened up everything. Brilliant. Since then the firewall has been replaced, and netbios and rpc are closed now.

One time I 'accidently' removed IIS from a production exchange server *doh*. That was a late night rebuild.

Early 90's I infected my home computer with Sub7 because I just wanted to see what the hell it did, dumbdumbdumb.
Back to top
View user's profile Send private message
Colonel_Panic
Just Arrived
Just Arrived


Joined: 13 May 2004
Posts: 2


Offline

PostPosted: Thu Apr 21, 2005 3:22 pm    Post subject: Reply with quote

Getting hit with CWS long time ago...

More recently, not exactly security blunder but stupid anyway:

I logged into one webserver I manage for some routine administration. I logged in from my laptop which happens to have same os as the server, and in general pretty much the same 'look and feel'. So, I log in through ssh, do the work and as it was friday night I tought I'll go home early. So I proceed to shut down my laptop

shutdown -h now

halfway through shutdown I realize:
Oh for f#$% sake, I didn't log out from the server!

I dash to NOC to boot the damn thing back up, but unlike almost any other time, the door was not open. So I have to spent half an hour to find someone with a key (my 'going home early' is still pretty late) and of course I had to come up with some reason why. Luckily that server has had some harware issues with boot process (fixed though) so I mumbled something vague about 'testing'.

So much for going home early. Absent-mindedness and root account don't mix well...
Back to top
View user's profile Send private message
eiuolnmu
Just Arrived
Just Arrived


Joined: 07 Jul 2004
Posts: 0
Location: 127.0.0.1

Offline

PostPosted: Tue Apr 26, 2005 6:55 am    Post subject: Reply with quote

When I was in college I was taking a class in Win2K Server and I gave all the users in my directory Admin rights. Needless to say someone locked me out of my own box. Rolling Eyes


Thanks,
Oz
Back to top
View user's profile Send private message
Cybertrion-Systems
Just Arrived
Just Arrived


Joined: 03 May 2005
Posts: 0


Offline

PostPosted: Tue May 03, 2005 8:15 pm    Post subject: Cpanel exploit Reply with quote

1 year back i was working on one of my website and i had seen the webmail for the cpanel can take only 8 characters and is more vulnerable to brute force attack.
I thought it's just a bug in the server but later after few months someone had released the same thing in all the mailing list.
I had reported this to my host admin but that fool don't know what to do?
Then after few months realised that it's was the bug in the cpanel not the server.
Back to top
View user's profile Send private message
monkranter
Just Arrived
Just Arrived


Joined: 17 Mar 2005
Posts: 0
Location: Texas, USA

Offline

PostPosted: Tue May 03, 2005 10:42 pm    Post subject: Reply with quote

A couple of years ago I was researching a problem that was giving me grief. (I can't recall the nature of the problem.) I was looking on one of those tech forum thingys were people post problems and others try to help them. I think most of you are familiar with such sites. Smile

Well, I saw that someone was having the exact same issue as me (I used the Search feature for the forum) and someone else was kind enough to post a reply with a link to a fix. I didn't pay close attention to the URL and when I clicked the link, I was sent to a site that flooded me with popups of some guy's naked back side. There was also an audio loop that said, "Hey everybody. I am looking at g4y p0rn."

Did I mention I worked in a cube environment and it just so happened that I had my speakers at a relatively HIGH volume!!! I was ridiculed for weeks.
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Exploits // System Weaknesses All times are GMT + 2 Hours
Goto page Previous  1, 2, 3, 4, 5  Next
Page 3 of 5


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register