Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Wow!!!, this is what i call a big mistake!!!

  1. #1
    Senior Member
    Join Date
    Nov 2002

    Wow!!!, this is what i call a big mistake!!!


    What a big mistake!!!

    Hack-proofing a website is hard enough. But the task becomes gargantuan when you accidentally publish the administrator's password on one of your site's most heavily trafficked pages.

    Such a security gaffe may have enabled unauthorized visitors to log in and gain access to files undetected for more than six months on a server operated by Carmichael Lynch, a public relations and advertising firm with several big-name clients. The admin password was inadvertently published on a page that contained online job postings.
    Full story here

    Will you fire the employee that did this??? hehe!!!


  2. #2
    Senior Member
    Join Date
    Nov 2002
    oops! it just goes to show that one of the many things ive learned through this site and others as well as the books ive been reading that the weakest link in a network are the people that run it.
    Don\'t be a bitch! Use Slackware.

  3. #3
    Webius Designerous Indiginous
    Join Date
    Mar 2002
    South Florida
    Umm.. Well If I were running the web publishing company, which hopefully in the next 3 to 4 months I will be, I personally plan to go over all of the pages before our clients get their hands on it. Its the design managers fault for not checking over the work of his/her employees. So in short, no I wouldn't.

  4. #4
    Speaking of stupidity (sorry Dad.. )....My Dad rang me @ 4:56 am the other day. I thought it was some kind of emergencey....instead he asks "What's the address for kazaa?".......

  5. #5
    Senior Member
    Join Date
    Aug 2001
    lol, how in the world to you "accidentally" post the password to the admin account on a website like that? I think this one deserves a little more looking in to from the Lynch folks.


    Ah I just read the article and I see that they were using FrontPage to create their html... lol seems FrontPage put in "unwanted code" to their pages which caused this problem. Yet another reason to use notepad instead


    El Diablo

  6. #6
    Senior Member
    Join Date
    Jan 2002
    I think that it is important (especially to the n00bs) to identify what other information can actually be obtained from such a mistake.

    1. The biggest, and most obvious, a username and password was posted on a publically available web page.
    2. You know the username format. So one can safely assume that all other login IDs for that server, if not the company are in the same format.
    3. The password, IMO wouldnt be considered strong, so one can also assume that that server does not have any password strength testing or auditing tools.

    But I have always said that it is alright to make mistakes, as long as you learn from the ones that you do make!

    Hopefully now people reading this now realise that an error such as this is not as cut-and-dry as disclosing a userid and password. You also disclosing a lot of other information that a hacker may find useful for their cause.

    [glowpurple]There were so many fewer questions when the stars where still just the holes to heaven - JJ[/glowpurple] [gloworange]I sure could use a vacation from this bull$hit, three ringed circus side show of freaks. - Tool. [/gloworange]

  7. #7
    Senior Member
    Join Date
    Dec 2002
    Wow that's a big oops. Lucky them that not many people knew about it. I wouldn't fire the guy, just give him a good yelling at :P.

    Oh and by the way...what would a hacker find good use for in a list of people and thier cars?

  8. #8
    Senior Member
    Join Date
    Oct 2002
    What the hell... How do you ACCIDENTALLY post the password? That's not even stupidity, he's way beyond that. This just goes to show that it doesn't always take knowledge for a hacker to break into something, the stupidity (or whatever this case may be) of the user can be the key to it.
    Space For Rent.. =]

  9. #9
    Antionline Herpetologist
    Join Date
    Aug 2001
    That guy would get fired from my company if I checked the logs and found that confidential information had been leaked. Otherwise, he'd get a major yelling and maybe a pay cut.
    Buy the Snakes of India book, support research and education (sorry the website has been discontinued)
    My blog: http://biology000.blogspot.com

  10. #10
    Old Fart
    Join Date
    Jun 2002
    Seems to me that this would bear close scrutiny before any action is taken. If the employee has a good record and the "mistake" was made at the end of a 12 or 15 hour day or just under the wire of an intensly important deadline, then it COULD be viewed as an honest (albeit stupid) mistake. In that case, a reprimand and a "probationary" period would suffice. If it was due to incompetence, a demotion and possible suspension w/o pay would probably address the issue. However, if the employee has had previous "indiscretions", ie insubordination, resistance to working in a team enviroment, problems with upper management, etc., then the possibility that a malicious act was committed does exist and would justify termination. Just my .02 worth.
    It isn't paranoia when you KNOW they're out to get you...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts