Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Paul Schmehl (pschmehl_liststx.rr.com)
Date: Fri May 23 2008 - 11:16:45 CDT
--On Friday, May 23, 2008 11:56:15 -0400 Elazar Broad <elazarhushmail.com>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> Its not even funny how often this happens. I have a friend who does
> some consulting work for small businesses, and the amount of times
> that he has come across medical practices that run their billing
> and record keeping software on the same "fully-loaded" XP box that
> their receptionist(s) use to download random crap...
Typical scenario - professor runs Windows XP with Skpe and Google Toolbar and a
host of other "helpful" desktop applications - oh, but that's his "server" too
- running IIS and mysql - default installs, mind you - replete with cross-site
scripting and sql injection problems - and all his research with no backups -
and then gets irate because his computer gets blocked at the switch port for
I could go on, but you get the idea.
Why do they do it? Because they can - at least until we catch them.
How many mysql installs do you think there are worldwide, listening on the
default port, with "rootlocalhost", "rootFQHN", "localhost" and "FQHN" all
in the default state with no password?
As if it wasn't already obvious,
my opinions are my own and not
those of my employer.
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/