Microsoft exec calls XP hack 'frightening (http://www.news.com/2100-7349-6218238.html?tag=tb)'

A Microsoft executive calls the ease with which two British e-crime specialists managed to hack into a Windows XP computer as both "enlightening and frightening."

The demonstration took place Monday at an event sponsored by Get Safe Online--a joint initiative of the U.K. government and industry. At the event, which was aimed at heightening security awareness among small businesses, two members of the U.K. government intelligence group Serious Organized Crime Agency connected a machine running Windows XP with Service Pack 1 to an unsecured wireless network. The machine was running no antivirus, firewall, or anti-spyware software and contained a sample target file of passwords to be stolen.

The SOCA officials wished to remain anonymous. One of them, "Mick," remained behind a screen while carrying out the hack into the unpatched computer of a fellow officer, "Andy."

"It's easy to connect to an unsecured wireless network," said Mick. "You could equate Andy with being in his bedroom, while I'm scanning for networks outside in my car. If I ordered or viewed illegal materials, it would come back to Andy."

Mick used a common, open-source exploit-finding tool he had downloaded from the Internet. SOCA asked ZDNet UK not to divulge the name of the tool.

"You can download attack tools from the Internet, and even script kiddies can use this one," said Mick.

Mick found the IP address of his own computer by using the XP Wireless Network Connection Status dialog box. He deduced the IP address of Andy's computer by typing different numerically adjacent addresses in that IP range into the attack tool, then scanning the addresses to see if they belonged to a vulnerable machine.

Using a different attack tool, he produced a security report detailing the vulnerabilities found on the system. Mick decided to exploit one of them. Using the attack tool, Mick built a piece of malware in MS-DOS, giving it a payload that would exploit the flaw within a couple of minutes.

Getting onto the unsecured wireless network, pinging possible IP addresses of other computers on the network, finding Andy's unpatched computer, scanning open ports for vulnerabilities, using the attack tool to build an exploit, and using the malware to get into the XP command shell took six minutes.

"If you were in (a cafe with Wi-Fi access), your coffee wouldn't even have cooled down yet," said Sharon Lemon, deputy director of SOCA's e-crime unit.

Mick then went into the My Documents folder and, using a trivial transfer protocol, transferred the document containing passwords to his own computer. The whole process took 11 minutes.

A SOCA representative said that the demonstration was "purely to point out that, if a system hasn't had patches, it's a relatively simple matter to hack into it." SOCA stopped short of recommending small businesses move to Vista; a SOCA representative said that applying Service Pack 2 to XP, with all the patches applied, and running a secured wireless network is "perfectly sensible way to do it."

Nick McGrath, head of platform strategy for Microsoft U.K., was surprised by the incident.

"In the demonstration we saw, it was both enlightening and frightening to witness the seeming ease of the attack on the (Windows) computer," said McGrath. "But the computer was new, not updated, and not patched."

McGrath said that having anti-spyware installed was not as important as having the software updated. He added that Microsoft works closely with original equipment manufacturers to encourage the preloading of antivirus and anti-spyware on a 30-day trial basis. McGrath also said that Service Pack 2 for XP had a firewall and that Vista was not as "accessible to the average hacker" due to "operating system components."

Huh, I thought all this was just common sense.

Oh yeah, real significant test when the machine's running XP SP1 and no antivirus or any other security software. :sarcasm:

Even if it wasn't "common sense" it's not exactly a smart idea to write an article going into detail about HOW TO DO IT.

Seems real world enough. Bet Kat's virus spreading granny is running Windows ME. Normal folks tend to not be savvy users.

Even if it wasn't "common sense" it's not exactly a smart idea to write an article going into detail about HOW TO DO IT.
What the heck are you doing, trolling for a slap?
The article is about as far from "how to do it" as it could be without being a completely useless article in the first place, it's so generic.
The whole process is the kind of thing anyone vaguely competent in such things could do easily - as the article points out - and frankly I'd be surprised if any such people here haven't already figured out all the programs used, I certainly have.
Honestly, as JSL said, the whole test is made pointless by the fact that the computer was unpatched and running SP1, and Microsoft are hardly "surprised", this is how XP has been for years.
The whole point of the demonstration is to show to the general public that frankly your computer, on an unsecured wireless network and unpatched and without a firewall, isn't as secure as you might think.

Heck, SP2 with a secured wireless network and firewall could be hacked in the same method with the same tools, you just change a few details here and there.

I'm not trolling, and I don't spend my free time learning about computers.

I think it's stupid to write an article about how to haxx just like I think it's stupid to make a movie about how to bomb the WTC.

It just encourages people to learn.

Whatever, though : ).

I don't see how the heck that's an article to hack.
By your definition, an article on making a building would be something like:
"Get some unnamed construction materials and some tools, and you might need something to hold them together, and then use the tools and put the materials together. Then you're done, see how easy it is?"

^ don't you think that would be encouraging people into the sport?
Like, don't you think that a vague/bare outline of how to do a project will make smart people discover the key?

And anyway, maybe that doesn't even apply to this scenario,but you know, generally I'm not just spouting bullshit.

How do you think people learn how to make bombs? They buy a book. Most books will teach them how to do it. Since it's harder to buy a legit book on l33t haxx, they use haxxor accounts, and if the haxxors post in detail about how they haxxed, what makes you think that one computer-restart virus won't come back again... and again... and again.

That one was kind of a bitch to fix. I remember it did something weird to my computer and my dad said "you did it, you fix it :|". 0_o

What I'm saying is that he's not posting new information, he's not posting anything anyone doesn't know, and what he does post is so vague that it's no help at all in how to hack - if you didn't know what tools he was using, you'd still have no idea how to use them after seeing what he said.

ZA, you are being ridiculous. This like complaining about someone explaining how to roll a joint. If people want to know how to do it, they already know how to do it. The worst thing that could happen is that some people might say "wow, it is that easy" before going on with their lives.

^
Okay so you take the zigzag and fold it in half, hot dog style, but leave some room at the top. Then twist the bottom two corners. Next put the bud in and then pack it tight. Finally lick the lower half and cover it up with the upper half.

Is that right?

Holy crap, I gotta go try that!! :)

Did half of you even bother reading the point of their demonstration and the conference in general? They showed this to small business owners. Small businesses are very often slow to update, upgrade, and invest in software like anti-virus and firewalls because this costs money. Now that strange money thing is something a lot of small businesses don't have a lot of because if they did... well they wouldn't be so small now would they?

This demonstration was clearly intended to show them that things like security are extremely important to take care of despite any potential cost. If they neglect something like that it could become a huge liability and cost a lot of money or worse.

Hell, I just had to rework my company's entire network because it was so full of security loopholes and was extremely inefficient and they are a 500 million dollar a year company.

The last three times I reinstalled my OS I got my very first malicious hit on my firewall within 2 minutes. ie, before the firewall normally would have even finished installing.(thankfully I installed it first with the internet physically yanked).

Frightening. You better run 2-3 layers of protection or you will get cyber-AIDS on your machine within 5 minutes.(turning it off for even 5 minutes will also result in the same thing)

If I wanted to learn how to hack, I would go to Barnes & Noble and pick up one of the many books available on the subject and peer through it for a good fifteen minutes or so.