Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > I have been asked to leave the company for having spotted serious security breaches

Reply
Thread Tools

I have been asked to leave the company for having spotted serious security breaches

 
 
winged
Guest
Posts: n/a
 
      02-06-2005
Martin wrote:
> Curious George wrote:
>
>> Its not the kids. The kids are dead easy to get on board. Indeed, if
>> you take a few kids and tell them to help you check out your security,
>> you would have to put up gates. But that is not the case in schools -
>> forget about the fact that if you take a curious young mind that is
>> having problems with something like math and put them to work on
>> complex algos or something of the sort. . . doing that is akin to
>> asking them to sell coke and people would be fired. Actually, if you
>> pick up a copy of 2600 you will see a whole section dedicated to what
>> some kids go through in schools. Hell, if a kid found a security hole
>> and it were up to me, I would pin a medal on him or her. If its up to
>> school administration, they would have the kid expelled.

>
>
> Just a quicky on this one...
>
> When I was at university a group of us were a little into cracking
> rather than hacking. Combining the two was a little dangerous....
>
> Well, we didn't know what the outcome would be of a tiny little patch we
> engineered the ops to install on the mainframe (we're going back to 1989
> here). It gave us admin rights on the local mainframe, also gave us
> admin rights on every networked mainframe connected to it - the North
> West Computer Network.
>
> Anyway, we had a little play across the system, ran a few D&D games that
> kind of thing, but it kind of crashed. As in took down all the
> mainframes on the network. After a couple of weeks it was fixed and we
> had the biggest *******ing I've ever had from our Computer Centre
> manager. No we didn't get thrown off the course.
>
> The funny part was that the shift leader who was on when it all went
> pear shaped (about midnight when we usually played a little) also gave
> us a bollicking. But she said something along the lines of, ok, it was
> funny and amusing, but if you ever do anything like that again, on my
> shift, I'll castrate you! We believed her!
>
> We live and learn. Hell we were there to learn about computers and that
> was a good lesson.
>
>>
>>

We had a VMS system where if one followed a page down immediately with
an <sec> char it would drop you to Root. The flaw was across the system
but very few were aware of the vulnerability. I am not sure if they
ever got that problem fixed but it almost got me fired when I brought it
to their attention. The gods were a bit miffed at my discovery even
though I had never tried to exploit it.

Winged
 
Reply With Quote
 
 
 
 
johnydeath
Guest
Posts: n/a
 
      02-06-2005
Leythos wrote:
> On Sat, 05 Feb 2005 09:21:53 +0000, johnydeath wrote:
>
>
>>Leythos wrote:
>>
>>>On Fri, 04 Feb 2005 18:03:24 -0500, Stephen K. Gielda wrote:
>>>
>>>
>>>
>>>>Picture this, you are tasked with creating a wireless "kiosk" where
>>>>anyone on any device, can connect to get to a directory. The design is
>>>>deliberately wide open, the net is segragated from anything important,
>>>>it's supposed to allow anyone within range to be able to connect. Now
>>>>someone who works for you tells you this is bad, that it's open. You
>>>>say you know and explain that it is deliberate. This person doesn't
>>>>like that answer, posts to usenet groups (extreme crossposts), and goes
>>>>over your head to complain to your bosses. Everyone involved is going
>>>>to tell this person to go look for another job.
>>>
>>>
>>>Many airports in the USA have free wireless in the terminals for use by
>>>anyone near enough.
>>>

>>
>>
>>changing the point slightly because of this comment - my concern would
>>be that everyone in the terminals, Starbucks or whatever place it may be
>>are all going to be interconnected.
>>
>>I would be more interested in doing a ping sweep and some enumeration on
>>the local wireless net rather than internet surfing - much more
>>enjoyable, now to buy a house within the footprint!

>
>
> that's why people with wireless should be running a personal firewall on
> their systems - I use Kerio or Tiny depending on the laptop and never have
> a problem in the terminals.
>


gonna guarantee they all do ??
 
