Computer security hole - how to help a person?
The first post - do not hit hard :)
I came across a network on a computer (I can tell ip ) with MS SQL Server 2000 raised on it. And the user sa has no password! A small study revealed the presence of the BANKCLIENT database on the server, and there are a lot of interesting tables in it, from which, through the simplest reflections, passport data were supposedly known, as well as a couple of bank accounts of the main computer user!
The question is - was it conceived while building the system, or is it someone's cant? If so, is it necessary (and do we have the right to this) to somehow convey this information to the computer owner about a potential problem? And How?
I immediately came up with such a solution - we create a base, and make its backup. In MS SQL Server, backup is performed on the server itself, so, by the way, without any “hacks” we can easily “see” the file system, including the names of all Win-users. So we make backup, indicating the location - the user's desktop, and in the file name - our information text for the computer owner!
Simple enough, although it can certainly cause a negative reaction from the user, to whom we added a headache ...
And what do you advise? Maybe you shouldn't bother at all?
I came across a network on a computer (I can tell ip ) with MS SQL Server 2000 raised on it. And the user sa has no password! A small study revealed the presence of the BANKCLIENT database on the server, and there are a lot of interesting tables in it, from which, through the simplest reflections, passport data were supposedly known, as well as a couple of bank accounts of the main computer user!
The question is - was it conceived while building the system, or is it someone's cant? If so, is it necessary (and do we have the right to this) to somehow convey this information to the computer owner about a potential problem? And How?
I immediately came up with such a solution - we create a base, and make its backup. In MS SQL Server, backup is performed on the server itself, so, by the way, without any “hacks” we can easily “see” the file system, including the names of all Win-users. So we make backup, indicating the location - the user's desktop, and in the file name - our information text for the computer owner!
Simple enough, although it can certainly cause a negative reaction from the user, to whom we added a headache ...
And what do you advise? Maybe you shouldn't bother at all?
')
Source: https://habr.com/ru/post/70433/
All Articles