Getting Your Start Because You Got Hacked

[danny.howerton at gmail.com (Dan Howerton)]

I got my start a little differently than actually getting hacked and I have
Paul, Larry, and Twitchy to thank for getting into Computer Security. About
two and a half years ago I was coming out of high school and I knew I wanted
to start studying computer networks. About a month or two out of high school
someone introduced me to a Podcast  about security with Leo from techtv so I
gave it a shot. It was ok but I thought to myself there has got to be
something more hardcore and technical than this so I started scouring the
web. One of the very first ones I came across was PDC. I downloaded a few
eppisodes and was hooked immediatly and knew that this is what I wanted to
do for a living. I have since been a dedicated listener and fan and am
currently working in a pretty small MSS team for a fairly large company and
I only have pauldotcom and the pauldotcom community to thank for it.


On Thu, May 14, 2009 at 1:02 PM, Jason Wood <tadaka at gmail.com> wrote:

> This happened back when I was a jr sysadmin at a fairly large dotcom.  My
> wife and I were having a party at our house with several of our friends when
> my cell phone went off.  Sure enough, it was the NOC saying that this one
> web server kept running out of disk space and they couldn't figure out why.
> The operator had cleared out all the temp files he could find, removed a
> number of web server logs and some other stuff.  Disk space dropped for
> about 30 minutes and then climbed back up over 90%.
>
> My computer was in the living room, so in the middle of the party I logged
> into this server and started poking around.  First order of business was to
> figure out where the most disk space was being chewed up.
> C:\inetpub\ftproot was the culprit.  I looked around the file system and
> found video games, music files, warez, etc all over the place.  I checked
> the FTP config and saw that it was a default setup with no relation to the
> function of the web server.  Anonymous access had full read/write.  At this
> point, I was cracking up and asking people at the party if anyone wanted the
> latest Britney Spears album.  I had 3-4 people crowded around my PC to watch
> what was going on.
>
> I uninstalled the FTP service, cleaned up the disk space and looked at the
> FTP logs.  Sure enough, the server had been idle on FTP for weeks, then got
> discovered.  In 2 days it went from unknown to very popular.  It also didn't
> hurt that there were multiple OC3s coming into the environment.  The users
> of the site must have been having a field day.
>
> Wait, I hear people asking, shouldn't the firewall have blocked the FTP
> connections?  Well, not if it is set to allow FTP inbound to all servers.
> That later got changed too.
>
> Anyhow, it was a completely hilarious experience, particularly since I
> didn't setup the server so my pride wasn't at stake.  ;-)
>
>
>
>
> On Thu, May 14, 2009 at 12:43 PM, Joshua Wright <jwright at hasborg.com>wrote:
>
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > I was working for Johnson & Wales University and we had a Citrix server
> > running on NT 3.51.  I was one of the first people who got a cable-modem
> > at home from Cox Communications, and it rocked!  It rocked so much,
> > someone else on the LAN discovered my workgroup and host, and connected
> > to an unprotected share on my Windows 98 machine where he grabbed the
> > .ica file with a stored password to the Citrix server.  He called me at
> > home to let me know how r00ted I was, after getting my home phone number
> > from my wife's resume.doc file.
> >
> > Yeah, it was pretty painful, but it was my motivator to get into
> > infosec.  "Wow, that sucks, but at the same time, it's so awesome too"
> > is the best way I can describe it.
> >
> > Years later we bumped into each other in Providence, and he told me how
> > he's been watching my career since he called me that first time.  I
> > thanked him for his help. :)
> >
> > - -Josh
> >
> > Paul Asadoorian wrote:
> > > All:
> > >
> > > I'd like to start a new thread where we all share our experiences on how
> > > we got into computer security.  Specifically I want to hear about people
> > > whose boxes got hacked, and sparked a life-long career in infosec.
> > >
> > > I may use your story in an upcoming piece I am working on, if I do I
> > > will contact you off-list for permission and such.
> > >
> > > Larry, I know you got a good story here ;)
> > >
> > > Thanks!
> > >
> > > Cheers,
> > > Paul
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.4.9 (MingW32)
> >
> > iEYEARECAAYFAkoMZm0ACgkQapC4Te3oxYy3FQCfR0ziVWtWs9aNzRi4+0UbWgEy
> > uC8An3st451iUrFsaZu1nLEWXN+WU3a7
> > =+LQ1
> > -----END PGP SIGNATURE-----
> > _______________________________________________
> > Pauldotcom mailing list
> > Pauldotcom at mail.pauldotcom.com
> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > Main Web Site: http://pauldotcom.com
>
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com



-- 
Dan Howerton
http://metacortexsecurity.com
GPG key: 10F5DDA5
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090514/62a6d542/attachment.htm