Page 2 of 2

Re: Laughably terrible security practices

PostPosted: Wed Nov 21, 2012 5:57 pm
by not_essence2
LOL, I'm guessing that he thinks physical distance equates wireless distance in terms of difficulty to reach. Tell him about DNS servers and how they're located around the world.
Or, just proxy yourself at home and screw over the system. Although that might not be the best method, as history states, eh?

Re: Laughably terrible security practices

PostPosted: Wed Nov 21, 2012 9:22 pm
by Incursus626
I did a job for this insurance company, a simple system audit and adding a couple new computers to the domain.
They didn't know the passwords to any of their server or domain admin account. Only about 10% of the employees actually knew their email password, and about 50% percent of the employees had a partially completed and horribly outdated list of other persons passwords. Their server was so wide open that it had already been compromised and was a source of those god-awful annoying spam emails. I didn't even know where to start.

Re: Laughably terrible security practices

PostPosted: Thu Nov 22, 2012 7:43 am
by not_essence2
Wow, that's sad.

Re: Laughably terrible security practices

PostPosted: Thu Nov 29, 2012 9:13 pm
by mookalovesgloop
not_essence2 wrote:LOL, I'm guessing that he thinks physical distance equates wireless distance in terms of difficulty to reach. Tell him about DNS servers and how they're located around the world.
Or, just proxy yourself at home and screw over the system. Although that might not be the best method, as history states, eh?

believe me, i tried to explain as best i could without coming across condescending/like an asshole why this was a GIANT mistake...i was told to perfect my sales pitch to the point that i had perfected my computer knowledge....

your suggestion has ABSOLUTELY crossed my mind, but i won't...mostly cause i'm sure my n00bage will get me busted and besides, they still cut my check...it'd be just my luck that i break something not understanding what i'm doing and cause problems with pay distribution :|

peace and blessings
mooka

Re: Laughably terrible security practices

PostPosted: Mon Dec 31, 2012 4:21 am
by NoobAnonKS
At my old high school, we had a Novell network and every student and teacher had their own account with a randomly generated password. One day my account was banned for whatever reason and when my login wouldn't work, I pressed F1 for help. This opened up a windows explorer window, through which I had access to EVERYTHING. Tests, report cards, curriculums, you name it. I didn't do anything malicious though, but rather just used this flaw for internet access. Funny to think what I could have done though, had I been so inclined.

Re: Laughably terrible security practices

PostPosted: Mon Dec 31, 2012 1:08 pm
by mookalovesgloop
it kills me when schools/companies have all these state of the art security software and firewalls hooked up but then don't do something as simple as disable dev tools or the help panel, lol! :roll:

peace
mooka

Re: Laughably terrible security practices

PostPosted: Mon Dec 31, 2012 2:37 pm
by -Ninjex-
Talking about terrible security... The school that I graduated from 2 years ago had crap security.
They restricted acces to different drives and files, but you could still pop open firefox and view the files from the browser without bothering whatever security features they had. Needless to say, a lot of teachers had EOC answer keys in .pdf files. I also had direct access to the sam file. No wonder I graduated early.

Re: Laughably terrible security practices

PostPosted: Tue Jan 01, 2013 9:36 am
by NoobAnonKS
mookalovesgloop wrote:it kills me when schools/companies have all these state of the art security software and firewalls hooked up but then don't do something as simple as disable dev tools or the help panel, lol! :roll:

peace
mooka


I know, right? The best part is that I found that by pure accident. I guess that's why all the old-school hacking tuts advise to practice on your school network.

-- Tue Jan 01, 2013 3:42 pm --

mookalovesgloop wrote:it kills me when schools/companies have all these state of the art security software and firewalls hooked up but then don't do something as simple as disable dev tools or the help panel, lol! :roll:

peace
mooka


I know, right? The best part is that I found that by pure accident. I guess that's why all the old-school hacking tuts advise to practice on your school network.

Re: Laughably terrible security practices

PostPosted: Tue Jan 01, 2013 1:36 pm
by -Ninjex-
Yeah, and also how they don't turn on some features like UAC. I remember just for giggles, I made a batch file:

Code: Select all
start userpasswords2


Too easy!

Re: Laughably terrible security practices

PostPosted: Sun Jun 02, 2013 7:27 am
by replaceits
A school I used to go to did all of the grading online, the username was their name, and the pass word was thier initials and the last 4 digits of their teacher id number, all of which are on their teacher id which they HAVE to wear on their clothing with everything facing the front -facepalm- luckily I dont think anyone ever caught onto this and abused though