Full Disclosure mailing list archives
Re: Need some help with management
From: "Elazar Broad" <elazar () hushmail com>
Date: Sun, 25 May 2008 11:45:45 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Yup, CCEs and default configurations/passwords are definitely quite common. The folks over at gnucitizen have been hitting on this for some time with their work on the bt home hub... Elazar On Fri, 23 May 2008 12:16:45 -0400 Paul Schmehl <pschmehl_lists () tx rr com> wrote:
--On Friday, May 23, 2008 11:56:15 -0400 Elazar Broad <elazar () hushmail com> wrote:-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Its not even funny how often this happens. I have a friend whodoessome consulting work for small businesses, and the amount oftimesthat he has come across medical practices that run their billing and record keeping software on the same "fully-loaded" XP boxthattheir receptionist(s) use to download random crap...Typical scenario - professor runs Windows XP with Skpe and Google Toolbar and a host of other "helpful" desktop applications - oh, but that's his "server" too - running IIS and mysql - default installs, mind you - replete with cross-site scripting and sql injection problems - and all his research with no backups - and then gets irate because his computer gets blocked at the switch port for policy violations. I could go on, but you get the idea. Why do they do it? Because they can - at least until we catch them. How many mysql installs do you think there are worldwide, listening on the default port, with "root@localhost", "root@FQHN", "@localhost" and "@FQHN" all in the default state with no password? -- Paul Schmehl As if it wasn't already obvious, my opinions are my own and not those of my employer. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
-----BEGIN PGP SIGNATURE----- Charset: UTF8 Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 3.0 wpwEAQECAAYFAkg5iakACgkQi04xwClgpZghQgP9H9a9uQNzPe2O6RZ0IWJ4IAlMWRiH A4S8uQ5WRA5IpwVtq5mbKPxjemXziyBPmeNbUQcOw0ommho9L+invuTr0JmgOlPlPDj/ +cShHRfnwyuQH+UJW4W6tYI7QTY7mw+KenGQ2/dcdeRDQdLXFeBs5CvemM9aQ1Lm4WY0 U8FoTgQ= =SdpU -----END PGP SIGNATURE----- -- Click to create your dream holiday trip now. http://tagline.hushmail.com/fc/Ioyw6h4eO7NyyZb6Q8LWimgLvmFKntEPFrRw2cnGZNjsjUAICHl7YU/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Need some help with management, (continued)
- Re: Need some help with management Garrett M. Groff (May 22)
- Re: Need some help with management coderman (May 22)
- Re: Need some help with management Paul Schmehl (May 23)
- Re: Need some help with management Tremaine Lea (May 22)
- Re: Need some help with management Izaac (May 23)
- Re: Need some help with management Marcus Graf (May 23)
- Re: Need some help with management Castigliola, Angelo (May 23)
- Re: Need some help with management Jesse Bacon (May 23)
- Re: Need some help with management Elazar Broad (May 23)
- Re: Need some help with management Paul Schmehl (May 23)
- Re: Need some help with management Elazar Broad (May 25)