Waraxe IT Security Portal  
  Login or Register
::  Home  ::  Search  ::  Your Account  ::  Forums  ::   Waraxe Advisories  ::  Tools  ::
October 22, 2020
Menu
 Home
 Logout
 Discussions
 Forums
 Members List
 IRC chat
 Tools
 Base64 coder
 MD5 hash
 CRC32 checksum
 ROT13 coder
 SHA-1 hash
 URL-decoder
 Sql Char Encoder
 Affiliates
 y3dips ITsec
 Md5 Cracker
 User Manuals
 AlbumNow
 Content
 Content
 Sections
 FAQ
 Top
 Info
 Feedback
 Recommend Us
 Search
 Journal
 Your Account



User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9145

People Online:
Visitors: 367
Members: 0
Total: 367
PacketStorm News
Currently there is a problem with headlines from this site
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> Fun corner -> Your Worst Security Blunder
Post new topic  Reply to topic View previous topic :: View next topic 
Your Worst Security Blunder
PostPosted: Sun May 23, 2004 10:16 am Reply with quote
icenix
Advanced user
Advanced user
 
Joined: May 13, 2004
Posts: 106
Location: Australia




Very Happy Embarassment time Very Happy
Feel Free to post your worst security blunders here, either first hand or that of a friend / colleague
Come on..Dont Be Shy Embarassed

_________________
=[WWW.WARAXE.US]=
-Forum Rules
View user's profile Send private message Send e-mail Visit poster's website MSN Messenger
Not Me
PostPosted: Sun May 23, 2004 10:17 am Reply with quote
icenix
Advanced user
Advanced user
 
Joined: May 13, 2004
Posts: 106
Location: Australia




Not anyone im even closely in contact to Razz
but check this out...

The night shift in a certain data center were getting bored one night. Of course they could not access any of the hard core porn on the net due to the corporate firewall rules.

But hang on, somebody realises that the data center is also a core node on our Internet backbone with several 9.6-GB feeds to it

So they head off down to a pair of very large and very expensive Juniper routers and patch into a spare gigabit ethernet port (this is a core internet transit router).

Next they build themselves a nice little proxy server and plug that in and from there route it back onto the corporate LAN.

You may have noticed that I didn't mention a firewall. Thats right. they didn't bother.

So for a few nights, they have the time of their lives surfing the darker side of the net and even help themselves to some spare space on a customers EMC storage array.

In 4 nights, they managed to use up half a terrabyte of storage with pictures, videos and mp3s

But then somebody notices during a routine security check that there is an unsecure web connection on the corporate LAN so the investigation starts.

So here we have guys who have the intelligence to configure a Juniper transit router, build themselves a proxy, configure this onto the corporate LAN and even reallocate an EMC storage array.

BUT

What they didn't do (and this is what got them sacked).

SWITCH OFF THE LOGGING ON THE PROXY

Just how much evidence did they think HR would need to sack them?

_________________
=[WWW.WARAXE.US]=
-Forum Rules
View user's profile Send private message Send e-mail Visit poster's website MSN Messenger
curiosity killed the computer
PostPosted: Wed Jul 20, 2005 3:23 pm Reply with quote
DragonHighLord
Regular user
Regular user
 
Joined: Jul 17, 2005
Posts: 7
Location: Montana




oh, i've got a doozy.
i feel realy stupid cause I actually did this, so, please don't laugh at me (at least not when i'm aroung lol).

about 8 months ago I bought this computer from a friend of mine, nice system (paid $600) AMD k7, Nvidia chip, Hercules Soundcard, Water cooled processor (had never seem one of those before). so I'm crusin along, checking out everything it can do (or that I can do with it) and i'm in BIOS, just checking it out, changing things around, and I figured well, as long as I don't save the changes when I exit everything cool. well that was my mistake, I acciently hit esit, and double tapped the enter key. Yup, Saved the changes and exited BIOS. I'm not sure if you understand how bad that sucked. Living In Montat with NO computer Services, no PC repairs, Not one to fix my little problem. took me a week to fix it by myself, literaly taking my comp[uter apart, checking manufactuer labels on the hardware, and damn near re-building the thing. But she runs fine now (months later) and the funny thing is, I actually learned a lot more about My PC, and PC's in general from my BIOS Nightmare.........
Still All in All, if you don't know much or PC's, i HIGHLY recomend not messing around with you systems BIOS........
P.S. I passworded my BIOS with a 15 charater password, I screwed it up big time, I don't want that to happen EVER again, especialy by someone else........................


DragonHighLord---------------------------- Cool
View user's profile Send private message Send e-mail MSN Messenger
PostPosted: Thu Jul 21, 2005 1:55 am Reply with quote
shai-tan
Valuable expert
Valuable expert
 
Joined: Feb 22, 2005
Posts: 477




Yeah my mate entered 127.0.0.1 into his own DoS exploit once trying to hack me at a LAN........ He never lived it down

_________________
Shai-tan

?In short: just say NO TO DRUGS, and maybe you won?t end up like the Hurd people.? -- Linus Torvalds
View user's profile Send private message
PostPosted: Wed Jul 23, 2008 1:08 pm Reply with quote
lenny
Valuable expert
Valuable expert
 
Joined: May 15, 2008
Posts: 275
Location: United Kingdom




I built myself a secure Debian server. I had done everything by the book, and I had almost finished. The aim (apart from practice) was to set up a secure internet-facing DMZ webserver. Being a student means no high-spec hardware/data-centers to play with and a simple 8mbps ADSL connection. Simple, but useful for my needs.
I had fully configured the OS and installed necessary patches etc, and all that remained was software. I installed all the various pieces of software and all related security patches etc and all was fine... until I started dealing with the FTP server. I needed to allow directory writing for the user that I would be hosting my files from. I had already copied most of my pages and scripts over to the /www directory, but the user didn't "own" any of the files, so i "chmod"ed them.

Ok, here is the blunder.
I used the command "Chmod 777 ./*"
Except I didnt. I forgot one very important character.
The actual command i used went along these lines: "Chmod /* 777"
Notice the differance? Yes, thats right. A single ".". So instead of allowing permission to just my web directory, I chmodded THE ENTIRE SERVER to 777 permissions! I could have died it was that stupid!
View user's profile Send private message
PostPosted: Thu Jul 24, 2008 2:01 am Reply with quote
gibbocool
Advanced user
Advanced user
 
Joined: Jan 22, 2008
Posts: 208




hahaha how long did it take you to notice?

_________________
http://www.gibbocool.com
View user's profile Send private message Visit poster's website
PostPosted: Thu Jul 24, 2008 12:16 pm Reply with quote
lenny
Valuable expert
Valuable expert
 
Joined: May 15, 2008
Posts: 275
Location: United Kingdom




I realised the second i pressed enter. Unfortunatley, Linux/UNIX is not designed for idiots and dont have the helpful (and annoying) windows-style "Are you sure?" prompts!
View user's profile Send private message
PostPosted: Fri Jul 25, 2008 1:23 am Reply with quote
gibbocool
Advanced user
Advanced user
 
Joined: Jan 22, 2008
Posts: 208




lol well that's nothing a quick ctrl+c wouldn't stop.

I have a security story..
A security course lecturer at my university said that he did a survey of my city to find the ratio of secure and unsecure wireless networks.

Outer suburbs he found:
40% of people had no wireless encryption
30% used WEP
30% use WPA (0% using 801.1)

Inner suburbs:
30% of people had no wireless encryption
40% used WEP
30% use WPA (0% using 801.1)

CBD:
30% had no wireless encryption
30% used WEP
40% use WPA (1% using 801.1)

Considering that it is possible to crack WEP in 60 seconds (including time to capture packets) it is ridiculous that so many businesses are insecure.


He then went on to say that he was hired by a large business to test the security of their wireless networks. He did this by sitting in his car with his laptop and driving around the business testing the wireless. While he found a few security problems with the wireless networks, he was most surprised to find that NOT ONE employee stopped to ask what a man sitting in a car with a laptop all day was doing.

_________________
http://www.gibbocool.com
View user's profile Send private message Visit poster's website
Your Worst Security Blunder
  www.waraxe.us Forum Index -> Fun corner
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 1  

  
  
 Post new topic  Reply to topic  




Powered by phpBB 2001-2008 phpBB Group






Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2020 Janek Vind "waraxe"
Page Generation: 0.076 Seconds