My turn to wear the dunce cap...big time
 

Some of you may not follow all this, just know the point of the story is I was a BIG idiot.

My job requires me to interact with an internal server but our customers log into it from outside our network so I do a lot of testing from my home server to test incoming connection. I needed a Windows 7 machine to test some things so I grabbed the free virtual hard drive from Microsoft and created a machine on my server.
The VHD is clean and they give me (everyone) the same administrator password, with the idea that even a complete moron would at least change the admin password.... except oneSmileWavy

I set up my own admin account and completely forgot to change/disable the built in account. Normally this wouldn't be a huge deal except I had to open remote desktop to log into it from work.

I was working away a couple days ago and then kept getting kicked off by the "administrator". So I logged in and as I'm typing the default password, it started to dawn on me what happened. When I got on, there was a directory open transferring files that had a ton of Russian text in the names. Yep, took the hackers less than a week to find my open port and figure out the damn admin password was still default:o

I quickly shut down the machine but I'm sure damage was done. This morning I found out someone hacked my Hilton account and took most of my points. Luckily Hilton is giving them all back, and I'm actually pretty sure this is a coincidence since one of the stays they made was on September 25 which is the day before I created the machine, but still weird.

Also luckily I use a password manager that makes it very easy to quickly change all my important passwords, but I get to spend a bunch of time this weekend cleaning up after this mess.

Lesson learned...CHANGE THE DAMN DEFAULT ADMIN PASSWORDS!!!!!!:mad:

Yup. I'm a networking(MSFT/Cisco) guy by trade, but these days I'm doing Ruby on Rail development. If you're going to include a boolean operator in your users table, I would humbly submit that you call it something other than....wait for it....:admin.

I used to wear many hat's too: Systems programmer, networking, design, firewalls, etc. for major corps that were under constant attack. Don't do that no more....

I forgot one hat: pointy :D

Bet you don't do that again SmileWavy

I downloaded Java this morning. Can't really start my day without it.

Not exactly the same situation, but I used to remote into my home PC from work. I set up the firewall to only allow the RD connection from my work proxy IP. I didn't want the whole world having a shot and getting into my PC. I would think you could do the same thing whether it be limiting your work PC RD from your home IP or if the IP changes often, you could at least only allow the RD connection from the subnet that your DHCP address comes out of. Even if you don't have access to the corp firewall to do that, you could always use the firewall that's built into Windows. It's better than nothing.

There is, figuratively, a list of 1 million things I could/should have done to prevent this, and I skimmed right past all of them. My sys admin friend said I probably didnt get attacked earlier because if it were him, this was SO wide open, he would have thought it was a trap:)

So far I think the damage was limited, luckily this server is on a separate sub-lan than my others at home, but the real danger is I have Firefox setup to sync all my stuff, and it did on my personal admin account, so they may or may not have got to that. Its somewhat encrypted, but doesn't make me feel better. All passwords to important stuff are changed, now I just sit back and hope my money is still in my accounts every morning! :D

I knew some of you all would get this, I try to tell my wife what happened and she gives me that blank stare...

I just got an email from Scottrade that my information was compromised two years ago. Damn.

Whoa there Scott, I'm not an idiot (contrary to my first sentence:)). The default admin password was not "password"... it was Password1

:D