Re: What is the Worst Computer Security you have seen?

Probably the one being built somewhere right now by university professors.

Re: What is the Worst Computer Security you have seen?

Well I guess some University Professors are not smart!

Re: What is the Worst Computer Security you have seen?

This one is mine, from a USPS Post Office in a bank... you probably saw it a few theads back...
https://forum.defcon.org/showthread.php?t=9149

Re: What is the Worst Computer Security you have seen?

Oh Whoops I forgot about that one...

Re: What is the Worst Computer Security you have seen?

worst computer security I've seen was back in highschool.
The way the network operating system was set up (i think it was novell's netware)
was they wanted you to have access to the certain network drives, i think it was no more then 3 network drives, and you couldn't access the C:/ drive and obviously you weren't allowed to access 'innappropriate' web pages. We (my friends and I) were able to get to the C:\ and other networked drives through Microsoft word of all things. And I figured out how to set up a webproxy to allow us to get to websites we needed to use for personal email. But we knew the network admin and he trusted us, so he let us use it and he learned how to configure things so that they people wouldn't be able to use those services in the future. He let us help him with the network trouble shooting and such from then on. It was actually pretty cool of him, I thought.

Re: What is the Worst Computer Security you have seen?

I work for a telemarketing company and our call center supervisors' stations are often left unattended or just any employee occasionally allowed to "borrow the computer for a minute". Although these workstations don't have administrative privileges, one can access the network drives via open/save dialog boxes. There is a lot of sensitive information on our network. The possibility of identity theft is laughed at by my rather complacent IT coworkers who scoff and say "none of our employees are smart enough to be able to steal any info." It's a disaster waiting to happen.

Re: What is the Worst Computer Security you have seen?

The "pay for" internet kiosks at Shmoocon ;)

Re: What is the Worst Computer Security you have seen?


Seening how I mess around at night when coding, I tend to do a little open source research if you know what I mean. I cant really pin the "worse security" on anyone except for lazy programmers and network admins. I find nightly/daily about 6 RFI/lfi vulnerabilities. not using any scanners just me and google and you will be surprised how many doors that opens. :-)

Re: What is the Worst Computer Security you have seen?

Several years back, I worked Linux QA for a firm that developed home automation hardware. The MCP was a semi-embedded [volatile flash card plus on-board chips for the schizophrenic lose] Linux system which stored configurations and bussed signals around to the various hardware, be they audio controllers or dimming switches or home security systems. This in turn was plugged via Ethernet into the Internet to maintain a 'secure' monitoring/upgrade link to the firm's central server.

SSH and FTP ports were left open on this device, root password was 5 letters long and could be retrieved by uploading a new ftp daemon configuration file [easily enough discovered, as a scan reported which daemon and version it ran].

We told our customers to make sure they didn't have this plugged into a network with wireless enabled, but really, nobody's going to listen to that. End result, anyone driving by with a lick of curiosity could root an entire house. There were a number of other less gaping but more creative holes in the system, which they thanked me for writing bug reports on by laying me off because that was cheaper than fixing their system.

Perhaps not the 'worst' security per se, but one of the most irresponsible that I've worked with.

Re: What is the Worst Computer Security you have seen?

Ah yes, I remember that too. Open a new word document, "file:///C:/" becomes a hyperlink, and viola, hard drive.

Re: What is the Worst Computer Security you have seen?

:) yeah, that was it.

They where mostly worried about the internet thing, so we had to find other ways around it. Again, cool sysadmin so he wasn't too worried about us.
But, I digress...

Re: What is the Worst Computer Security you have seen?

Well, I've been waiting to see if anyone would state the obvious, but I guess no one's going to... here it is:


none.


At the business I work for, my boss is basically illiterate in Windows. Considering that we install POS computer systems for restaurants and the like, there are a lot of financial transactions going through the system. It's all local, so thankfully there's no way to get on them from the outside, but if someone plugged in a cat5 cable to one of the switches and knew a little about the program... bingo! Transaction logs etc are all stored in a shared folder. Identity theft much?

Re: What is the Worst Computer Security you have seen?

From the sounds of it, an Ethernet connection would be the least of the issues. I'd think you'd only need a U3 Switchblade or Hacksaw to wreck havoc on a lot of diners.

Re: What is the Worst Computer Security you have seen?

That's true. I'm new to the hacking thing, which is why I'm here, and I haven't had time to try out Switchblade and Hacksaw yet. From what I've read though, you're probably right. Tons of information goes over that network, and I'm sure those would work over the whole system pretty good. Pretty certain we'd be screwed...