Waraxe IT Security Portal
Login or Register
October 5, 2024
Menu
Home
Logout
Discussions
Forums
Members List
IRC chat
Tools
Base64 coder
MD5 hash
CRC32 checksum
ROT13 coder
SHA-1 hash
URL-decoder
Sql Char Encoder
Affiliates
y3dips ITsec
Md5 Cracker
User Manuals
AlbumNow
Content
Content
Sections
FAQ
Top
Info
Feedback
Recommend Us
Search
Journal
Your Account
User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144

People Online:
Visitors: 70
Members: 0
Total: 70
Full disclosure
Some SIM / USIM card security (and ecosystem) info
SEC Consult SA-20240930-0 :: Local Privilege Escalation via MSI Installer in Nitro PDF Pro (CVE-2024-35288)
Backdoor.Win32.Benju.a / Unauthenticated Remote CommandExecution
Backdoor.Win32.Prorat.jz / Remote Stack Buffer Overflow (SEH)
Backdoor.Win32.Amatu.a / Remote Arbitrary File Write (RCE)
Backdoor.Win32.Agent.pw / Remote Stack Buffer Overflow (SEH)
Backdoor.Win32.Boiling / Remote Command Execution
Defense in depth -- the Microsoft way (part 88): a SINGLEcommand line shows about 20, 000 instances of CWE-73
SEC Consult SA-20240925-0 :: Uninstall Password Bypass in BlackBerry CylanceOPTICS Windows Installer Package (CVE-2024-35214)
Apple iOS 17.2.1 - Screen Time Passcode Retrieval (MitigationBypass)
CyberDanube Security Research 20240919-0 | Multiple Vulnerabilities in Netman204
Submit Exploit CVE-2024-42831
Stored XSS in "Edit Profile" - htmlyv2.9.9
Stored XSS in "Menu Editor" - htmlyv2.9.9
Backdoor.Win32.BlackAngel .13 / Unauthenticated Remote CommandExecution
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> Fun corner -> Your Worst Security Blunder
Post new topicReply to topic View previous topic :: View next topic
Your Worst Security Blunder
PostPosted: Sun May 23, 2004 10:16 am Reply with quote
icenix
Advanced user
Advanced user
Joined: May 13, 2004
Posts: 106
Location: Australia




Very Happy Embarassment time Very Happy
Feel Free to post your worst security blunders here, either first hand or that of a friend / colleague
Come on..Dont Be Shy Embarassed

_________________
=[WWW.WARAXE.US]=
-Forum Rules
View user's profile Send private message Send e-mail Visit poster's website MSN Messenger
Not Me
PostPosted: Sun May 23, 2004 10:17 am Reply with quote
icenix
Advanced user
Advanced user
Joined: May 13, 2004
Posts: 106
Location: Australia




Not anyone im even closely in contact to Razz
but check this out...

The night shift in a certain data center were getting bored one night. Of course they could not access any of the hard core porn on the net due to the corporate firewall rules.

But hang on, somebody realises that the data center is also a core node on our Internet backbone with several 9.6-GB feeds to it

So they head off down to a pair of very large and very expensive Juniper routers and patch into a spare gigabit ethernet port (this is a core internet transit router).

Next they build themselves a nice little proxy server and plug that in and from there route it back onto the corporate LAN.

You may have noticed that I didn't mention a firewall. Thats right. they didn't bother.

So for a few nights, they have the time of their lives surfing the darker side of the net and even help themselves to some spare space on a customers EMC storage array.

In 4 nights, they managed to use up half a terrabyte of storage with pictures, videos and mp3s

But then somebody notices during a routine security check that there is an unsecure web connection on the corporate LAN so the investigation starts.

So here we have guys who have the intelligence to configure a Juniper transit router, build themselves a proxy, configure this onto the corporate LAN and even reallocate an EMC storage array.

BUT

What they didn't do (and this is what got them sacked).

SWITCH OFF THE LOGGING ON THE PROXY

Just how much evidence did they think HR would need to sack them?

_________________
=[WWW.WARAXE.US]=
-Forum Rules
View user's profile Send private message Send e-mail Visit poster's website MSN Messenger
curiosity killed the computer
PostPosted: Wed Jul 20, 2005 3:23 pm Reply with quote
DragonHighLord
Regular user
Regular user
Joined: Jul 17, 2005
Posts: 7
Location: Montana




oh, i've got a doozy.
i feel realy stupid cause I actually did this, so, please don't laugh at me (at least not when i'm aroung lol).

