IWETHEY v. 0.3.0 | TODO
1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

New Another fun thing.
I had a client (this was a long time ago) who'd first installed Exchange 4.x or 5.0 as part of one of those Small Business Server suites. They wanted to upgrade to a full Exchange 5.5 (IIRC) stand alone server. I quoted 4 hours to do the job (chiefly because I never quoted anything less than 4 hours and all my work then was always NTE). The client balked. I told him that if he was going to have his help desk tech do it, make sure he's careful because, for instance, the default for the upgrade is to set the server up as an open relay and they had their exchange server outside the firewall. I was told it wouldn't be a problem because "we're just a little company. No one will know we're on the Internet." Then, two weeks later, the same guy called me in a panic. He said he'd been "interviewed by FBI agents who were interested in all the child porn that was arriving in Australia or somewhere" that had bounced off their exchange server. That mess took me *and* my partner a while to clean up.
bcnu,
Mikem

It's mourning in America again.
New Yeah, I ran into the open relay problem myself.
Fortunately, not much damage was done - just their Internet service provider cut them off.

More fortunately, I didn't install that Exchange Server so they couldn't blame me. It was a hassle to fix.

Later their Exchange Server bombed and had to be re-installed. Unfortunately, they didn't remember their company code, which means none of their email could be accessed.

After some study, I found a severe security flaw in Exchange Server that allowed me to extract the company code. I published that on the Internet and got a few emails of thanks for all the time I'd saved for administrators.
New Systems guys at the law firm I worked at *turned off* the firewall
They were Windows guys through-and-through. Our ISP had provided a Solaris box that sat in our server room between our network and the world. Or it sat there until they decided that since they didn't know what it was doing it must not be needed so when upgrading some switches they left the yellow box out of the loop.

Shortly thereafter our clients started reporting that they weren't getting email that our attorneys said they had sent. A little investigation showed their systems were bouncing it because our domain had been blacklisted for spam. We were an open relay.
--

Drew
New The flaw in "safety by obscurity"
The bad guys can presume that a small company using that strategy doesn't have skilled enough support staff to understand the vulnerabilities and fix them. This makes them prime targets.

I've had a couple of clients asking me why their server hard disks were full.

I had one client telling me all the computers I'd supplied were way too slow and needed a serious upgrade. Problem was, those computers were working very hard - but they were working for someone other than the owners.

Yeah, obscurity is an open invitation.
     That didn't take long. - (mmoffitt) - (47)
         I'll wait for the video -NT - (drook) - (42)
             Um, you doubt the veracity of the report? -NT - (mmoffitt) - (30)
                 No - (drook) - (29)
                     Local ABC affiliate video - (Another Scott) - (28)
                         Maybe - (drook)
                         But they *WILL* be pushed out because Shareholders and Banksters need more MONEY. - (mmoffitt) - (24)
                             Great reason to question the motives, but sometimes the "right thing" also make someone rich -NT - (drook)
                             It won't be long before it's the only kind of car I'll be allowed to use! - (a6l6e6x) - (22)
                                 Feh. Mass transit is and always was the answer. - (mmoffitt) - (21)
                                     Mass Transit? - (Andrew Grygus) - (20)
                                         How so? -NT - (mmoffitt) - (19)
                                             Re: How so? - (Andrew Grygus) - (18)
                                                 Okay, it doesn't work for ambulances either. But those are outliers. - (mmoffitt) - (8)
                                                     We also have to look at US geography - (Ashton) - (7)
                                                         There's no reason not to do it, other than infatuation with the car because reasons - (pwhysall) - (6)
                                                             Disagree - (crazy) - (5)
                                                                 Re: Disagree - (pwhysall)
                                                                 Also - (pwhysall) - (3)
                                                                     45-60 for me. - (malraux) - (1)
                                                                         Yeah, I enjoyed my nyc commute. - (crazy)
                                                                     54 miles 40-45 minutes 3.5 hours 1 way public transpo the a 2.5 mile hike. no thanks -NT - (boxley)
                                                 Perhaps they need a permanent techie employee! -NT - (a6l6e6x) - (8)
                                                     Only one of my clients is big enough for that. - (Andrew Grygus) - (6)
                                                         Suit instead of suite? Was that intentional? If so, I like it. :0) - (mmoffitt)
                                                         A fun thing about Microsoft Exchange Server. - (Andrew Grygus) - (4)
                                                             Another fun thing. - (mmoffitt) - (3)
                                                                 Yeah, I ran into the open relay problem myself. - (Andrew Grygus) - (1)
                                                                     Systems guys at the law firm I worked at *turned off* the firewall - (drook)
                                                                 The flaw in "safety by obscurity" - (Andrew Grygus)
                                                     Permanent? - (crazy)
                         Got it backwards - (crazy) - (1)
                             Moi likes your reading-list.. -NT - (Ashton)
             And here's the video - (drook) - (10)
                 Drum has some good questions... - (Another Scott) - (4)
                     Those, plus... - (scoenye) - (2)
                         Agreed, but ... - (drook) - (1)
                             Indeed - (scoenye)
                     Lidar vendor doesn't understand it either - (scoenye)
                 New video ... they're evil, and screwed - (drook) - (4)
                     Not shocked at all... -NT - (Another Scott) - (1)
                         Me neither. Lower quality camera === more profits for shareholders. Capitalism is evil. -NT - (mmoffitt)
                     Confused. What does that video show? - (crazy) - (1)
                         Uber's makes it look unavoidable - (scoenye)
         It will be a brief pause before tests resume. -NT - (a6l6e6x)
         Photos of the scene - (drook) - (2)
             A+ for actually sleuthing ..almost showing that, - (Ashton)
             Multiple faults. - (static)

And by "malware" he means his browsing history.
106 ms