Re: What is the Worst Computer Security you have seen?

I think in most places I've been. Malls, schools and even some government places. If anybody will conduct an audit, well I know some profitable places. Like here in Qatar, most establishment didn't recognized the importance of network security, some still uses wep encrypted network and some are worse, without any kind of protection. A perfect place for script kiddies to practice their little technical know how. Well, still I couldn't figure why those businesses invested a lot on up to date hardware stuff and yet haven't configure on maximum protection and compromising their security and operations.

Re: What is the Worst Computer Security you have seen?

I'm really not sure if you'd call this "bad security" or not. This guy was part of a military FOB network. Not too worried about it now as it was six years ago and the place doesn't exist any more. Any way, it sat in our break/ready room by the flightline, under the table with the coffee maker...

Linky thingy.

Re: What is the Worst Computer Security you have seen?

At least they verified who you were, though finding a breach that long after it occurred is a little bit disconcerting. I bet if there was a breach in my banking system it would be the same though. Small town banks probably don't have the kind of security that a big bank would. I know one of the IT guys at my bank though, used to teach at my high school. I guess that he might be on top of that kind of thing... at least they do have some security, the kind that locks you out after X attempts at login. I'll have to ask him what other types of security they use with that system to find out if something like this could happen to me too...

Re: What is the Worst Computer Security you have seen?

Worst security? it happened to me yesterday. I was unable to logon to my bank, it said that the credentials give (my password) and not sufficient to verify my identity, and to call them.

So I did. They were closed. M-F, 9-6 only. So I call at 10am. After a phone tree from hell, lousy music, and a few clicks, I get an operator who wants all this info I need to dig up like my ATM card number and stuff.

Then she wants my last 4 of my social, then last 4 of my license. Then my mother's maiden name, last deposit I made, last check I wrote, and so on. I cannot even ask a question because verifying me is of urgent concern. Funny, if it was that urgent they would be open at 3am when they locked me out of my account.

Now she says she is happy I am me, so she is deleting my online profile and passowrd and I need to pick a new one, for security. This completely horks up my Quicken accounting program as you cannot update your customer ID once an account is made. And of course since this is a completely new account and password, I write it down on a a stickie so I can remember it. Gah.

Now I get to talk. WHAT'S THE PROBLEM! Well she says, they noticed an attempted logon to my account from the IP address belonging to theplanet.com back on January 13th.

I'm stunned.

First off, 1/13 was a little while ago. I logon daily. Why did this supposed breach take over 60 days to detect? Second, what if it was me? I use ghostsurf and also run firefox off of an ironkey. Who knows what IP I will puport to be at any day of the week.

This is security?

Re: What is the Worst Computer Security you have seen?

Kwame Kilpatrick's cell phone. Will people ever learn..... Wire or OTA != Secret

xor

Re: What is the Worst Computer Security you have seen?

Under the keyboard? Hell, I've found it laminated to the top of the desk!!

Re: What is the Worst Computer Security you have seen?

Where was it you worked again? I'm kidding, I don't want to know.

I always like masking tape security. You know the admin password on a piece of tape under the keyboard.

Re: What is the Worst Computer Security you have seen?

That's true. I'm new to the hacking thing, which is why I'm here, and I haven't had time to try out Switchblade and Hacksaw yet. From what I've read though, you're probably right. Tons of information goes over that network, and I'm sure those would work over the whole system pretty good. Pretty certain we'd be screwed...

Re: What is the Worst Computer Security you have seen?

From the sounds of it, an Ethernet connection would be the least of the issues. I'd think you'd only need a U3 Switchblade or Hacksaw to wreck havoc on a lot of diners.

Re: What is the Worst Computer Security you have seen?

Well, I've been waiting to see if anyone would state the obvious, but I guess no one's going to... here it is:


none.


At the business I work for, my boss is basically illiterate in Windows. Considering that we install POS computer systems for restaurants and the like, there are a lot of financial transactions going through the system. It's all local, so thankfully there's no way to get on them from the outside, but if someone plugged in a cat5 cable to one of the switches and knew a little about the program... bingo! Transaction logs etc are all stored in a shared folder. Identity theft much?

Re: What is the Worst Computer Security you have seen?

:) yeah, that was it.

They where mostly worried about the internet thing, so we had to find other ways around it. Again, cool sysadmin so he wasn't too worried about us.
But, I digress...

Re: What is the Worst Computer Security you have seen?

Ah yes, I remember that too. Open a new word document, "file:///C:/" becomes a hyperlink, and viola, hard drive.

Re: What is the Worst Computer Security you have seen?

Several years back, I worked Linux QA for a firm that developed home automation hardware. The MCP was a semi-embedded [volatile flash card plus on-board chips for the schizophrenic lose] Linux system which stored configurations and bussed signals around to the various hardware, be they audio controllers or dimming switches or home security systems. This in turn was plugged via Ethernet into the Internet to maintain a 'secure' monitoring/upgrade link to the firm's central server.

SSH and FTP ports were left open on this device, root password was 5 letters long and could be retrieved by uploading a new ftp daemon configuration file [easily enough discovered, as a scan reported which daemon and version it ran].

We told our customers to make sure they didn't have this plugged into a network with wireless enabled, but really, nobody's going to listen to that. End result, anyone driving by with a lick of curiosity could root an entire house. There were a number of other less gaping but more creative holes in the system, which they thanked me for writing bug reports on by laying me off because that was cheaper than fixing their system.

Perhaps not the 'worst' security per se, but one of the most irresponsible that I've worked with.

Re: What is the Worst Computer Security you have seen?


Seening how I mess around at night when coding, I tend to do a little open source research if you know what I mean. I cant really pin the "worse security" on anyone except for lazy programmers and network admins. I find nightly/daily about 6 RFI/lfi vulnerabilities. not using any scanners just me and google and you will be surprised how many doors that opens. :-)

Re: What is the Worst Computer Security you have seen?

The "pay for" internet kiosks at Shmoocon ;)