It amazes me in this day and age that "Can you access the admin account with a blank password?" isn't the first thing on the automated test of every single log-into-able thing out there.
I mean, I know it's Cisco, but still.
Cisco's Elastic Services Controller's release 3.0.0 software has a critical vulnerability: it accepts an empty admin password. The Controller (ESC) is Cisco's automation environment for network function virtualisation (NFV), providing VM and service monitors, automated recovery and dynamic scaling. Cisco's advisory about the …
A long time ago a friend showed us their clever way to message between terminals using mainframe OS memory (it was also a demo of a clever hack found by accident). The friend let us test it out. I sat down, hit the space key and just sat on it.
First the program seized up. Cue irritation. Then their face showed absolute horror and they bolted for the computer room door. After all, it was OS memory I was overwriting with spaces, given the unchecked buffer limits.
"You need idiots to defeat idiots"™ The next govt IT employment push?
Back when I was doing a ton of beta testing for various firms, I'd mentally dump every preconception I'd have about a program. Then, armed with just the documentation, I'd blithely do any idiot thing I could come up with. Works if you can compartmentalize everything you know.
Great fun!
"You will not and will not allow a third party to: .. reverse engineer, decompile, decrypt, disassemble or otherwise attempt to derive the source code for the Software" else you may discover the NSA backdoors we keep accidentally leaving in the product.