Reply With Quote
 
 
 
 
Leythos
Guest
Posts: n/a
 
      02-06-2005
On Sun, 06 Feb 2005 21:55:33 +0000, johnydeath wrote:

> Leythos wrote:
>> On Sat, 05 Feb 2005 09:21:53 +0000, johnydeath wrote:
>>
>>
>>>Leythos wrote:
>>>
>>>>On Fri, 04 Feb 2005 18:03:24 -0500, Stephen K. Gielda wrote:
>>>>
>>>>
>>>>
>>>>>Picture this, you are tasked with creating a wireless "kiosk" where
>>>>>anyone on any device, can connect to get to a directory. The design is
>>>>>deliberately wide open, the net is segragated from anything important,
>>>>>it's supposed to allow anyone within range to be able to connect. Now
>>>>>someone who works for you tells you this is bad, that it's open. You
>>>>>say you know and explain that it is deliberate. This person doesn't
>>>>>like that answer, posts to usenet groups (extreme crossposts), and goes
>>>>>over your head to complain to your bosses. Everyone involved is going
>>>>>to tell this person to go look for another job.
>>>>
>>>>
>>>>Many airports in the USA have free wireless in the terminals for use by
>>>>anyone near enough.
>>>>
>>>
>>>
>>>changing the point slightly because of this comment - my concern would
>>>be that everyone in the terminals, Starbucks or whatever place it may be
>>>are all going to be interconnected.
>>>
>>>I would be more interested in doing a ping sweep and some enumeration on
>>>the local wireless net rather than internet surfing - much more
>>>enjoyable, now to buy a house within the footprint!

>>
>>
>> that's why people with wireless should be running a personal firewall on
>> their systems - I use Kerio or Tiny depending on the laptop and never have
>> a problem in the terminals.

>
> gonna guarantee they all do ??


I don't that that comment makes sense - of course they don't all run
personal firewalls, that's how come we stay in business getting new
corporate clients

--
http://www.velocityreviews.com/forums/(E-Mail Removed)
remove 999 in order to email me

 
Reply With Quote
 
Phillip Windell
Guest
Posts: n/a
 
      02-07-2005
"Bill Unruh" <(E-Mail Removed)> wrote in message
news:cu0cip$l16$(E-Mail Removed)...

> They did not fire him. They suggested that maybe it was time he looked
> elsewhere. Whether that was said in the heat of the momemt (from the

posts,
> things were heated) or was a considered response, we do not know.


Ok, I see, I assumed he meant he was fired. But I stick to the same general
point just the same.

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com


 
Reply With Quote
 
Phillip Windell
Guest
Posts: n/a
 
      02-07-2005
"Patrick J. LoPresti" <(E-Mail Removed)> wrote in message
news:s5gk6po9e2h.fsf@patl=users.sf.net...
> "William Stacey [MVP]" <(E-Mail Removed)> writes:


> Well, yes and no. Once he brought the issue to his boss's attention
> and she made up her mind to ignore it, the responsibility for any
> resulting problem was hers, not his.


In a perfect world maybe, or may if he's lucky in a court of law. But that
wouldn't stop her from dumping it on him anyway when something goes
wrong,...it would still be [as far as she is concerned] "his fault" because
people like that don't eccept responsibility for the actions and choices if
they can push it "downhill" to someone below them,...especially if there is
negative "history" between them as there would be in this case.


--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com


 
Reply With Quote
 
Skorpion
Guest
Posts: n/a
 
      02-09-2005
Phillip Windell regaled us with the following:

>
> In a perfect world maybe, or may if he's lucky in a court of law. But
> that wouldn't stop her from dumping it on him anyway when something goes
> wrong,...it would still be [as far as she is concerned] "his fault"
> because people like that don't eccept responsibility for the actions and
> choices if they can push it "downhill" to someone below them,...especially
> if there is negative "history" between them as there would be in this
> case.
>
>


Which is why you document any and every conversation you have; something
that creates a paper trail that proves "she" had prior knowledge and that
prior knowledge was provided by "him"...

Documentation can be as simple as an email that bullets the highlights of
the conversation under the heading "this is what I took away from our
conversation... does this seem correct to you?".

--
Skorpion [skorpion at suespammers dot org]
"Don't attribute to malice that which can be adequately explained by
stupidity."

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Security Breaches Pandemic - Deloitte Touche 2006 Global Security Survey docbook.xml@gmail.com Computer Security 12 06-28-2006 05:50 PM
UK.gov pioneers secure Linux to contain breaches Au79 Computer Support 3 04-29-2006 11:45 AM
New US legislation to force companies to protect data and report breaches Imhotep Computer Security 0 10-08-2005 03:30 AM
getting canned for finding security breaches Curious George Wireless Networking 2 02-04-2005 12:54 AM
Getting canned for brining forth obvious security breaches Curious George Wireless Networking 0 02-01-2005 03:28 AM



Advertisments