homepage Welcome to WebmasterWorld Guest from 54.196.18.51
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / Microsoft / Deprecated - Microsoft Windows OS (XP/NT/Vista)
Forum Library, Charter, Moderators: bill

Deprecated - Microsoft Windows OS (XP/NT/Vista) Forum

    
Microsoft XP SP1 Hack "frightening"
engine




msg:3503899
 5:03 pm on Nov 13, 2007 (gmt 0)

Microsoft executive calls the ease with which two British e-crime specialists managed to hack into a Windows XP computer as both "enlightening and frightening."

The demonstration took place Monday at an event sponsored by Get Safe Online--a joint initiative of the U.K. government and industry. At the event, which was aimed at heightening security awareness among small businesses, two members of the U.K. government intelligence group Serious Organized Crime Agency connected a machine running Windows XP with Service Pack 1 to an unsecured wireless network. The machine was running no antivirus, firewall, or anti-spyware software and contained a sample target file of passwords to be stolen.

Microsoft XP SP1 Hack "frightening" [news.com]

Why would anyone continue to use XP SP1?

 

SEOMike




msg:3503912
 5:17 pm on Nov 13, 2007 (gmt 0)

The machine was running no antivirus, firewall, or anti-spyware software and contained a sample target file of passwords to be stolen.

Come on... a 4th grader could steal from that computer. Jeeze. THIS is a demonstration? Come on... Go to DEFCON and learn a few things and do something cooler next time. If this makes news, a good Bluetooth snarf with an iPhone as the target would cause an uproar!

shigamoto




msg:3510020
 6:46 pm on Nov 20, 2007 (gmt 0)

There is a reason for anti-virus, anti-spyware and firewalls. Of course the computer was easy to hack, it would have been even easier if it ran Windows 98..

bcolflesh




msg:3510029
 6:53 pm on Nov 20, 2007 (gmt 0)

two British e-crime specialists

lol - what's next, breaking into an unlocked server room in their mom's basement?

balam




msg:3510322
 5:38 am on Nov 21, 2007 (gmt 0)

Getting onto the unsecured wireless network, pinging possible IP addresses of other computers on the network, finding Andy's unpatched computer, scanning open ports for vulnerabilities, using the attack tool to build an exploit, and using the malware to get into the XP command shell took six minutes.

I'd be throughly embarassed if it took me that long! Let's see... A max of 253 addressing need pinging; a dozen, maybe two, ports need to be scanned; exploits wouldn't be built "on-the-fly," they'd be "pre-rolled"; TFTPing a file is trivial & fast.

"Attack tools"? A very popular & cheap FTP program - used by many here at WebmasterWorld - has a "ProPack" add-on that has the "tools" needed for the job.

Uh, i"m stoopid... How would antivirus/spyware help in this case? Rhetorical question, as we all know they wouldn't help - the objective of the hack was theft, not infection.

Patched or unpatched means nothing to those who know what "zero day exploit" means.

The only thing about the article that I found scary was Microsoft admitting to being "enlightened" - C'mon! It's almost 2008! Have you had your heads up your hole in the ground since Bill discovered the 'net?

vincevincevince




msg:3510327
 6:01 am on Nov 21, 2007 (gmt 0)

New installations are a serious problem. Do a new install on a poorly managed academic network and you'll be crawling with filth before you've got as far as downloading updates.

They should've used a fully patched machine with a firewall, antivirus and spyware remover. Still possible, might've taken longer, but message would have been stronger.

Visit Thailand




msg:3510331
 6:19 am on Nov 21, 2007 (gmt 0)

I am not sure the UK Govt. should be talking about security in any shape or form right now considering they just managed to lose 25 million peoples confidential details! [news.bbc.co.uk...]

[edited by: Visit_Thailand at 6:39 am (utc) on Nov. 21, 2007]

g1smd




msg:3511604
 10:30 pm on Nov 22, 2007 (gmt 0)

So? They lost two discs full of password-protected data.
I'd be worried if the data on the disks wasn't protected.

Visit Thailand




msg:3511646
 11:43 pm on Nov 22, 2007 (gmt 0)

The disks were not even encrypted. This is the UK Government we are talking about with extremely confidential info. Encryption of any sensitive or confidential info should be a minimum security measure.

Plus of course we only have there word for it that it was password protected, even though we all know that if it falls into the wrong hands a password protected file will be impossible to get into! ;-)

[edited by: Visit_Thailand at 11:45 pm (utc) on Nov. 22, 2007]

g1smd




msg:3512758
 1:08 am on Nov 25, 2007 (gmt 0)

Latest News: TNT say the package never even made it into their system.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Microsoft / Deprecated - Microsoft Windows OS (XP/NT/Vista)
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved