Comments on: Microsoft exec calls XP hack 'frightening'

In a matter of minutes, e-crime experts hack into a Windows XP computer that is unprotected and connected to an unsecured wireless network.

[RTFM]

News bulletin... Windows 95 hacked!

This is so not news. Any OS that is not patched or updated is vulnerable. Yes even macs. You deserve it if you are running such a patch deficient system. Come on CNET report on something relevant!

[Darthorious]

News bulletin... Windows 95 hacked!

Acctually win95 machines are very nice to not hack but use to hack lol...

[coachgeorge]

Microsoft exec calls XP hack 'frightening'

The subject line is the only thing frightening about this. The fact that a MS exec. has the audacity to appear surprised.
Lets look at this:
1-They tested XP SP1 (probably XP home although it is not clear). You remember, the new revolutionary safe and secure upgrade from Windows ME! We will call this the Post Release Beta.
2-No updates, no security software, no nothing just the base OS.
3-While they fell short of saying everyone should move to Vista, that was clearly the intent.
4-I wonder, if Vista had been meeting it's sales numbers would this joke of a demo been done, much less reported?
5-Finally, the fact that at the end of the article CNET states that SP2 includes a firewall that would have either thwarted or at least slowed down the attack, why shouldn't everyone wait for Vista SP2 before buying it?????

I now love XP, It will take a long time for me to embrace Vista.

[bewoofy1]

xp hacks-dont blame them

On a forum of folks who got hit with what hit me,it looked to trace to 1997.The 97 guy was on mac system 7. One from 2004 was afraid to talk. My silence on specifics is not fear.It has gone much further than whoever that man was scared of.Windows was the last 'soldier standing', so dont take pot shots at them!

I know 'rootkit' writers try to get their driver in the kernel, but what if the kernel has drivers already there which make it far easier?

Some of the 'attack vectors' are in plain sight, like an easy google or even in pc mags. They do not say they are 'vectors'. You have to think like me. Is that an potential 'attack vector' and how could a creative hacker use it to get root on this or that?

When first reading pc architecture, I asked a programmer if some scary ideas were possible if the hacker could do x,y,or z, He sadly said 'yes indeed'. I never would tell anyone those things but i am no genius nor hacker. Someone will figure out not only the concepts but how-or maybe worse ones. Not if but when.

Time for board designers to go back to the drawing board, get os drivers out of the kernel that makes cracking easier. When vendors chose the 'clamors of the masses for glitzy, fun convenient tech',they did so IMO niavely.

I choose security over 'that tom foolery', but I see no architecture nor os that is not just a bunch of attack vectors, online or off. There is only one way I know to code a secure pc,but the security lifespan of even old architecture is limited. The vendors are not to blame. They are in business. We have no one to blame but our selves.

If you think of all the bright minds which gave us our hard ware, only to see it go up in smoke,it is nauseating. Anyone who thinks security is possible is living in a fantasy land.Products sold for security help some, but any sales person who is not honest about the limits of their devices/hardware is a'snake oil salemen'. No, the ms corp guy is right.

New security ideas I have read about are pretty limp. ONLY A RADICAL NEW BOARD/hard drive,os WILL DO. Sorry intel,Ms,etc a 'greedy ignorant society' has compromised your efforts.

blu

[outpostprime]

This story is crap

If you read closely it says that they used a windows xp machine with service pack 1. Nobody has a winxp machine with just SP1 anymore unless they are dolts. Only computers that don't have it are on corporate networks that are heavily secured/monitored anyway.

[mbednarz]

"Unsecured wifi network" Duh!

Put a simple 5 digit WEP Code on the Router and the story is done before it starts. Nothing else would matter such as the lack of firewall, SP2, Security patches and updates, or Anti-Virus and Malware. Put a lock on the front door this is over. DUH.
i
The only reason the MS Exec would be "frightened" is that everyone doesn't already have VISTA installed. No thanks, I've seen Vista in action, sure it's purdy, but I've upgraded computers using it to a minimum of 2GB of memory for it to work worth a damn. I have seen it gobble up memory and resources faster than Britney Spears on a trip to Vegas. My XP and Media Center work just fine thank you very much. They putter along on my secured wifi network, behind firewalls, 2 routers, and robust up-to-date Internet Security and Anti-virus suites, thank you very much.

[cre_age_aeon]

Fail

Lol 5 digit WEP passphrase can be cracked faster then you can click "reply" no matter if the WEP key is 64 bit or 128 bit. You'd be better off using WPA but that can be cracked just as well. Once that is done all that remains is cracking the routers user name/password which can be done in just a few minutes if one so wishes. From this point it's port scanning and what ever else the attacker wishes to do. XP SP2 is not going to protect you nor is anti virus or firewalls from a determined attacker. Let alone the 2 routers you claim to put between yourself and the internet. If you want true security stick with a wired network not connected to the internet. Problem solved.

I suggest doing some research on wireless auditing before making such bold claims.

[plcsys]

I don't understand why this is even a story!

XP sp1? How long has sp2 been out? No security and no AV software? Heck anybody could have stolen this. Did they have file sharing turned on as well? PLEASE print stories like this with the headline Yawn, hackers hijack unsecured system.

Doug Norton
PLC Systems, Whitby Ontario

[Jim Harmon]

It's not a story, per se...

It's more of a "Press Release."

[JohnCLord]

XP SP1 hackable? Of course.

XP SP1 is like a nice house - with no fence and no locks on the windows or doors.
They should try hacking my machine with XP Pro SP2, Webroot Desktop Firewall (in stealth mode), Webroot Spy Sweeper with Antivirus (with all shields enabled), and Diamond CS's Process Guard (with Protection enabled, Execution protection enabled, and "Block new and changed applications" enabled.)
Also, with Secunia's PSI enabled and reporting all my software secured and up to date.
Also, with MBSA reporting strong security.
Also, with Belarc's Advisor reporting Antivirus up to date and Windows Security updates up to date.
All my home PC's are cabled and the router has it's wifi disabled.
Even so, Belarc's Advisor warns me my PC only scores 3.83 of 10 on its CIS benchmark score, so I still have some work to do.
But, geeze people, yes, if you leave your PC completely unsecured, of course hackers can get in.
If you want a real gasp, watch a visitor at your house bring up FireFox and click on Tools, Options, Security tab, Show Passwords button, then click on the next Show passwords button and click on Yes when prompted. Or did none of you know that FireFox could display all your browser saved passwords to anyone sitting at the keyboard?
Just like your house and car, if you want to keep strangers out, you have to lock the doors. And even that is probably only going to keep the honest people out anyway. It'll only slow down the others a little bit - hopefully enough to make them pick an easier target. And don't ever let anyone sit at your PC while you're not watching.

[MyRightEye]

Don't paid stories on CNet have to disclosed as advertorials?

because this SO OBVIOUSLY a purposed article to get people to
switch to Vista. Getting very desperate M$!!

Face it, no one wants Vista. My next OS upgrade will be a switch to
Apple's OS X.

[terflip]

XP hack

Sounds like this was a little scare tactic to folks who don't use the computer very much.

I'm for one sick and tired of folks blowing things out of the normal realm to sell vista.

Tell them to hack a fully loaded pc with 256 bit encryption at the server lvl for wireless, and desk top fully up to date on all updates.

Than I'll pay attention to this kind of garbage.

[gggg sssss]

WEP crack has been around since 2005

what is there to not divulge - just search Google

[murraymck]

junk story - bounces back to recent apple commercials

The money Apple must be spending to get CNet to float completely meaningless smokescreen **** like this across. If you've seen the latest "cutesy" Apple commercial - it slams Vista suggesting that most MS users are pedaling backwards to use XP. (suggesting that the new apple OS is the way to go). Now, poof, we see this story. Frightening.
You'd be a fool not to realize the scale and scope of the war Apple and its very full coffers are beginning to wage.

[btljooz]

Fright

THIS is what WE THE PEOPLE should find "frightening" ...VERY frightening!!!

http://www.wired.com/politics/security/commentary/securitymatters/2007/11/securitymatters_1115

Back On Topic:

See the discussion on ZDNet about M$'s "fear" here:

http://news.zdnet.com/2100-1009_22-6218238.html

[Sentinel]

The reason why CNET allowed this story to print

You are all right. This story doesn't say anything we didn't already know. Sure, a non-updated, SP1 computer with no antivirus/spyware can be hacked, with tools freely available out there. The fact that an MS exec is frightened of that is a joke. And I bet CNET knows this. The real reason they print this non-story is because, if you check the comments, they are full of people saying what a crappy story this is. We are the ones to blame for this kind of story to come to press. We should ignore these stories and not comment.

[The_happy_switcher]

zzzzzzzzzzzzzz

zzzzzzzzzzzzzzz. ANother lame security through obscurity argument. Can't you come up with something original? zzzzzzzzzzzzzzz

[technewsjunkie]

Upgrade BAIT! XP has always been hackable.

Who is the real source of this propaganda.

[aplcomputer]

microsoft forcing vista

Just another way for microsoft to push
vista on people.
Vista worst OS in my opinion

[quikboy2]

No it's not.

Vista is an awesome OS. I use it on my Mac all the time, and in 'most' cases, I prefer it over Tiger.

I don't think you've even used it, "aplcomputer"

[wbenton]

Same story... same flavor... different year!

Nothing new about this at all: History has already proven that!

2006 http://www.techworld.com/security/news/index.cfm?NewsID=5535

2005 http://www.pcworld.com/article/id,123714-page,1/article.html?RSS=RSS

Note that in both 2005 and in 2006, similar stories to this one just recently posted also appeared... but yet a MS Exec is "enlightened and frightened"?!?!?!

Can't their Exec's read? (* CHUCKLE *)

Don't their Exec's read? (* ROFLOL *)

This just gets funnier the more I read this.

But to attempt to keep it serious... Windows Operating Systems... ALL OF THEM... are insecure in their unprotected form! Including Vista!!!

Walt

[juanfern2005]

my mother could hack that pc

my mother could hack that pc

[krosavcheg]

The REAL Reason this "Story" is Making the Rounds

I've seen this (non-)story in a couple places now. The responses are always the same: Of course an unpatched, unsecured PC running an old version of Windows can be hacked easily.

Time to think about why this story is out there in the first place.

It's not hard to figure out. Follow along:

1. Windows XP is insecure. See how easy it is to hack? Oooo... SCARY!

2. Luckily, Windows Vista is available!

3. Please go buy Windows Vista. Thanks for your business!

[Hamster Trainer]

Hamster hacks C64

In other news... a military-trained hamster hacked into an unsecured Commodore 64.

Pentagon officials are flabbergasted at the "1337 skillz" of the bio-silicon enhanced hamster with an IQ of 5 points over human average.

The Pentagon has promptly hired Microsoft to create a new operating system. Microsoft excitedly informed us that they already have FIVE DIFFERENT VERSIONS of the OS ready to sell for 1,000 Euros per version!

[ Cut to a mass-cheering scene from "1984" ]