Poor poor security

| 4 Comments

I've always known that some systems were not secure, and could easily be hacked into. However, today I saw with my own eyes that some systems are wide open - or the intended security systems fail completely. I was also shown that it doesn't even take brains, just a bit of logical thinking and luck.

Forget all the ethical jumbo jumbo and whether or not using "warez" is theft, we're purely focussing on the security side of this issue. Let's presume we're looking for a program which is used all over the world, and available in a multitude of languages. Small and large corporations, financial institutions, universities and clinics often use it. Of course, they need a way to distribute the software to their (intranet) users.

For this purpose they often set up centralized download systems, FTP servers and such. Everyone would expect that the least that would be done is a username or IP address check before accessing those sections, right? Well, quite often, none of that is happening. I've seen free access to FTP servers containing patches, updates and full downloads of all kinds of software, both open source, freeware, as well as commercial high end packages. I've witnessed downloads from intranet sites and "secure" locations, all because the administrators fucked up, or didn't install any security check at all.

Please people... If you need a way to distribute software to a large userbase, don't do it through publicly accessible systems or sites. Use the intranet for those things, and if in doubt whether or not the intended solution is safe, don't implement it unless you know it is secure.

4 Comments

Hmm as far as I know we use the intranet for those things at my job. And we ARE asked for id's and passwords each time we log on. I've even been told that they used to have 6 different ID's and passwords here, depending on what you wanted to do on your pc. Secure enough??

its wierd looks like that in order to save money with these multimillion dollar companies they try to save even more money by making crap security thats easily hackable sheesh

That's the way a ha a ha I like it a ha a ha... You got it right mr. ServMe. We also have an intranet for those kind of things with several security levels, one can do more than another... since I am the manager I can do most LOL

way to go dimi!! now were one step closer to world domination muwahahahaha :D

Monthly Archives

Pages

OpenID accepted here Learn more about OpenID
Powered by Movable Type 5.04

About this Entry

This page contains a single entry by ServMe published on September 24, 2003 1:55 AM.

This scares me - a lot was the previous entry in this blog.

ServMe, the lost Geek. is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.