Cisco machine gets listed by blackhat org that rents out hacked PCs

[InfoSec News <alerts () infosecnews org>]

http://arstechnica.com/security/2012/10/cisco-machine-gets-listed-by-blackhat-org-that-rents-out-hacked-pcs/

By Dan Goodin
Ars Technica
Oct 22, 2012

A computer running inside the corporate network of Cisco Systems is one 
of about 17,000 machines that is being rented out to online miscreants 
looking to get a foothold inside Fortune 500 companies, according to a 
published report.

The Windows Server 2003 system uses Microsoft's Remote Desktop Protocol 
so it can be remotely accessed by anyone with the login credentials. 
It's listed on Dedicatexpress.com, a service that allows anyone in the 
world to access hacked computers at specific organizations, 
KrebsonSecurity reported. Remarkably, the username for the box is 
"Cisco" and the corresponding password is—you guessed it—"Cisco."

"Businesses often turn on RDP for server and desktop systems that they 
wish to use remotely, but if they do so using a username and password 
that is easily guessed, those systems will soon wind up for sale on 
services like this one," reporter Brian Krebs wrote.

[...]

______________________________________________
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
http://www.shopinfosecnews.org