Welcome to WebmasterWorld Guest from 23.23.50.247

Forum Moderators: bill

Message Too Old, No Replies

Microsoft XP SP1 Hack "frightening"

     
5:03 pm on Nov 13, 2007 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:May 9, 2000
posts:23532
votes: 413


Microsoft executive calls the ease with which two British e-crime specialists managed to hack into a Windows XP computer as both "enlightening and frightening."

The demonstration took place Monday at an event sponsored by Get Safe Online--a joint initiative of the U.K. government and industry. At the event, which was aimed at heightening security awareness among small businesses, two members of the U.K. government intelligence group Serious Organized Crime Agency connected a machine running Windows XP with Service Pack 1 to an unsecured wireless network. The machine was running no antivirus, firewall, or anti-spyware software and contained a sample target file of passwords to be stolen.

Microsoft XP SP1 Hack "frightening" [news.com]

Why would anyone continue to use XP SP1?

5:17 pm on Nov 13, 2007 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:June 13, 2003
posts:1281
votes: 0


The machine was running no antivirus, firewall, or anti-spyware software and contained a sample target file of passwords to be stolen.

Come on... a 4th grader could steal from that computer. Jeeze. THIS is a demonstration? Come on... Go to DEFCON and learn a few things and do something cooler next time. If this makes news, a good Bluetooth snarf with an iPhone as the target would cause an uproar!
6:46 pm on Nov 20, 2007 (gmt 0)

Full Member

10+ Year Member

joined:Aug 9, 2004
posts: 240
votes: 0


There is a reason for anti-virus, anti-spyware and firewalls. Of course the computer was easy to hack, it would have been even easier if it ran Windows 98..
6:53 pm on Nov 20, 2007 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Feb 21, 2003
posts: 2355
votes: 0


two British e-crime specialists

lol - what's next, breaking into an unlocked server room in their mom's basement?

5:38 am on Nov 21, 2007 (gmt 0)

Preferred Member

10+ Year Member

joined:May 27, 2003
posts:503
votes: 0


Getting onto the unsecured wireless network, pinging possible IP addresses of other computers on the network, finding Andy's unpatched computer, scanning open ports for vulnerabilities, using the attack tool to build an exploit, and using the malware to get into the XP command shell took six minutes.

I'd be throughly embarassed if it took me that long! Let's see... A max of 253 addressing need pinging; a dozen, maybe two, ports need to be scanned; exploits wouldn't be built "on-the-fly," they'd be "pre-rolled"; TFTPing a file is trivial & fast.

"Attack tools"? A very popular & cheap FTP program - used by many here at WebmasterWorld - has a "ProPack" add-on that has the "tools" needed for the job.

Uh, i"m stoopid... How would antivirus/spyware help in this case? Rhetorical question, as we all know they wouldn't help - the objective of the hack was theft, not infection.

Patched or unpatched means nothing to those who know what "zero day exploit" means.

The only thing about the article that I found scary was Microsoft admitting to being "enlightened" - C'mon! It's almost 2008! Have you had your heads up your hole in the ground since Bill discovered the 'net?

6:01 am on Nov 21, 2007 (gmt 0)

Senior Member from MY 

WebmasterWorld Senior Member vincevincevince is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Apr 1, 2003
posts:4847
votes: 0


New installations are a serious problem. Do a new install on a poorly managed academic network and you'll be crawling with filth before you've got as far as downloading updates.

They should've used a fully patched machine with a firewall, antivirus and spyware remover. Still possible, might've taken longer, but message would have been stronger.

6:19 am on Nov 21, 2007 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:May 29, 2002
posts:1819
votes: 0


I am not sure the UK Govt. should be talking about security in any shape or form right now considering they just managed to lose 25 million peoples confidential details! [news.bbc.co.uk...]

[edited by: Visit_Thailand at 6:39 am (utc) on Nov. 21, 2007]

10:30 pm on Nov 22, 2007 (gmt 0)

Senior Member

WebmasterWorld Senior Member g1smd is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:July 3, 2002
posts:18903
votes: 0


So? They lost two discs full of password-protected data.
I'd be worried if the data on the disks wasn't protected.
11:43 pm on Nov 22, 2007 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:May 29, 2002
posts:1819
votes: 0


The disks were not even encrypted. This is the UK Government we are talking about with extremely confidential info. Encryption of any sensitive or confidential info should be a minimum security measure.

Plus of course we only have there word for it that it was password protected, even though we all know that if it falls into the wrong hands a password protected file will be impossible to get into! ;-)

[edited by: Visit_Thailand at 11:45 pm (utc) on Nov. 22, 2007]

1:08 am on Nov 25, 2007 (gmt 0)

Senior Member

WebmasterWorld Senior Member g1smd is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:July 3, 2002
posts:18903
votes: 0


Latest News: TNT say the package never even made it into their system.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members