Computer security hole - how to help a person?
The first post - do not beat much :) I
came across a computer on the network (I can tell ip ) with MS SQL Server 2000 raised on it . And user 'sa' has no password! A small study revealed the presence of the BANKCLIENT database on the server , and there are a lot of interesting tables in it, from which, by simple thinking, passport data, as well as a couple of bank accounts of the main computer user, became known!
The question is - was this exactly what was planned when building the system, or is it someone's cant? If so, is it necessary (and whether we have the right to do this) to somehow convey to the computer owner this information about a potential problem? And How?
I immediately came up with such a solution - we create a database, and make it backup. In MS SQL Server, backup is performed on the server itself, therefore, by the way, without any “hacks” we can easily “see” the file system, including the names of all Win-users. So, we make a backup, indicating the location - the user's desktop, and in the file name - our information text for the computer owner!
Simple enough, although, of course, it can cause a negative reaction of the user to whom we added a headache ...
And what do you advise? Maybe you shouldn’t bother at all?
came across a computer on the network (I can tell ip ) with MS SQL Server 2000 raised on it . And user 'sa' has no password! A small study revealed the presence of the BANKCLIENT database on the server , and there are a lot of interesting tables in it, from which, by simple thinking, passport data, as well as a couple of bank accounts of the main computer user, became known!
The question is - was this exactly what was planned when building the system, or is it someone's cant? If so, is it necessary (and whether we have the right to do this) to somehow convey to the computer owner this information about a potential problem? And How?
I immediately came up with such a solution - we create a database, and make it backup. In MS SQL Server, backup is performed on the server itself, therefore, by the way, without any “hacks” we can easily “see” the file system, including the names of all Win-users. So, we make a backup, indicating the location - the user's desktop, and in the file name - our information text for the computer owner!
Simple enough, although, of course, it can cause a negative reaction of the user to whom we added a headache ...
And what do you advise? Maybe you shouldn’t bother at all?