Monday, December 22, 2008

I hacked IBM ....And got away with it

Sometimes the truth is stranger than fiction.

I logged in to a certain beta site which some of us in the Lotus world know about and need to use..in my case not so often. I hadn't logged into it since the summer.

While building my portable server I wanted to get some updated code. I looked up the emails I had from the IBM team and went to download it. Got interrupted, Microsoft attacked my PC and then made it reboot. Forgot all about it.

A few hours later, got a call from Research Triangle Park and there is only one entity in my world from there. You guessed it, IBM.

They informed me that I had logged into a monitored site(It did say they do, but I figured they really don't, note the hours in time difference) and what was I doing there. Felt like I turned right on a red light or something.

I said I was downloading beta code and got interrupted so never really got it.
They asked how, I said, your pass code. Told the code was no longer valid, I reminded them I just logged in with it.

To cut a long story short, which really is amusing in many ways, they subsequently cleared all previous passwords on this beta site and proceeded to reinitialize me for the beta program today.

So the moral of the story is lax security controls exist everywhere, so let's be careful out there.
As Paul Mooney put it in his article titled:
Noah Built The Ark Before The Flood - Why proactive monitoring of your services architecture is critical and cost efficient.
found at GSX, simple mistakes can happen very easily.

No comments:

Post a Comment