• Wilbur (unregistered) in reply to barc0001
    barc0001:
    Most non-technical companies like that probably don't have a "senior" tech, instead someone's cousin set something up on a weekend last year or maybe one of the guys in back tinkers a bit but doesn't really know what they're doing. They hired him as a junior tech because they needed a dedicated tech person at last, and the "junior" part refers to the salary expectation, not the job description.

    Which still doesn't answer who dissected the server...

  • Senior Julio (unregistered) in reply to Varius
    Varius:
    saepius:
    I don't get it: if Brian was just the junior technician, why did he go to the CEO and Owner and not the senior technician when he found the security hole? If he was the only technician, who dissembled the server overnight?

    Something does not compute.

    Is there some sort of anonymizer on this article? This is ot the first post about Brian, yet I'm sure the name was Philip on my article....

    Pasted from my browser:

    When any new employee is hired at Repinski’s Furniture Express, on their first day, he or she receives a personalized “grand tour” of the main headquarters given by none other than Mr. Repinski – the company’s owner and CEO. During his tour, Brian was introduced to the financing group, the warehouse supervisor and his crew, the ladies who ran most of the front office, and other supporting personnel. After meeting with the PC technician, Mr. Repinski showed Brian the place where he would be spending much of his time - the server room.

    Knowing that the Junior System Administrator position would involve Active Directory, Windows Server maintenance, some light SQL Server database administration, Brian expected that it would be a great way to learn the ropes. After all, being fresh out of college with only some help desk experience under his belt, he needed all the real world experience he could get!

    What he didn’t expect though was to see was that it was all running on a single server. Settling In

    Not long after getting settled in, Brian received his first ticket – resolve a problem with the company’s misbehaving FTP site. For years, the FTP site was the favored way to share large files between the stores and HQ rather than over email. As Brian came to discover, both sides could anonymously write into the FTP site’s directory, making it act like a kind of shared network directory that was conveniently accessible over the Internet.

    As a first step, Brian located the FTP directory and found it to be completely clogged with files. Not with purchase orders and spreadsheets though – oh no. Instead, it was filled with zip files, disc images for various commercial applications, and a few gigs of undecidedly “NSFW” material.

    To get things up and running, Brian deleted the offending files, restarted the FTP service, but hesitated to continue. How did those weird files get there? After only a few minutes of investigating, Brian started feeling a sensation not unlike the one you get when walking past freshly obliterated road kill. He was going to need to pay Mr. Repinski a visit. Minor Details!

    After explaining about the strange and inappropriate files on the FTP server, Brian explained that steps should be taken to secure the server and, at minimum, users should have some kind of login to prevent more files from who-knows-where.

    The high back chair let out a groan as Mr. Repinski leaned back. He crossed his hands over his midsection and with a furrowed brow began, “Most people here very UN-technical. Why you’d be spending your time resetting logons. Besides – I’m sure this was only a one-time incident.” He finished by waving his hand as if to brush away an invisible stink cloud.

    Anticipating this kind of response, Brian was ready – “May I use your PC?” Barely waiting for permission, Brian entered the external IP of the company’s server into the browser’s search box. The home page for Repinski’s Furniture Express was the first hit – the company’s ftp site was number 2.

    Again, Mr. Repinski wasn’t impressed, and in fact, slightly annoyed. “Pfft – again, not a big deal. Who’s going to search for our EXACT IP address?”

    Brian then clicked on the link to access the company’s FTP site and then the “Up One Level” link revealing the C:\ of the server. Mouth agape, the CEO just hung there for a second before expelling “I can’t believe it – you just hacked the server!”, shortly before diving into a long, tirade. Going, Going, Gone…

    Brian arrived at work the next morning to find that a large table had been moved into the server room, upon which was placed an opened computer case - its guts spilling onto the table top. Overnight, the server had died in a most spectacular manner resulting in the autopsy.

    A printout of the pulled HD’s directory listing showed that the drive was filled with the same type of files that he cleaned out the previous day, but the contents of the drive though wasn’t the impressive part - it was what was missing that was news. The company web page? Gone. Data backups? Gone. Financial information? Except for whatever could be salvaged from users’ computers – all gone. What they did have was a veritable cornucopia of porn.

    Unsurprisingly for Brian he was fired shortly thereafter for “willful negligence” which had cost the company untold sums of money in the form of lost time and productivity. Taking the loss in stride, Brian applied around to other local companies where he found another spot as, again, a Junior System Administrator. In some ways, his job is somewhat similar – he still works on one server. One server out of dozens in a corporate data center that is.

  • Anonymous (unregistered)

    Mine doesn't say Brian or Philip.

    It says Adam.

    Somebody needs to get taken out back to a nice quiet alley and shot.

  • Aninnymouse (unregistered) in reply to Varius
    Varius:
    saepius:
    I don't get it: if Brian was just the junior technician, why did he go to the CEO and Owner and not the senior technician when he found the security hole? If he was the only technician, who dissembled the server overnight?

    Something does not compute.

    Is there some sort of anonymizer on this article? This is ot the first post about Brian, yet I'm sure the name was Philip on my article....

    I got Adam, which was confusing me when people were talking about Brian.

    CAPTCHA - cogo. Coco on the go.

  • ÃÆâ€â†(unregistered) in reply to Aninnymouse
    Aninnymouse:
    Varius:
    saepius:
    I don't get it: if Brian was just the junior technician, why did he go to the CEO and Owner and not the senior technician when he found the security hole? If he was the only technician, who dissembled the server overnight?

    Something does not compute.

    Is there some sort of anonymizer on this article? This is ot the first post about Brian, yet I'm sure the name was Philip on my article....

    I got Adam, which was confusing me when people were talking about Brian.

    CAPTCHA - cogo. Coco on the go.

    Your not to bright, are you?

  • Power Troll (unregistered) in reply to Aninnymouse
    Aninnymouse:
    Varius:
    saepius:
    I don't get it: if Brian was just the junior technician, why did he go to the CEO and Owner and not the senior technician when he found the security hole? If he was the only technician, who dissembled the server overnight?

    Something does not compute.

    Is there some sort of anonymizer on this article? This is ot the first post about Brian, yet I'm sure the name was Philip on my article....

    I got Adam, which was confusing me when people were talking about Brian.

    CAPTCHA - cogo. Coco on the go.

    Thanks for lunch. What's for dinner?

  • Larry (unregistered)

    Yeah, I totally expected he would be fired for deleting the boss' porn stash.

    Here's what you're supposed to do:

    1. Report your concern to management.
    2. Make a recommendation.
    3. Let the decision maker make a decision. It makes them feel good because they think they have something useful to do.
  • (cs) in reply to Larry
    Larry:
    Here's what you're supposed to do:
    1. Report your concern to management.
    2. Make a recommendation.
    3. Let the decision maker make a decision. It makes them feel good because they think they have something useful to do.
    • Get fired for "willful negligence" because you made it clear to the decision maker that you were fully aware of the problem prior to the incident.
  • Ralph (unregistered) in reply to hoodaticus
    hoodaticus:
    TimeBandit:
    I have about 20 years of experience, so let me put this clear : you will NEVER convince me to use an MS-OS as a server.
    The wonderful thing about being an MS user is the complete lack of any need whatsoever to proselytize for my O.S.
    Go ahead and feel as smug as you like while you stampede along with the other lemmings.
    unlike the hordes of lusers out there.
    Oh, snap! You called me a luser! I must now concede your victory. Sorry for bothering you.
  • Mickey (unregistered) in reply to by
    by:
    hoodaticus:
    TimeBandit:
    I have about 20 years of experience, so let me put this clear : you will NEVER convince me to use an MS-OS as a server.
    The wonderful thing about being an MS user is the complete lack of any need whatsoever to proselytize for my O.S., unlike the hordes of lusers out there.

    Agreed... It's not like having [Un|Lin]ux is an impenetrable fortress of best-practices (TM). It's a process called hardening, and if you disable every unnecessary service and/or (amongst other things), then you're reducing your surface area. Windows or Unix: if you keep telnet running with a shitty password, you're f*cked either way.

    Argument parallel to VB.NET vs. C#, or how PHP is unsecure (don't use PHP, but I know better than to spout unfounded BS like that)...

    What's Unux?

  • Wally (unregistered) in reply to frits
    frits:
    fantasy frits:
    Yeah, I also have Ph.Ds in U.S. Criminal Law, Political Science, and Particle Physics. Furthermore, I've undergone the 21-week Special Weapons training of the U.S. Marine Corps and graduated from there flight school. After setting the record score on the bar exam, I spent the next 25 years practicing international law before starring in a T.V. movie based on my life. After a brief stint as Mayor pro tem in New York City, I set several world records in the Iron Man Triathlon (for my age). I had to drop out of them to participate in military duty (which I am not at liberty to discuss), but I typically carry twin .44 Magnum Desert Eagles; so what would I know?

    Thanks for the upgrade, buddy.

    There is a grain of truth in some of that. So which forum regular was that anyway?

    Mainly before also....

  • ¢ÃƒÆ’ƒâ€ Ã¢â‚¬â (unregistered) in reply to Mickey
    Mickey:
    by:
    hoodaticus:
    TimeBandit:
    I have about 20 years of experience, so let me put this clear : you will NEVER convince me to use an MS-OS as a server.
    The wonderful thing about being an MS user is the complete lack of any need whatsoever to proselytize for my O.S., unlike the hordes of lusers out there.

    Agreed... It's not like having [Un|Lin]ux is an impenetrable fortress of best-practices (TM). It's a process called hardening, and if you disable every unnecessary service and/or (amongst other things), then you're reducing your surface area. Windows or Unix: if you keep telnet running with a shitty password, you're f*cked either way.

    Argument parallel to VB.NET vs. C#, or how PHP is unsecure (don't use PHP, but I know better than to spout unfounded BS like that)...

    What's Unux?

    A group of castrated men?

  • Gibbon1 (unregistered) in reply to Loren Pechtel

    I doubt that it was carelessness, but rather retaliation for wiping out the stuff he had stored there.

    That's what I think as well. First thing he should have done was assume the system was hacked by someone who knows more about it than he does. Second thing that follows from the first is to call up a friend with more experience and plead for help.

  • (cs) in reply to Mickey
    Mickey:
    What's Unux?
    It's a castigated OS.
  • Psychosis (unregistered) in reply to Gibbon1
    Gibbon1:
    I doubt that it was carelessness, but rather retaliation for wiping out the stuff he had stored there.

    That's what I think as well. First thing he should have done was assume the system was hacked by someone who knows more about it than he does. Second thing that follows from the first is to call up a friend with more experience and plead for help.

    First thing he should have done is back it up asafp.

  • Chickens Almighty (unregistered)

    ZOMG YOU HACKZORZ TEH SERVER

  • Earp (unregistered) in reply to by

    'Potentially police chasing them down'.

    That's unfortunately a rather unrealistic view of police competence in this type of thing.

  • pez (unregistered)
    A printout of the pulled HD’s directory listing

    twitch

  • (cs) in reply to frits
    frits:
    Yeah, I also have Ph.Ds in U.S. Criminal Law, Political Science, and Particle Physics. Furthermore, I've undergone the 21-week Special Weapons training of the U.S. Marine Corps and graduated from there flight school. After setting the record score on the bar exam, I spent the next 25 years practicing international law before starring in a T.V. movie based on my life. After a brief stint as Mayor pro tem in New York City, I set several world records in the Iron Man Triathlon (for my age). I had to drop out of them to participate in military duty (which I am not at liberty to discuss), but I typically carry twin .44 Magnum Desert Eagles; so what would I know?

    Those are some nice credentials but when it comes to .44 Magnum Desert Eagles the dailywtf community has you beat.

  • pez (unregistered) in reply to Dan
    Dan:
    foo:
    Then TRWTF was the checklist. You don't secure the server after putting in online (and possibly even after uploading your data), but beforehand. Even one second of unsecured Internet connection (if you're very unlucky) can compromise it.

    At work they once had a department meeting to demonstrate the necessity to install the patches. This was years ago before M$ invented the auto-install that reboots your computer while you're at lunch, causing loss of unsaved data. Anyway it was a skit that began with two guys in the company who had just finished installing a new server but then decided to wait over the weekend to secure it.

    Next scene was two hackers who had just discovered the new server and began exploiting its security holes to create an account and decrypt the passwords. They ran rootkit software against it, and discovered that it actually had already been compromised from outside.

    That in itself was probably a better demonstration than the skit itself was.

    Meanwhile some company in Europe is having a security demonstration where they show how easy it is to remotely root a webserver...

  • turnstyle (unregistered) in reply to Psychosis
    Psychosis:
    john:
    john:
    Psychosis:
    Maurits:
    Agreed that Adam could have handled this better. Here's some best practices for dealing with an unsecured FTP site:
    1. Firewall off access to the machine on the FTP ports.
    2. Make sure you have all security patches installed.
    3. Scan for malware.
    4. Lock down the FTP site. It's perfectly OK to allow anonymous access read-only, perhaps to a "public" folder". Write access should require authentication.
    5. Delete all the inappropriate content.
    6. Now - and only now - reconfigure the firewall to allow access to the FTP site again.
    Best practices aren't easy to do when the boss is telling you to not do it. Then if you're devoted to the fix despite your boss stopping you you will attempt a fix that works invisibly without anyone knowing, like you make a whitelist to cover your internal LAN and whatever IPs you logged and by now confirmed to be folks who work on-site, and then you add a script that checks for anyone who managed to log into your company website/email/etc and will temporarily update the whitelist for 24 hours with that IP address and another script to extend the whitelist duration for recent logins so someone doesn't get stopped in the middle of using the FTP.

    Then you check for people who repeatedly 24-hour-temp in from the same address, and perma-whitelist those. Then you add a script to check how long a whitelisted IP was unused and remove them if it's been long enough (a month?).

    After a while you wind up with a fully scripted system of whitelisting people into your FTP server which ultimately relies on folks logging into the company network before they get FTP access. With you checking the kinks every now and then.

    This way boss thinks everything is cool beans while you've got a semi-secured system rolling. And then when you find your next job, you get to see your scripts on WorseThanFailure.com

    okay, so what if you don't have web access?

    I mean webserver access.

    In that case,

    Get yourself a nice open source FTP server and modify the source code so the FTP server will spike any and all files it has to phone home to your server when opened for your periodic whitelist while making sure that it gives checksums/filesizes that match the original uploaded file. After a while, you just switch over to whitelists because hopefully everyone will be trading and running files which inform your server they are authorized users of your server. I'm sure you can fit web content or something into a word doc, exe file, etc.

    Welp, that counts as abusing the FTP, alright.

  • Psychosis (unregistered) in reply to turnstyle
    turnstyle:
    Psychosis:
    john:
    john:
    Psychosis:
    Maurits:
    Agreed that Adam could have handled this better. Here's some best practices for dealing with an unsecured FTP site:
    1. Firewall off access to the machine on the FTP ports.
    2. Make sure you have all security patches installed.
    3. Scan for malware.
    4. Lock down the FTP site. It's perfectly OK to allow anonymous access read-only, perhaps to a "public" folder". Write access should require authentication.
    5. Delete all the inappropriate content.
    6. Now - and only now - reconfigure the firewall to allow access to the FTP site again.
    Best practices aren't easy to do when the boss is telling you to not do it. Then if you're devoted to the fix despite your boss stopping you you will attempt a fix that works invisibly without anyone knowing, like you make a whitelist to cover your internal LAN and whatever IPs you logged and by now confirmed to be folks who work on-site, and then you add a script that checks for anyone who managed to log into your company website/email/etc and will temporarily update the whitelist for 24 hours with that IP address and another script to extend the whitelist duration for recent logins so someone doesn't get stopped in the middle of using the FTP.

    Then you check for people who repeatedly 24-hour-temp in from the same address, and perma-whitelist those. Then you add a script to check how long a whitelisted IP was unused and remove them if it's been long enough (a month?).

    After a while you wind up with a fully scripted system of whitelisting people into your FTP server which ultimately relies on folks logging into the company network before they get FTP access. With you checking the kinks every now and then.

    This way boss thinks everything is cool beans while you've got a semi-secured system rolling. And then when you find your next job, you get to see your scripts on WorseThanFailure.com

    okay, so what if you don't have web access?

    I mean webserver access.

    In that case,

    Get yourself a nice open source FTP server and modify the source code so the FTP server will spike any and all files it has to phone home to your server when opened for your periodic whitelist while making sure that it gives checksums/filesizes that match the original uploaded file. After a while, you just switch over to whitelists because hopefully everyone will be trading and running files which inform your server they are authorized users of your server. I'm sure you can fit web content or something into a word doc, exe file, etc.

    Welp, that counts as abusing the FTP, alright.

    Dude, no. It's just network security. Sometimes you gotta make do with what you've got.

  • john (unregistered) in reply to Psychosis
    Psychosis:
    turnstyle:
    Psychosis:
    john:
    john:
    Psychosis:
    Maurits:
    Agreed that Adam could have handled this better. Here's some best practices for dealing with an unsecured FTP site:
    1. Firewall off access to the machine on the FTP ports.
    2. Make sure you have all security patches installed.
    3. Scan for malware.
    4. Lock down the FTP site. It's perfectly OK to allow anonymous access read-only, perhaps to a "public" folder". Write access should require authentication.
    5. Delete all the inappropriate content.
    6. Now - and only now - reconfigure the firewall to allow access to the FTP site again.
    Best practices aren't easy to do when the boss is telling you to not do it. Then if you're devoted to the fix despite your boss stopping you you will attempt a fix that works invisibly without anyone knowing, like you make a whitelist to cover your internal LAN and whatever IPs you logged and by now confirmed to be folks who work on-site, and then you add a script that checks for anyone who managed to log into your company website/email/etc and will temporarily update the whitelist for 24 hours with that IP address and another script to extend the whitelist duration for recent logins so someone doesn't get stopped in the middle of using the FTP.

    Then you check for people who repeatedly 24-hour-temp in from the same address, and perma-whitelist those. Then you add a script to check how long a whitelisted IP was unused and remove them if it's been long enough (a month?).

    After a while you wind up with a fully scripted system of whitelisting people into your FTP server which ultimately relies on folks logging into the company network before they get FTP access. With you checking the kinks every now and then.

    This way boss thinks everything is cool beans while you've got a semi-secured system rolling. And then when you find your next job, you get to see your scripts on WorseThanFailure.com

    okay, so what if you don't have web access?

    I mean webserver access.

    In that case,

    Get yourself a nice open source FTP server and modify the source code so the FTP server will spike any and all files it has to phone home to your server when opened for your periodic whitelist while making sure that it gives checksums/filesizes that match the original uploaded file. After a while, you just switch over to whitelists because hopefully everyone will be trading and running files which inform your server they are authorized users of your server. I'm sure you can fit web content or something into a word doc, exe file, etc.

    Welp, that counts as abusing the FTP, alright.

    Dude, no. It's just network security. Sometimes you gotta make do with what you've got.

    No, no you dont.

  • Sudo (unregistered) in reply to boog
    boog:
    “May I use your PC?” Barely waiting for permission, Adam...
    I'm pretty sure I would have strangled him before he got any further.

    Is it just me, or this joke getting REALLY old?

    CAPTCHA: Jokes are also getting kinda boring.

  • Quibling (unregistered) in reply to Design Pattern
    Design Pattern:
    Wait, what?!
    :
    During his tour, Adam was introduced to the financing group, the warehouse supervisor and his crew, the ladies who ran most of the front office, and other supporting personnel. After meeting with the PC technician, Mr. Repinski showed Adam the place where he would be spending much of his time - the server room.
    So Adams crew were the ladies who ran the front office in the server room?
    No, it wasn't Adam's crew, it was the supervisor's...no comma after supervisor shows that the crew belongs to the super.

    Bonus points for noticing the possessives.

  • Curious George (unregistered) in reply to hoodaticus
    hoodaticus:
    TimeBandit:
    I have about 20 years of experience, so let me put this clear : you will NEVER convince me to use an MS-OS as a server.
    The wonderful thing about being an MS user is the complete lack of any need whatsoever to proselytize for my O.S., unlike the hordes of lusers out there.
    No need. 20 years of the M$ marketeer's proselytizing have preceded you.

    If all you have is a hammer, every problem looks like a nail.

  • (cs)
    <!-- Had to cut this due to size but the submitter had (mistakenly?) included 'Mr Repinski' as a reference on his CV. New employer called and received a tirade about the events and about 'Adam's ineptitude. Thankfully, the new employer found the whole call to be hilarious because, after all, the old boss was a crackpot. -->
    TRWTF is using your last boss as a reference when you parted on bad terms.
  • Aninnymouse (unregistered) in reply to ÃÆâ€ââ€
    ÃÆâ€ââ€:
    Aninnymouse:
    Varius:
    saepius:
    I don't get it: if Brian was just the junior technician, why did he go to the CEO and Owner and not the senior technician when he found the security hole? If he was the only technician, who dissembled the server overnight?

    Something does not compute.

    Is there some sort of anonymizer on this article? This is ot the first post about Brian, yet I'm sure the name was Philip on my article....

    I got Adam, which was confusing me when people were talking about Brian.

    CAPTCHA - cogo. Coco on the go.

    Your not to bright, are you?

    Yeah, you're right.

    P.S. *too ;)

  • biff (unregistered) in reply to WTF
    WTF :
    It would be hard to have a fully loaded .45 cal desert eagle in his top drawer as they didn't produce a .45 cal version...

    Maybe they did in the baby eagle? it's a different pistol....

  • Leon (unregistered) in reply to Freud
    Freud:
    OK. Now we're getting somewhere. Why don't you tell me about your Mother...

    My mother? I'll tell you about my mother ...

  • nevermindme (unregistered) in reply to TimeBandit

    Can you help me find your site here: http://uptime.netcraft.com/up/today/top.last.html

    I don't see any Linux systems in the current top 50 uptimes.

  • Kempeth (unregistered)

    I'm sorry but he was right to be fired. If you are put in charge of a company's IT and find it hanging by a thread you do something about it.

    You lock that FTP down and at the very least buy an external disk to backup to. I'm sure someone has come up with a way to automatically map an FTP site to a windows drive on startup. Set that up and wham: the UN-technical users still won't have to log in.

  • · (unregistered) in reply to nevermindme
    nevermindme:
    Can you help me find your site here: http://uptime.netcraft.com/up/today/top.last.html

    I don't see any Linux systems in the current top 50 uptimes.

    Which might have something to do with the fact that their method of probing uptimes does not work for modern Linux systems.

    http://uptime.netcraft.com/up/accuracy.html#cycle

  • Readit (unregistered) in reply to nevermindme
    nevermindme:
    Can you help me find your site here: http://uptime.netcraft.com/up/today/top.last.html

    I don't see any Linux systems in the current top 50 uptimes.

    Additionally HP-UX, Linux, NetApp NetCache, Solaris and recent releases of FreeBSD cycle back to zero after 497 days, exactly as if the machine had been rebooted at that precise point. Thus it is not possible to see a HP-UX, Linux or Solaris system with an uptime measurement above 497 days.

    i.e. netcraft can't check for Linux systems which have been up more than 497 days, because their uptime monitoring sucks.

  • Anonymous (unregistered) in reply to Kempeth
    Kempeth:
    I'm sorry but he was right to be fired. If you are put in charge of a company's IT and find it hanging by a thread you do something about it.
    Or, you let them crash and burn and laugh all the way to your next job. It really depends how much you respect your company and by the sounds of things this company had it coming. I've done similar things in the past - I've never sabotaged anyone but I've willfully let a ticking timebomb go off and destroy a business I hated. No regrets, either. Sometimes it has to be done, "greater good" and all that.
  • (cs) in reply to Sudo
    Sudo:
    boog (defective copy):
    I'm pretty sure I would have strangled him before he got any further.
    Is it just me, or this joke getting REALLY old?
    Is it just me, or was it ever anything but a really lame troll?
  • (cs) in reply to William
    William:
    You can lock the directory down, even if you don't establish usernames/passwords. No user should have ever been able to change directories, much less anonymous.
    QFT. He didn't need permission from the boss to simply set the permissions such that iusr_anonymous only had permission to access the FTP folder. If someone was uploading warez and pornz to the FTP site, that's secondary to actually putting data at risk.

    If he didn't know how to do that, then he was under qualified.

  • Thomas (unregistered) in reply to Curious George
    Curious George:
    hoodaticus:
    TimeBandit:
    I have about 20 years of experience, so let me put this clear : you will NEVER convince me to use an MS-OS as a server.
    The wonderful thing about being an MS user is the complete lack of any need whatsoever to proselytize for my O.S., unlike the hordes of lusers out there.
    No need. 20 years of the M$ marketeer's proselytizing have preceded you.

    If all you have is a hammer, every problem looks like a nail.

    Ah, that reminds me of this line I heard:

    Some people, when confronted with a problem, think "I know, I'll use XML." Now they have two problems.

  • Beleaguered sysadmin (unregistered) in reply to Thomas
    Thomas:
    Curious George:
    hoodaticus:
    TimeBandit:
    I have about 20 years of experience, so let me put this clear : you will NEVER convince me to use an MS-OS as a server.
    The wonderful thing about being an MS user is the complete lack of any need whatsoever to proselytize for my O.S., unlike the hordes of lusers out there.
    No need. 20 years of the M$ marketeer's proselytizing have preceded you.

    If all you have is a hammer, every problem looks like a nail.

    Ah, that reminds me of this line I heard:

    Some people, when confronted with a problem, think "I know, I'll use XML." Now they have two problems.

    And when confronted with how to parse the XML, they think "I know, I'll use regular expressions." Now they have three problems.

  • Thomas (unregistered) in reply to Beleaguered sysadmin
    Beleaguered sysadmin:
    Thomas:
    Curious George:
    hoodaticus:
    TimeBandit:
    I have about 20 years of experience, so let me put this clear : you will NEVER convince me to use an MS-OS as a server.
    The wonderful thing about being an MS user is the complete lack of any need whatsoever to proselytize for my O.S., unlike the hordes of lusers out there.
    No need. 20 years of the M$ marketeer's proselytizing have preceded you.

    If all you have is a hammer, every problem looks like a nail.

    Ah, that reminds me of this line I heard:

    Some people, when confronted with a problem, think "I know, I'll use XML." Now they have two problems.

    And when confronted with how to parse the XML, they think "I know, I'll use regular expressions." Now they have three problems.

    And now they need a project plan and have to submit it for approval. Now they have four problems.

  • Ouch! (unregistered) in reply to boog
    boog:
    Sudo:
    boog (defective copy):
    I'm pretty sure I would have strangled him before he got any further.
    Is it just me, or this joke getting REALLY old?
    Is it just me, or was it ever anything but a really lame troll?
    Just you. In the beginning (back in 1955), it was a so-so attempt at being funny.
  • Spike (unregistered) in reply to Craig
    Craig:
    Greg Brady:
    fritters:
    I don't get it.

    So the boss sabotaged the server to scapegoat one employee because he nearly got caught downloading porn?

    It sounds more like Brian--who did not appreciate getting scolded for "hacking" the server--went home and showed the boss just how much damage he could do.

    The clues are there.

    TRWTF is that I don't believe all these stories where the IT department demonstrates how a vulnerability could be exploited and they get in trouble for it.

    I don't think Brian actually did it. The porn was put there by random people outside the company who already knew about the open server. Brian deleted their stuff, so that night they retaliated by wiping out the company's data and filling it back up with porn. So Brian is technically responsible, since he decided to delete the files BEFORE securing the server, but he didn't actually do the damage.

    Step 1: Take it offline Step 2: Put in a second harddrive and boot with a bootable cd, a non compromised system Step 3: Copy Everything to the new harddrive you want to keep Step 4: Take out the first harddrive keep the second. Step 5: Install and now secure your "new" system Step 6: Attach to the internet, update, test and do some vulnerability tests

    Problem is: you cannot trust a server (or a workstation) ever again that is so badly compromised, so you just better build it again from scratch.

    Alternate you can build a second server while you keep your infection a little longer online if you can't downtime it for a day.

    Captcha: ideo

  • TakeMeToFunkyTown (unregistered) in reply to PFY

    Good luck getting anyone with authority to take responsibility for something in writing from a mere subordinate and sign away their God given rights to screw you at their whim.

  • (cs) in reply to Curious George
    Curious George:
    hoodaticus:
    TimeBandit:
    I have about 20 years of experience, so let me put this clear : you will NEVER convince me to use an MS-OS as a server.
    The wonderful thing about being an MS user is the complete lack of any need whatsoever to proselytize for my O.S., unlike the hordes of lusers out there.
    No need. 20 years of the M$ marketeer's proselytizing have preceded you.

    If all you have is a hammer, every problem looks like a nail.

    I refuse to let you rape that illuminating meme into meaninglessness. Microsoft is not a hammer. It's a fucking tool company. This is a debate about different brands of hammers / o.s.es.

    Complete this sentence:

    "When all you have is an o.s." .... what? Everything is a file? How does that contribute to your point?

  • (cs) in reply to ¢ÃƒÆ’ƒâ€ Ã¢â‚¬â
    ¢ÃƒÆ’ƒâ€ Ã¢â‚¬â:
    Mickey:
    by:
    hoodaticus:
    TimeBandit:
    I have about 20 years of experience, so let me put this clear : you will NEVER convince me to use an MS-OS as a server.
    The wonderful thing about being an MS user is the complete lack of any need whatsoever to proselytize for my O.S., unlike the hordes of lusers out there.

    Agreed... It's not like having [Un|Lin]ux is an impenetrable fortress of best-practices (TM). It's a process called hardening, and if you disable every unnecessary service and/or (amongst other things), then you're reducing your surface area. Windows or Unix: if you keep telnet running with a shitty password, you're f*cked either way.

    Argument parallel to VB.NET vs. C#, or how PHP is unsecure (don't use PHP, but I know better than to spout unfounded BS like that)...

    What's Unux?

    A group of castrated men?
    You've been on fire lately!

  • (cs) in reply to Thomas
    Thomas:
    Beleaguered sysadmin:
    Thomas:
    Curious George:
    hoodaticus:
    TimeBandit:
    I have about 20 years of experience, so let me put this clear : you will NEVER convince me to use an MS-OS as a server.
    The wonderful thing about being an MS user is the complete lack of any need whatsoever to proselytize for my O.S., unlike the hordes of lusers out there.
    No need. 20 years of the M$ marketeer's proselytizing have preceded you.

    If all you have is a hammer, every problem looks like a nail.

    Ah, that reminds me of this line I heard:

    Some people, when confronted with a problem, think "I know, I'll use XML." Now they have two problems.

    And when confronted with how to parse the XML, they think "I know, I'll use regular expressions." Now they have three problems.

    And now they need a project plan and have to submit it for approval. Now they have four problems.

    Problem # 5: Hiring someone to do programming.

  • (cs) in reply to hoodaticus
    hoodaticus:
    Curious George:
    20 years of the M$ marketeer's proselytizing have preceded you.

    If all you have is a hammer, every problem looks like a nail.

    I refuse to let you rape that illuminating meme into meaninglessness.
    I'm not so sure I'd call that meme "illuminating". It's use is more often "rationalizing" than anything else. Of course, that still doesn't reflect positively on George's use of it.

    hoodaticus:
    Complete this sentence:

    "When all you have is an o.s." ....

    ...it must be Windows! Every other OS these days seems to include/provide actual third-party applications. :P

    All kidding aside, the OS religious battle is complete nonsense to me. I admit, I used to be a borderline Linux zealot, until the day I met a Windows zealot. I could see a bit of myself in him, but distorted and evil. It was like looking into one of those warped "funhouse" mirrors they have at carnivals; it was a terrible sight. And I realized that I probably looked just as frightening to him.

    So these days I'm pretty OS neutral. I use Windows at work, I use Linux at home. They each have great features, and they each have annoying problems. Anymore it comes down to personal preference, which just isn't useful to me in any real argument. That's why I feel the whole discussion about "which is better" is completely stupid.

  • Matt (unregistered) in reply to WTF
    WTF :
    It would be hard to have a fully loaded .45 cal desert eagle in his top drawer as they didn't produce a .45 cal version...

    They only make them in .22 LR

    ;)

  • Luiz Felipe (unregistered) in reply to TimeBandit
    TimeBandit:
    I have about 20 years of experience, so let me put this clear : you will NEVER convince me to use an MS-OS as a server.

    I have a Linux server with an uptime of 3.5 years, so obviously it's not getting kernel patches. The thing is in a data-center accessible from the internet and doing it's job non-stop 24/7 without anything in front of it to protect it. The logs show multiple attempts at hacking it, but no success yet.

    Of course there's been security exploit on Linux and other Unix, but the damage that can be done is nowhere near what happen when Windows is exploited. And the number of bugs affecting Windows that permit a REMOTE UNAUTHENTICATED user to gain ADMIN rights is just unbelievable !

    MS built a house with cardboard and then try to put steel bars in the windows

    Come back when you have enough experience using something else then your toy OS

    "Twenty years doing same shit equals twenty times one year of evolution. It differs from twenty years of progressive experience gaining." Dont remember who said.

    If MS OS is all shit, why the Microsoft sites keep online? Microsoft eats dog fod, if it can run in one big enterprise like Microsoft, why cannot be run in some small company.

    You must be some blinded Linux evangelist. If you use Linux, fine, but you apears to have never used other systems, then you dont have experience with problems of theses systems to argument. I use Linux in a router in my enterprise. In the time, i have little experience with it, like other guy, my Linux have been sucefully exploited because of misconfiguration. But my Windows IIS boxes in DMZ was never hacked because i correct configured it.

    Ps: I am not trying to convince you to use Windows Server, i am only pointing that you should not talk about what you dont know. Perhaps in some little years ago, you are right. But things change, Windows is more secure now than before. I used to have the same thinking with Linux, i always thinked that it is a shit desktop OS, but i regreated becausa in last ten year, it evoluted from shit to some competitive level.

  • Luiz Felipe (unregistered) in reply to boog
    boog:
    hoodaticus:
    Curious George:
    20 years of the M$ marketeer's proselytizing have preceded you.

    If all you have is a hammer, every problem looks like a nail.

    I refuse to let you rape that illuminating meme into meaninglessness.
    I'm not so sure I'd call that meme "illuminating". It's use is more often "rationalizing" than anything else. Of course, that still doesn't reflect positively on George's use of it.

    hoodaticus:
    Complete this sentence:

    "When all you have is an o.s." ....

    ...it must be Windows! Every other OS these days seems to include/provide actual third-party applications. :P

    All kidding aside, the OS religious battle is complete nonsense to me. I admit, I used to be a borderline Linux zealot, until the day I met a Windows zealot. I could see a bit of myself in him, but distorted and evil. It was like looking into one of those warped "funhouse" mirrors they have at carnivals; it was a terrible sight. And I realized that I probably looked just as frightening to him.

    So these days I'm pretty OS neutral. I use Windows at work, I use Linux at home. They each have great features, and they each have annoying problems. Anymore it comes down to personal preference, which just isn't useful to me in any real argument. That's why I feel the whole discussion about "which is better" is completely stupid.

    I have given up in this also. I pick best tool for job. There is no silver bullet. All OS sucks is some way.

Leave a comment on “Abusing the FTP”

Log In or post as a guest

Replying to comment #:

Log Out

« Return to Article