|
General
|
|
Written by Daniel
|
|
Friday, 16 November 2007 10:24 |
Microsoft exec calls XP hack 'frightening'
By Tom Espiner
Special to CNET News.com
Published: November 13, 2007, 6:56 AM PST
A Microsoft executive calls the ease with which two British e-crime specialists managed to hack into a Windows XP computer as both "enlightening and frightening."
The demonstration took place Monday at an event sponsored by Get Safe Online--a joint initiative of the U.K. government and industry. At the event, which was aimed at heightening security awareness among small businesses, two members of the U.K. government intelligence group Serious Organized Crime Agency connected a machine running Windows XP with Service Pack 1 to an unsecured wireless network. The machine was running no antivirus, firewall, or anti-spyware software and contained a sample target file of passwords to be stolen.
The SOCA officials wished to remain anonymous. One of them, "Mick," remained behind a screen while carrying out the hack into the unpatched computer of a fellow officer, "Andy."
"It's easy to connect to an unsecured wireless network," said Mick. "You could equate Andy with being in his bedroom, while I'm scanning for networks outside in my car. If I ordered or viewed illegal materials, it would come back to Andy."
Mick used a common, open-source exploit-finding tool he had downloaded from the Internet. SOCA asked ZDNet UK not to divulge the name of the tool.
"You can download attack tools from the Internet, and even script kiddies can use this one," said Mick.
Mick found the IP address of his own computer by using the XP Wireless Network Connection Status dialog box. He deduced the IP address of Andy's computer by typing different numerically adjacent addresses in that IP range into the attack tool, then scanning the addresses to see if they belonged to a vulnerable machine.
Using a different attack tool, he produced a security report detailing the vulnerabilities found on the system. Mick decided to exploit one of them. Using the attack tool, Mick built a piece of malware in MS-DOS, giving it a payload that would exploit the flaw within a couple of minutes.
Getting onto the unsecured wireless network, pinging possible IP addresses of other computers on the network, finding Andy's unpatched computer, scanning open ports for vulnerabilities, using the attack tool to build an exploit, and using the malware to get into the XP command shell took six minutes... More Comment n the Forums |
