Here is a random grouping of odd and somewhat humorous quick hacker tales and tidbits from my somewhat ancient past, presented for your reading pleasure. And it should be readily apparent that from a security perspective we actually have come a long way. Presented in no particular order.

• I once was testing an exploit on a fellow NMRC member's company website, and while he said it should be patched, it wasn't. The web server hard-crashed which required a manual reboot to recover.

• I had an account I created on an X.25 pad site in the early 90s, and it stayed there for nearly 22 years until they decommissioned the entire pad.

• The place to upload data for CNN's website was public if you knew the exact location on their CDN provider's website, so you could see news articles before they were moved and went "public." CNN held sensitive info, particularly if there was stock price info as they were legally required to do so (e.g. publicly-traded company publishes quarterly earnings data at 9:30am, but CNN had the press release early, with the data "staged" at 8:30am). Additionally, the password to access the staged data was trivial, so altering news articles after they were uploaded but before they were "published" was possible.

• The Secret Service used to track presidential movements reporting exact locations via pagers that did full text, and for a while it was always in plaintext. Let's just say at one point they finally switched to encryption (and eventually eliminated pagers as technology evolved) after being asked about it, and I was put under investigation by the Secret Service for a while.

• Yahoo's mail service used to store customer mail spools on NFS-mountable volumes, so one could read anyone's email by remotely NFS mounting them, and one could reset a password to any account that was registered via a Yahoo email address as a result. They eventually moved to a more secure setup.

• Two of the "baby Bells" - PacBell and Southwestern Bell - used to share sensitive customer data between each other via an FTP server, and it included details like private telephone numbers and addresses which allowed one to look up sensitive data of (for example) celebrities and politicians. When informed of this, they simply marked the directory as hidden but did not change the name, so it did not prevent the access.

• I purchased a blue box from Steve Wozniak and a very stoned Steve Jobs when I was (maybe) 14 or 15. At a later point I got to talk to Woz, who had absolutely no memory of the event, but laughingly very much believed the stoned Jobs bit (originally discussed here).

• Akamai's network of CDN servers used to have port 22 open to the world and had an outdated version of SSH running on it, which was vulnerable to exploit, but after informed they patched and started firewalling off port 22.

• When I'd report bugs to Novell regarding NetWare in the 90s, my favorite way to do so was via telephone. I would use a bug in their PBX system to make it look like I was dialing in from an internal company number, and it drove their security people crazy.