Well I'm not sure I can compete with any of these but here's mine: Lets call it "Too Many Cooks Spoil the Security"
My first job in It was for a small start-up that was the brainstorm of three brothers. All PhD's, all brilliant programmers, and all typical brothers. I was hired as the only technical support person for the branch office here (aka the back room of the CEO's apartment). One morning I came in early to check the router since we were having issues with our multi-honed broadband connections (aka a Windows 2000 Server Beta with Routing and Remote Access on multiple personal DSL's lines and a 3Com NBX100 for VOIP - yeah it was as bad is sounds). Anyways I noted that we were fine but the site to site to the office in NJ seemed to be having issues. Specifically the T1's in NJ were jacked. After unsuccessfully trying call the system admin there, I managed to get a low level developer on the phone and walked him through some troubleshooting. Looked like someone enabled anonymous FTP on one of the IIS servers and the firewall was open. Someone had setup their warez shop and it had become very popular. After attempting to walk him through disabling it, etc... I just had him disconnect cables out of the routers. The Sysadmin arrived at the NJ office soon after and we fixed the issue. It seems one of the brothers decided to throw his newly ripped CD collection up on FTP a couple of nights before and flicked the switch on the IIS Server and Firewall. After that I began reading everything on the subject of security I could find. Tim On Thu, May 14, 2009 at 5:35 PM, Stephen Reese <[email protected]> wrote: > On Thu, May 14, 2009 at 2:30 PM, Paul Asadoorian <[email protected]> > wrote: > > All: > > > > I'd like to start a new thread where we all share our experiences on how > > we got into computer security. Specifically I want to hear about people > > whose boxes got hacked, and sparked a life-long career in infosec. > > > > I may use your story in an upcoming piece I am working on, if I do I > > will contact you off-list for permission and such. > > > > Larry, I know you got a good story here ;) > > > > Thanks! > > > > Cheers, > > Paul > > > > I was working for a university as an IT slave and setup an Oracle > instance because I had read about it in a course I was taking and > wanted to experiment. I shut down the machine after the course was > done. Several months after my experimenting I received a phone call > from the university senior security engineer (John Sawyer) asking what > we were using Oracle for. My initial response was nothing, little did > I know the machine had been powered back on by a colleague of mine > (communication fail) and the Oracle instance had been exploited > providing the attacker with full access to the box. Fail. Of course I > didn't have much of a clue at the time about what actually happened > from a technical standpoint but from there on out it was like 5K > questions about how, what and why security works. > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
