--On Friday, May 23, 2008 11:56:15 -0400 Elazar Broad
<elazar () hushmail com>
wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Its not even funny how often this happens. I have a friend who
does
some consulting work for small businesses, and the amount of
times
that he has come across medical practices that run their billing
and record keeping software on the same "fully-loaded" XP box
that
their receptionist(s) use to download random crap...
Typical scenario - professor runs Windows XP with Skpe and Google
Toolbar and a
host of other "helpful" desktop applications - oh, but that's his
"server" too
- running IIS and mysql - default installs, mind you - replete
with cross-site
scripting and sql injection problems - and all his research with
no backups -
and then gets irate because his computer gets blocked at the
switch port for
policy violations.
I could go on, but you get the idea.
Why do they do it? Because they can - at least until we catch
them.
How many mysql installs do you think there are worldwide,
listening on the
default port, with "root () localhost", "root () FQHN", "@localhost" and
"@FQHN" all
in the default state with no password?
--
Paul Schmehl
As if it wasn't already obvious,
my opinions are my own and not
those of my employer.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
