Looks like I’m having to abandon my usual “just call them and get a password” tricks. My associate wants me to look into doing some SQL injection pen tests to see if we can see credit card data on this audit. It would mean that data may already be in the wild and they would never know it. I’ll have to review my incredibly rusty SQL knowledge. I knew that you could do this stuff, but I never thought it would be so easy.
It’s just amazing what people leave open and don’t even think about.
And worst of all nightmares, I’m having to learn about administering IIS and Windows 2000 Server. Argh! Will the agony never end?