I got my start a little differently than actually getting hacked and I have Paul, Larry, and Twitchy to thank for getting into Computer Security. About two and a half years ago I was coming out of high school and I knew I wanted to start studying computer networks. About a month or two out of high school someone introduced me to a Podcast about security with Leo from techtv so I gave it a shot. It was ok but I thought to myself there has got to be something more hardcore and technical than this so I started scouring the web. One of the very first ones I came across was PDC. I downloaded a few eppisodes and was hooked immediatly and knew that this is what I wanted to do for a living. I have since been a dedicated listener and fan and am currently working in a pretty small MSS team for a fairly large company and I only have pauldotcom and the pauldotcom community to thank for it.
On Thu, May 14, 2009 at 1:02 PM, Jason Wood <[email protected]> wrote: > This happened back when I was a jr sysadmin at a fairly large dotcom. My > wife and I were having a party at our house with several of our friends when > my cell phone went off. Sure enough, it was the NOC saying that this one > web server kept running out of disk space and they couldn't figure out why. > The operator had cleared out all the temp files he could find, removed a > number of web server logs and some other stuff. Disk space dropped for > about 30 minutes and then climbed back up over 90%. > > My computer was in the living room, so in the middle of the party I logged > into this server and started poking around. First order of business was to > figure out where the most disk space was being chewed up. > C:\inetpub\ftproot was the culprit. I looked around the file system and > found video games, music files, warez, etc all over the place. I checked > the FTP config and saw that it was a default setup with no relation to the > function of the web server. Anonymous access had full read/write. At this > point, I was cracking up and asking people at the party if anyone wanted the > latest Britney Spears album. I had 3-4 people crowded around my PC to watch > what was going on. > > I uninstalled the FTP service, cleaned up the disk space and looked at the > FTP logs. Sure enough, the server had been idle on FTP for weeks, then got > discovered. In 2 days it went from unknown to very popular. It also didn't > hurt that there were multiple OC3s coming into the environment. The users > of the site must have been having a field day. > > Wait, I hear people asking, shouldn't the firewall have blocked the FTP > connections? Well, not if it is set to allow FTP inbound to all servers. > That later got changed too. > > Anyhow, it was a completely hilarious experience, particularly since I > didn't setup the server so my pride wasn't at stake. ;-) > > > > > On Thu, May 14, 2009 at 12:43 PM, Joshua Wright <[email protected]>wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> I was working for Johnson & Wales University and we had a Citrix server >> running on NT 3.51. I was one of the first people who got a cable-modem >> at home from Cox Communications, and it rocked! It rocked so much, >> someone else on the LAN discovered my workgroup and host, and connected >> to an unprotected share on my Windows 98 machine where he grabbed the >> .ica file with a stored password to the Citrix server. He called me at >> home to let me know how r00ted I was, after getting my home phone number >> from my wife's resume.doc file. >> >> Yeah, it was pretty painful, but it was my motivator to get into >> infosec. "Wow, that sucks, but at the same time, it's so awesome too" >> is the best way I can describe it. >> >> Years later we bumped into each other in Providence, and he told me how >> he's been watching my career since he called me that first time. I >> thanked him for his help. :) >> >> - -Josh >> >> Paul Asadoorian wrote: >> > All: >> > >> > I'd like to start a new thread where we all share our experiences on how >> > we got into computer security. Specifically I want to hear about people >> > whose boxes got hacked, and sparked a life-long career in infosec. >> > >> > I may use your story in an upcoming piece I am working on, if I do I >> > will contact you off-list for permission and such. >> > >> > Larry, I know you got a good story here ;) >> > >> > Thanks! >> > >> > Cheers, >> > Paul >> > >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1.4.9 (MingW32) >> >> iEYEARECAAYFAkoMZm0ACgkQapC4Te3oxYy3FQCfR0ziVWtWs9aNzRi4+0UbWgEy >> uC8An3st451iUrFsaZu1nLEWXN+WU3a7 >> =+LQ1 >> -----END PGP SIGNATURE----- >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> > > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > -- Dan Howerton http://metacortexsecurity.com GPG key: 10F5DDA5
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