about 8 months ago I bought this computer from a friend of mine, nice system (paid $600) AMD k7, Nvidia chip, Hercules Soundcard, Water cooled processor (had never seem one of those before). so I'm crusin along, checking out everything it can do (or that I can do with it) and i'm in BIOS, just checking it out, changing things around, and I figured well, as long as I don't save the changes when I exit everything cool. well that was my mistake, I acciently hit esit, and double tapped the enter key. Yup, Saved the changes and exited BIOS. I'm not sure if you understand how bad that sucked. Living In Montat with NO computer Services, no PC repairs, Not one to fix my little problem. took me a week to fix it by myself, literaly taking my comp[uter apart, checking manufactuer labels on the hardware, and damn near re-building the thing. But she runs fine now (months later) and the funny thing is, I actually learned a lot more about My PC, and PC's in general from my BIOS Nightmare.........
Still All in All, if you don't know much or PC's, i HIGHLY recomend not messing around with you systems BIOS........
P.S. I passworded my BIOS with a 15 charater password, I screwed it up big time, I don't want that to happen EVER again, especialy by someone else........................


DragonHighLord---------------------------- Cool
View user's profile Send private message Send e-mail MSN Messenger
PostPosted: Thu Jul 21, 2005 1:55 am Reply with quote
shai-tan
Valuable expert
Valuable expert
Joined: Feb 22, 2005
Posts: 477




Yeah my mate entered 127.0.0.1 into his own DoS exploit once trying to hack me at a LAN........ He never lived it down

_________________
Shai-tan

?In short: just say NO TO DRUGS, and maybe you won?t end up like the Hurd people.? -- Linus Torvalds
View user's profile Send private message
PostPosted: Wed Jul 23, 2008 1:08 pm Reply with quote
lenny
Valuable expert
Valuable expert
Joined: May 15, 2008
Posts: 275




I built myself a secure Debian server. I had done everything by the book, and I had almost finished. The aim (apart from practice) was to set up a secure internet-facing DMZ webserver. Being a student means no high-spec hardware/data-centers to play with and a simple 8mbps ADSL connection. Simple, but useful for my needs.
I had fully configured the OS and installed necessary patches etc, and all that remained was software. I installed all the various pieces of software and all related security patches etc and all was fine... until I started dealing with the FTP server. I needed to allow directory writing for the user that I would be hosting my files from. I had already copied most of my pages and scripts over to the /www directory, but the user didn't "own" any of the files, so i "chmod"ed them.

Ok, here is the blunder.
I used the command "Chmod 777 ./*"
Except I didnt. I forgot one very important character.
The actual command i used went along these lines: "Chmod /* 777"
Notice the differance? Yes, thats right. A single ".". So instead of allowing permission to just my web directory, I chmodded THE ENTIRE SERVER to 777 permissions! I could have died it was that stupid!
View user's profile Send private message
PostPosted: Thu Jul 24, 2008 2:01 am Reply with quote
gibbocool
Advanced user
Advanced user
Joined: Jan 22, 2008
Posts: 208




hahaha how long did it take you to notice?

_________________
http://www.gibbocool.com
View user's profile Send private message Visit poster's website
PostPosted: Thu Jul 24, 2008 12:16 pm Reply with quote
lenny
Valuable expert
Valuable expert
Joined: May 15, 2008
Posts: 275




I realised the second i pressed enter. Unfortunatley, Linux/UNIX is not designed for idiots and dont have the helpful (and annoying) windows-style "Are you sure?" prompts!
View user's profile Send private message
PostPosted: Fri Jul 25, 2008 1:23 am Reply with quote
gibbocool
Advanced user
Advanced user
Joined: Jan 22, 2008
Posts: 208




lol well that's nothing a quick ctrl+c wouldn't stop.

I have a security story..
A security course lecturer at my university said that he did a survey of my city to find the ratio of secure and unsecure wireless networks.

Outer suburbs he found:
40% of people had no wireless encryption
30% used WEP
30% use WPA (0% using 801.1)

Inner suburbs:
30% of people had no wireless encryption
40% used WEP
30% use WPA (0% using 801.1)

CBD:
30% had no wireless encryption
30% used WEP
40% use WPA (1% using 801.1)

Considering that it is possible to crack WEP in 60 seconds (including time to capture packets) it is ridiculous that so many businesses are insecure.


He then went on to say that he was hired by a large business to test the security of their wireless networks. He did this by sitting in his car with his laptop and driving around the business testing the wireless. While he found a few security problems with the wireless networks, he was most surprised to find that NOT ONE employee stopped to ask what a man sitting in a car with a laptop all day was doing.

_________________
http://www.gibbocool.com
View user's profile Send private message Visit poster's website
Your Worst Security Blunder
www.waraxe.us Forum Index -> Fun corner
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT
Page 1 of 1

Post new topicReply to topic


Powered by phpBB © 2001-2008 phpBB Group



Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2024 Janek Vind "waraxe"
Page Generation: 0.043 Seconds