Getting Your Start Because You Got Hacked

[rsreese at gmail.com (Stephen Reese)]

On Thu, May 14, 2009 at 2:30 PM, Paul Asadoorian <paul at pauldotcom.com> wrote:
> All:
>
> I'd like to start a new thread where we all share our experiences on how
> we got into computer security. ?Specifically I want to hear about people
> whose boxes got hacked, and sparked a life-long career in infosec.
>
> I may use your story in an upcoming piece I am working on, if I do I
> will contact you off-list for permission and such.
>
> Larry, I know you got a good story here ;)
>
> Thanks!
>
> Cheers,
> Paul

I was working for a university as an IT slave and setup an Oracle
instance because I had read about it in a course I was taking and
wanted to experiment. I shut down the machine after the course was
done. Several months after my experimenting I received a phone call
from the university senior security engineer (John Sawyer) asking what
we were using Oracle for. My initial response was nothing, little did
I know the machine had been powered back on by a colleague of mine
(communication fail) and the Oracle instance had been exploited
providing the attacker with full access to the box. Fail. Of course I
didn't have much of a clue at the time about what actually happened
from a technical standpoint but from there on out it was like 5K
questions about how, what and why security works.