How the *^$µ
Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: How the *^$µ

  1. #1
    Senior Member Cemetric's Avatar
    Join Date
    Oct 2002
    Posts
    491

    How the *^$µ

    Question?

    How do I make my firm see that there security is worthless.

    Simle example (of many)

    The firm works for the city (police , hospitals and all kinds of city ordinances and yes even the mayor of the city)
    Now all these people have a email account which they can access through OWA ... this is where the fun starts.

    This page is reachable from the internet (no I want give you the address ) so everyone who works for any of these instances and wants to read his mail from home of wherever can do just that .

    This page runs on a server NT 4 sp 6 with exchange 5.5 (yeah I know) and on that same server is also an FTP ( you don't even wanna know what for) .

    Lately (the last 2 years) the firm has been very lucky ... no "real" hacker has ever attempted to break into the mailboxes (and believe me it would be very very easy for a guy to break in if he knows what he's doing let's say the users have easy passwords if you know what I'm saying).
    So the only problems we have lately is the crashing of the IIS this because of the many scriptkiddies (I think) who are learning to crack .

    This I know because of the logfiles (trying to log in with stupid usernames like "god" and "master ..please).

    Anyway ... I mentioned this "securityrisk" more then a few times to different bosses (yes we have lots and they all know nothing about the network).

    So if someone is interested in some mails from a mayor to ..lets say a policecommisionar (spelling?) ...drop by ...

    But seriously what can I do to make them understand that the network is an open book for someone who knows what he is doing. Should I hack it myself (naaah that's to easy and they won't believe it)


    Any suggestions are welcome.
    Back when I was a boy, we carved our own IC's out of wood.

  2. #2
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    UNDER NO CIRCUMSTANCES TRY IT YOURSELF!!!!!!!!

    Hell, we want to see the BAD guys in trouble?

    I would suggest education...........in their restaursnts...........canteens...........whatever?......................just show them a firewall bringing up alert messages?

    Gets them thinking?

  3. #3
    Senior Member Cemetric's Avatar
    Join Date
    Oct 2002
    Posts
    491
    Hmm.

    Interesting like say a seminar for them ... with slides of things that can happen .

    A doomscenario...

    That's not bad advice ...now why didn't I think of that ... now only convine them to come...

    not bad ...thanks.

    any more sugestions anyone ?
    Back when I was a boy, we carved our own IC's out of wood.

  4. #4
    HeadShot Master N1nja Cybr1d's Avatar
    Join Date
    Jul 2003
    Location
    Boston, MA
    Posts
    1,840
    Should I hack it myself (naaah that's to easy and they won't believe it)
    well aren't u a genious!??!

    Actually NO...


    You said you had logs showing hacking attemps at whatnot? Show those logs to the system admin or the person in charge. End of story. Thats the only thing you should do.

  5. #5
    Senior Member Cemetric's Avatar
    Join Date
    Oct 2002
    Posts
    491
    well aren't u a genious!??!
    It was ment sarcastically offcourse...

    Anyway I showed them the logfiles ...there reactions were all the same ..."nothing to worry about" ..but when the day comes and mail gets "stolen" or made public ...guess where they are gonna knock...

    I'm thinking about that seminar thing... maybe that will wake em up.
    Back when I was a boy, we carved our own IC's out of wood.

  6. #6
    HeadShot Master N1nja Cybr1d's Avatar
    Join Date
    Jul 2003
    Location
    Boston, MA
    Posts
    1,840
    and whom would be invited to the seminar?

  7. #7
    Senior Member
    Join Date
    Jun 2002
    Posts
    174
    ˇNo debe hacer nada! Si no le escuchan a ti, no es su responsibilidad. Aun, podría darles demonstración.

    If you want don't want people constantly looking over YOUR shoulder, suspecting YOU, rather than the possible attackers, I would not do anything behind their backs, even if only to prove a point. (And yes, those that know me can tell me I should follow my own advice.)
    I\'m back.

  8. #8
    Senior Member Cemetric's Avatar
    Join Date
    Oct 2002
    Posts
    491
    and whom would be invited to the seminar?
    I'm thinking everyone who is someone at the firm ... all the managers and clientresponsibles.

    Even maybe some of the clients (keyfigures) ..that would have impact .

    It could backfire ...I know ..but then again ... I probably won't stay in this firm much longer if they keep up their security at this level.
    Back when I was a boy, we carved our own IC's out of wood.

  9. #9
    HeadShot Master N1nja Cybr1d's Avatar
    Join Date
    Jul 2003
    Location
    Boston, MA
    Posts
    1,840
    the problem is not backfiring....the problem is letting everyone know where the holes are and putting the firm into further danger of attack.

  10. #10
    Senior Member Cemetric's Avatar
    Join Date
    Oct 2002
    Posts
    491
    That's very true ...

    So I won't be making it too public I guess ... I will have to think this trough .

    Thanks for the heads up guys.
    Back when I was a boy, we carved our own IC's out of wood.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •