Wed, Dec 1 2004 0:20
Dear USA Today - followup - what our SBS box got "hit" with
I found out how the SBS 2003 got ”Finagled” into.... it was weak password
That's what the “hijack the Windows Small Business Server, the attacker finagled his way into a function of the Windows operating system that allows file sharing between computers. He then uploaded a program that gave him full control." was all about in the USA Today article. I checked with the person who set up the honeypot experiment named in the article [he's a moderator for the Patch Management.org listserve I hang out on] and he confirmed that it was a weak Administrator password [the chosen password was password] that was broken that allowed them access. That once a strong password was chosen, SBS 2003 was snug as a bug.
Guys, read this post about choosing passwords. Any questions? No? Good. Roll over and go back to sleep.
Heck I'm not a coder or scripter or hacker but I think even “I“ could have “finagled“ my way into a server using that attack.
And I still say that SMTP auth attacks, worms and bots are not directly “targeted to us“ but like SuperG says, it's like buckshot, we get shot via the blast. I'll repeat this again:
- Stupidly misconfiguring my SBS box
- Weak passwords
- Not patching
- No backup
- Not paying attention to the risks of my desktops
Now “THAT'S“ my risk factors
Filed under: Security, Rants