[<prev] [next>] [day] [month] [year] [list]
Message-Id: <20080525154545.AAAC6D0324@mailserver10.hushmail.com>
Date: Sun, 25 May 2008 11:45:45 -0400
From: "Elazar Broad" <elazar@...hmail.com>
To: full-disclosure@...ts.grok.org.uk, pschmehl_lists@...rr.com
Subject: Re: Need some help with management
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Yup, CCEs and default configurations/passwords are definitely quite
common. The folks over at gnucitizen have been hitting on this for
some time with their work on the bt home hub...
Elazar
On Fri, 23 May 2008 12:16:45 -0400 Paul Schmehl
<pschmehl_lists@...rr.com> wrote:
>--On Friday, May 23, 2008 11:56:15 -0400 Elazar Broad
><elazar@...hmail.com>
>wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Its not even funny how often this happens. I have a friend who
>does
>> some consulting work for small businesses, and the amount of
>times
>> that he has come across medical practices that run their billing
>> and record keeping software on the same "fully-loaded" XP box
>that
>> their receptionist(s) use to download random crap...
>>
>
>Typical scenario - professor runs Windows XP with Skpe and Google
>Toolbar and a
>host of other "helpful" desktop applications - oh, but that's his
>"server" too
>- running IIS and mysql - default installs, mind you - replete
>with cross-site
>scripting and sql injection problems - and all his research with
>no backups -
>and then gets irate because his computer gets blocked at the
>switch port for
>policy violations.
>
>I could go on, but you get the idea.
>
>Why do they do it? Because they can - at least until we catch
>them.
>
>How many mysql installs do you think there are worldwide,
>listening on the
>default port, with "root@...alhost", "root@...N", "@localhost" and
>"@FQHN" all
>in the default state with no password?
>
>--
>Paul Schmehl
>As if it wasn't already obvious,
>my opinions are my own and not
>those of my employer.
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
-----BEGIN PGP SIGNATURE-----
Charset: UTF8
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 3.0
wpwEAQECAAYFAkg5iakACgkQi04xwClgpZghQgP9H9a9uQNzPe2O6RZ0IWJ4IAlMWRiH
A4S8uQ5WRA5IpwVtq5mbKPxjemXziyBPmeNbUQcOw0ommho9L+invuTr0JmgOlPlPDj/
+cShHRfnwyuQH+UJW4W6tYI7QTY7mw+KenGQ2/dcdeRDQdLXFeBs5CvemM9aQ1Lm4WY0
U8FoTgQ=
=SdpU
-----END PGP SIGNATURE-----
--
Click to create your dream holiday trip now.
http://tagline.hushmail.com/fc/Ioyw6h4eO7NyyZb6Q8LWimgLvmFKntEPFrRw2cnGZNjsjUAICHl7YU/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists