Re: SBS administrator password clearly compromised by inside attack, h

Tech-Archive recommends: Fix windows errors by optimizing your registry

This is why I usually have people pay me on a 2 week schedule. (There is
always something he can write a check for.)
I know hind sight is nice, but next time..
Most businesses pay their employees on a 2 week schedule and it's easier for
them
I've never Held a Administrator password Ransom with the server password
before, but that's just me.
My feeling is I doubt if he will mess it up and if he does it's more work
for me. :)
(I like to build trust the first day. in fact I insist that at least 2
people at a company have access to the admin password.)
If you can't find two honest people in your company fire them all IMO.

I've heard Employees doing this, but not IT support.

A lot of companies especially small want me to be the second owner of the
password.
(I'd rather not be there second person, but a lot of people trust me once
they figure out I'm not going to screw them.)

If the server is locked? and it reboots to Manually Login (Please don't tell
me you don't have Tweak auto login on a server.)
There are third party tools that do this, but they are expensive, and if
he's too cheap to pay you for what you've done he's too cheap to buy a
program to do it.
Unless he's that much of a jerk.

Susan is right WEP is not safe for passwords.

It really depends on how much money we are talking about Small Claims only
goes up to 5k I think.
(And it's a pain and a lot of time, and the jerk still sometimes won't pay,
they will just call bankrupt.)

I've had places bounce checks on me, but most of the time its because
someone embezzled the funds.
I'd probably write it off and delete the emails.
If he wants you to work on it again get him to pay for back services, cash!
Then leave out the door.
I'd probably not want to do work again if they are that much of a @#@#

Next Client try to build a better communication about Payments... Like the 2
week part.
I know a lot of them want to do this 1 check at the end of the job, but I've
been screwed by that, and so have you now.
Get paid for what you do. After all they wouldn't expect and employee to
work all year, then get paid December 31st.

I know a lot of people will argue about this with me and have had NO
problems with people giving them a 1 check.
and I know a lot of IT people who have screwed customers by not doing
everything needed for the 1 check.

OK I'm preaching again, stop me...

Keep sending a bill in the mail every month...
If the server is screwed up he's going to have to have it Reinstalled for it
to work... and he needs someone to do it.

Russ
My 2.5 cents



--
Russ Grover
Small Business IT Support
16086 SW Melinda St.
Beaverton OR 97007-6303 USA
Email: Sales at SmallBusinessITSupport.com
Website: www.SmallBusinessITSupport.com


"Steven Wells" <StevenWells@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:2929CAB5-0F25-4DE8-9824-C2ACF8C4EA3D@xxxxxxxxxxxxxxxx
> Hello,
>
> I manage a SBS2003 for a client and we agreed contractually that I would
> keep the administrator password private (as a way to ensure payment).
>
> As most relationships end in divorce, the guy was not willing to pay for
> multiple months of service and since I was getting very busy with another
> client we agreed that we would meet and trade training and passwords for
> final payment. He canceled at the last moment. (surprised?)
>
> The server, sometime friday, I had a series of messages sent to me via
> email
> including reduced disk space on the C: drive (almost a 1GB lost), VPN
> disabled, RDP disabled, and IIS disabled. When I attempted to remote
> connect
> to the server, obviously it would not work. I had remote admin for the
> SOHO
> VPNs (same password, mistake!) and they were also changed. The system
> also
> informed me the system was rebooted. The server was configured "out of
> the
> box" with mobile users for all accounts and only the single admin
> password.
> Finally, a 64b wep key was generated from that password.
>
> My suspicion is that the server admin password was compromised via a
> program
> locally installed.
>
> Questions to the group:
> 1) is it possible to install a program on a SBS system? Maybe via a
> bootable CDrom program application.
> 2)The program installed was large. Did they attemped a brute force
> search
> of the password?
> 3)The crack provided the password in the clear. They used that to change
> the VPN settings.
> 4)can passphrases be derived from WEP keys? I realize i only used a 64b
> key (the guys computer wouldn't work with 128b wep)
>
> For this client, the damage is probably done. He seems to have admin
> privies and has changed every password and getting back payment might
> require
> litigation. However, my concern is that a SBS system isn't as safe as
> assumed. If the server sits in their back office, is there any safety if
> the
> system can just be rebooted to comproise??
>
> So the standard security response is that the password must have been
> provided in the clear. It isn't written down anywere but inside a
> fireproof
> safe that my partner has access to (wife) and she swears it was never
> handed
> out.
>
> Group comments appreciated


.

Quantcast