Unpatched Windows XP with SP1 Hacked in 6 Minutes
Unpatched Windows XP with SP1 Hacked in 6 Minutes
by , 1:50 PM EST, November 13th, 2007
A Windows XP system with Service Pack 1 installed, but with no subsequent patches applied, was hacked in six minutes by a security expert in London, according to C|Net on Tuesday. A Microsoft executive who watched the demonstration found himself both enlightened and fightened.
The Windows computer was not running a firewall or other anti-virus or anti-spyware software. The challenge was to connect, on a local network, and retrieve a text file of passwords. The attack was successful in six minutes and the password file downloaded in 11 minutes.
"If you were in (a cafe with Wi-Fi access), your coffee wouldn't even have cooled down yet," said Sharon Lemon, deputy director of SOCA's e-crime unit at the event sponsored by the UK's Get Safe Online. SOCA is the Serious Organized Crime Agency, a UK government intelligence group.
Another SOCA representative pointed out that the demonstration was "purely to point out that, if a system hasn't had patches, it's a relatively simple matter to hack into it." It's sensible, he added, to have SP2 applied, with all the current patches applied, and be running on a secure wireless network.
"In the demonstration we saw, it was both enlightening and frightening to witness the seeming ease of the attack on the (Windows) computer," said Nick McGrath, head of platform strategy for Microsoft. "But the computer was new, not updated, and not patched."
He also siad that Vista is not as "accessible to the average hacker" due to "operating system components."
TMO notes that there are likely many XP computers (and Macs) out there that users have failed to update because they haven't understood the importance or haven't gotten around to it. This demonstration is lesson for all Windows and Mac users; when the vendor publishes a patch, install it.
Observer Comments
Tue Nov 13, 2007 3:24 pm Subject: Seriously flawed research
Contrary to what this so-called expert says, since most coffee shops no longer use styrofoam, a cup of coffee can cool significant in the 11 minutes it takes to retrieve the list of passwords. Even in 5 minutes, the temperature will drop by several degrees. Frankly, I think this glaring error takes credibility from this supposed research.
If you have a new, or reinstalled, Windows installation, you *cannot* connect to the internet, or you'll be dead within minutes due to remote exploits of the default network services. Your only chance is to connect (wired!) to a NAT box or other firewall (e.g. a Mac running internet sharing) in order to run Windows Update or Microsoft Update.
You probably won't be dead in the water with Mac OS X, but it's not a bad idea to be cautious.
Tue Nov 13, 2007 4:13 pm Subject: Don't connect an unpatched system to the network!
For a new Windows installation (e.g. Boot Camp, Parallels, VMware, etc.), it's a good idea to download all of the patches (e.g. security patch rollups, etc.) in OS X *before* you install Windows. Then you can *disconnect from the network* (make sure you don't have a wired or wireless network that Windows can connect to) install Windows, and install all of the patches (e.g. from a burned CD or a flash drive) before you're dead.
It's still a good idea to run Windows Update behind a firewall, NAT box, or internet sharing, however.
I don't find this surprising at all. This was XP SP1. SP2 fixed a LOT of things. Where I used to work we didn't even deploy XP until SP2 was available. Actually I'm surprised that it took them 6 minutes. For those planning on putting XP on our Macs, however you plan on doing it, it isn't quite this bad because any XP disk you get now will be at least SP2 and often SP2 plus some patches.
That said though the idea of downloading as many patches as you can off line and installing them before you take your XP on the web is a good one. Either that or have your system behind really tight firewall.
Quotejimothy wrote:
Contrary to what this so-called expert says, since most coffee shops no longer use styrofoam, a cup of coffee can cool significant in the 11 minutes it takes to retrieve the list of passwords. Even in 5 minutes, the temperature will drop by several degrees. Frankly, I think this glaring error takes credibility from this supposed research.
Actually it depends if the coffee is black or creamed. Coffee with a creamer cools at a much slower rate according to a scientific study I saw in the "Journal of Irreproducible Results"...
QuoteGuest wrote:Quotejimothy wrote:
Contrary to what this so-called expert says, since most coffee shops no longer use styrofoam, a cup of coffee can cool significant in the 11 minutes it takes to retrieve the list of passwords. Even in 5 minutes, the temperature will drop by several degrees. Frankly, I think this glaring error takes credibility from this supposed research.
Actually it depends if the coffee is black or creamed. Coffee with a creamer cools at a much slower rate according to a scientific study I saw in the "Journal of Irreproducible Results"...
My opinion would be to try this on a Mac... by the time you finished beating your head against the table in failure your coffee would be ICE cold... and I like iced coffee best.
Mon Nov 19, 2007 6:42 pm Subject: Try updating XP without connecting to the Internet
Just how many people are going to have to reinstall XP off CD from SP1 or before, lots by my count. Almost noone is going to go out and buy new XP CD's when they have one in hand.
Some people I know have to go to the coffee shop just to get fast enough Internet to download the patches, their DSL is just not fast enough, especially after a clean install.
As far as downloading XP patches offline, great idea, but try to do it in practice, not many people can manage that task, even among the bunch of highly skilled technical people I deal with. The word was you had to install the patches in the precise order or very bad things happened.
Comments are currently closed. Please email the author instead.
Recent Headlines - Updated February 12th
- Sat, 4:11 PM
- MacOS KenDensed - MacOS KenDensed: iPad 3 Frenzy, Big-time Apple & Steve Jobs, G-Man
- Fri, 8:10 PM
- News - Apple Sues Motorola Mobility in California Over German Case
- 7:54 PM
- Free on iTunes - OnLive Desktop: Windows & Office on Your iPad
- 7:43 PM
- Product News - Apple Rolls Out MacBook Air Configurations for Education
- 6:35 PM
- Just a Peek - Battle Pocket Bulge With The Hint for iPhone
- 6:01 PM
- Rumor - Apple Reportedly Bringing MacBook Air Styling to Pro Line
- 4:50 PM
- Particle Debris - The Hidden Gotchas of Browser Security
- 3:56 PM
- Apple Stock Watch - Analyst: Paying a Dividend Makes Sense for Apple
- 2:58 PM
- Deal Brothers - iMac 27-inch 2.93GHz Intel Quad-Core i7 processor: $1,999
- 2:45 PM
- In-Depth Review - Theodolite App for iOS is Breathtaking
- 12:52 PM
- Apple Stock Watch - Mizuho Securities Starts Apple Coverage with $635 Target
- 11:35 AM
- Hot Forum Topic - Forum Poll: Are You Planning on Buying a New iPad?
The Mac Observer Reader Specials
TypeStyler 11 is now in the Mac App Store!! -- Special Introductory Price of $59.95!! -- To Buy From The Mac App Store Click Here Now!! Or buy direct
from Strider Software.
Mac RAM Upgrades: MacBook Pro 16GB kits $475, 8GB Kits for $119.99! iMac 16GB RAM Kits (4x 4GB) for $229.99! Mac Pro Memory 32GB Kit for $399.99, 64GB Kit for $889.99! Mac Hard Drives 2TB Seagate SATA II for $249.99! Click Here!
If you're using a Mac, then you've gotta check out Online Poker Mac.
This mac poker and online casino mac site
actually does the unthinkable, it actually rewards!
