Tuesday, March 8, 2011

Hacked (victimised)!! First experience

Today, I had my first experience as a victim of a intranet based attack. The attack was by a friend and hence nothing severe, but it came as an eye-opener. Here is what happened.

The friend shared this image. This was being hosted from my own computer in one of the 2 folders that had access for all the users on the computer.  
What I had missed out all this while was that my computer had a 'guest' user account made once for some work. The account had one of the most trivial passwords, 'guest123', and it wouldn't take anyone who knew the circumstances under which such an account was created to guess the password.

Now, leaving such a door open and keeping it unchecked was probably the most foolish thing I've ever done. Here I'd like to commend my friend's skill at identifying the weak-spot and hitting it only hard enough to make me feel the pain and yet not bleed.

But this experience does come as an eye-opener. Thanks once again, my friend.

PS : By the way, the guest account was deleted SOON after this security bug was found and the necessary permissions (which seemed best) were allotted to the folder(s). Also, this suggests that I keep an eye on the traffic flowing through my APACHE server.