Featured Article: TMO Reports - Psystar's Official Response: Apple Abusing Copyright, Tying OS X to Hardware
Unpatched Windows XP with SP1 Hacked in 6 Minutes
by , 1:50 PM EST, November 13th, 2007
A Windows XP system with Service Pack 1 installed, but with no subsequent patches applied, was hacked in six minutes by a security expert in London, according to C|Net on Tuesday. A Microsoft executive who watched the demonstration found himself both enlightened and fightened.
The Windows computer was not running a firewall or other anti-virus or anti-spyware software. The challenge was to connect, on a local network, and retrieve a text file of passwords. The attack was successful in six minutes and the password file downloaded in 11 minutes.
"If you were in (a cafe with Wi-Fi access), your coffee wouldn't even have cooled down yet," said Sharon Lemon, deputy director of SOCA's e-crime unit at the event sponsored by the UK's Get Safe Online. SOCA is the Serious Organized Crime Agency, a UK government intelligence group.
Another SOCA representative pointed out that the demonstration was "purely to point out that, if a system hasn't had patches, it's a relatively simple matter to hack into it." It's sensible, he added, to have SP2 applied, with all the current patches applied, and be running on a secure wireless network.
"In the demonstration we saw, it was both enlightening and frightening to witness the seeming ease of the attack on the (Windows) computer," said Nick McGrath, head of platform strategy for Microsoft. "But the computer was new, not updated, and not patched."
He also siad that Vista is not as "accessible to the average hacker" due to "operating system components."
TMO notes that there are likely many XP computers (and Macs) out there that users have failed to update because they haven't understood the importance or haven't gotten around to it. This demonstration is lesson for all Windows and Mac users; when the vendor publishes a patch, install it.
Observer Comments
Tue Nov 13, 2007 3:24 pm Subject: Seriously flawed research
Contrary to what this so-called expert says, since most coffee shops no longer use styrofoam, a cup of coffee can cool significant in the 11 minutes it takes to retrieve the list of passwords. Even in 5 minutes, the temperature will drop by several degrees. Frankly, I think this glaring error takes credibility from this supposed research.
I don't find this surprising at all. This was XP SP1. SP2 fixed a LOT of things. Where I used to work we didn't even deploy XP until SP2 was available. Actually I'm surprised that it took them 6 minutes. For those planning on putting XP on our Macs, however you plan on doing it, it isn't quite this bad because any XP disk you get now will be at least SP2 and often SP2 plus some patches.
That said though the idea of downloading as many patches as you can off line and installing them before you take your XP on the web is a good one. Either that or have your system behind really tight firewall.
Mon Nov 19, 2007 6:42 pm Subject: Try updating XP without connecting to the Internet
Recent Headlines - Updated Friday, August 29th, 2008
- Fri., 7:05 PM
- Podcast - Mac Geek Gab #166: Dot-Underscore Files, Cool Stuff Found, Kernel_task, and Listener Tips!
- 5:45 PM
- iPO Free on iTunes - Dinos, U.S. Music, Sci & Tech TV, Rock N Roll TV and More
- 5:25 PM
- Macworld Expo Hotel Deal - Use TMO's Discount at The Hotel Milano
- 4:45 PM
- iPodObserver - Rumor: China Mobile May Subsidize iPhone 3G
- 4:30 PM
- User Friendly Blog by Ted Landau - My iPhone Goes on Vacation
- 4:25 PM
- ChangeWave: Apple Leads Competition in Consumer Buying Plans
- 3:05 PM
- Solver is Back for MS Excel 2008
- 2:25 PM
- CW: SSDs in Laptops Won't Make Real Sense until 2010
- 2:10 PM
- TinyBooks 6 Improves Custom Invoices, Tax Support
- 1:00 PM
- TMO Reports - Psystar's Official Response: Apple Abusing Copyright, Tying OS X to Hardware
- 11:05 AM
- iPodObserver - Rumor: Official iPhone Tethering in the Works
- 10:15 AM
- Hot Forum Topic - Reader Reactions: Bloomberg's Accidental Steve Jobs Obituary
- 9:45 AM
- iPodObserver - iPhone Hack: Changing the Camera Focus
- 9:15 AM
- Comcast to Cap Broadband Use Starting in October
- 8:25 AM
- Final Cut Express 4.0.1 Improves AVCHD Support
- 8:05 AM
- Apple Intros ProRes QuickTime Decoder
- 7:30 AM
- iPO Quick Tip - iTunes: More Info About What's on Your iPod
The Mac Observer Reader Specials
- Download Typestyler, still the Ultimate Styling Tool for Internet, Print and Video Graphics. Works great in Classic with a Native OS X Version on the way. Free Tryout: www.typestyler.com
- OWC: Mercury Elite FW800/FW400/USB2/eSATA up to 2.0TB TOP-RATED Solutions offer High Performance, Reliable storage for all your data storage needs. 500GB $159.99, 750GB $199.99, 1.0TB from $299.99
MacPro Memory 667Mhz With Apple Spec Heat Sink 2GB $90 / 4GB $134 / 8GB $264. Click to Maximize your Macs...
Mac observers can now play Party Poker for Mac as well as Mac casino games by going to MacPokerOnline.com.
RamJet Memory: Mac Pro FB-DIMMs: 2Gig kit $115, 4Gig kit $179, 8Gig kit for $355! 500G Seagate Hard Drive $129! Click hereFor the latest Apple products use Ciao a comparison website to find laptops like MacBook Air. Then find the best prices on MP3 players and use our comparison tool to evaluate cell phones.
Laptop Hardware Provided by TechRestore - Overnight Mac & iPod Repairs.
Flip Video Ultra Series 30-Minute Camcorder: $69.99 Delivered 
Computer Geeks' Labor Day Sale - Save Up to 80% 
It's Friday, time for the Amazon Friday Sale! 
J&R ComputerWorld's Weekend Sale - Save on TVs, Digital Cameras, Games & Tons More 
OneCall's Weekend Sale - 20 Great Items at Great Prices From 10:00pm Tonight - Sunday Night 
