--On Friday, May 23, 2008 11:56:15 -0400 Elazar Broad <[EMAIL PROTECTED]> wrote:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Its not even funny how often this happens. I have a friend who does > some consulting work for small businesses, and the amount of times > that he has come across medical practices that run their billing > and record keeping software on the same "fully-loaded" XP box that > their receptionist(s) use to download random crap... > Typical scenario - professor runs Windows XP with Skpe and Google Toolbar and a host of other "helpful" desktop applications - oh, but that's his "server" too - running IIS and mysql - default installs, mind you - replete with cross-site scripting and sql injection problems - and all his research with no backups - and then gets irate because his computer gets blocked at the switch port for policy violations. I could go on, but you get the idea. Why do they do it? Because they can - at least until we catch them. How many mysql installs do you think there are worldwide, listening on the default port, with "[EMAIL PROTECTED]", "[EMAIL PROTECTED]", "@localhost" and "@FQHN" all in the default state with no password? -- Paul Schmehl As if it wasn't already obvious, my opinions are my own and not those of my employer. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
