lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 23 May 2008 11:16:45 -0500 From: Paul Schmehl <pschmehl_lists@...rr.com> To: full-disclosure@...ts.grok.org.uk Subject: Re: Need some help with management --On Friday, May 23, 2008 11:56:15 -0400 Elazar Broad <elazar@...hmail.com> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Its not even funny how often this happens. I have a friend who does > some consulting work for small businesses, and the amount of times > that he has come across medical practices that run their billing > and record keeping software on the same "fully-loaded" XP box that > their receptionist(s) use to download random crap... > Typical scenario - professor runs Windows XP with Skpe and Google Toolbar and a host of other "helpful" desktop applications - oh, but that's his "server" too - running IIS and mysql - default installs, mind you - replete with cross-site scripting and sql injection problems - and all his research with no backups - and then gets irate because his computer gets blocked at the switch port for policy violations. I could go on, but you get the idea. Why do they do it? Because they can - at least until we catch them. How many mysql installs do you think there are worldwide, listening on the default port, with "root@...alhost", "root@...N", "@localhost" and "@FQHN" all in the default state with no password? -- Paul Schmehl As if it wasn't already obvious, my opinions are my own and not those of my employer. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists