Getting Your Start Because You Got Hacked

[gbugbear at gmail.com (Tim Mugherini)]

Well I'm not sure I can compete with any of these but here's mine:

Lets call it "Too Many Cooks Spoil the Security"

My first job in It was for a small start-up that was the brainstorm of three
brothers. All PhD's, all brilliant programmers, and all typical brothers. I
was hired as the only technical support person for the branch office here
(aka the back room of the CEO's apartment).

One morning I came in early to check the router since we were having issues
with our multi-honed broadband connections (aka a Windows 2000 Server Beta
with Routing and Remote Access on multiple personal DSL's lines and a 3Com
NBX100 for VOIP - yeah it was as bad is sounds).

Anyways I noted that we were fine but the site to site to the office in NJ
seemed to be having issues. Specifically the T1's in NJ were jacked. After
unsuccessfully trying call the system admin there, I managed to get a low
level developer on the phone and walked him through some troubleshooting.
Looked like someone enabled anonymous FTP on one of the IIS servers and the
firewall was open. Someone had setup their warez shop and it had become very
popular.

After attempting to walk him through disabling it, etc... I just had him
disconnect cables out of the routers. The Sysadmin arrived at the NJ office
soon after and we fixed the issue. It seems one of the brothers decided to
throw his newly ripped CD collection up on FTP a couple of nights before and
flicked the switch on the IIS Server and Firewall.

After that I began reading everything on the subject of security I could
find.


Tim

On Thu, May 14, 2009 at 5:35 PM, Stephen Reese <rsreese at gmail.com> wrote:

> On Thu, May 14, 2009 at 2:30 PM, Paul Asadoorian <paul at pauldotcom.com>
> wrote:
> > All:
> >
> > I'd like to start a new thread where we all share our experiences on how
> > we got into computer security.  Specifically I want to hear about people
> > whose boxes got hacked, and sparked a life-long career in infosec.
> >
> > I may use your story in an upcoming piece I am working on, if I do I
> > will contact you off-list for permission and such.
> >
> > Larry, I know you got a good story here ;)
> >
> > Thanks!
> >
> > Cheers,
> > Paul
>
> I was working for a university as an IT slave and setup an Oracle
> instance because I had read about it in a course I was taking and
> wanted to experiment. I shut down the machine after the course was
> done. Several months after my experimenting I received a phone call
> from the university senior security engineer (John Sawyer) asking what
> we were using Oracle for. My initial response was nothing, little did
> I know the machine had been powered back on by a colleague of mine
> (communication fail) and the Oracle instance had been exploited
> providing the attacker with full access to the box. Fail. Of course I
> didn't have much of a clue at the time about what actually happened
> from a technical standpoint but from there on out it was like 5K
> questions about how, what and why security works.
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090514/a9c6031b/attachment.htm