Microsoft exec calls XP hack 'frightening'

[Daniel ~]

Written by Daniel
Friday, 16 November 2007
Microsoft exec calls XP hack 'frightening'
By Tom Espiner
Special to CNET News.com
Published: November 13, 2007, 6:56 AM PST


A Microsoft executive calls the ease with which two British e-crime specialists managed to hack into a Windows XP computer as both "enlightening and frightening." ..... Front Page

[Áedán]

My intepretation of what occured: SOCA connected to a wireless network, fished around for other machines using a copy of "ping". (ARP scanner would have been faster though). They used a copy of Nessus and ran that against the machine. They then proceeded to use a copy of Metasploit to exploit one of the many holes there are in an unpatched Windows XP system. That provided a nice shell for them (VNC's another option too), and they used TFTP to download code to the machine. That and they did it in six minutes.

That's fairly slow, but it was for demonstration purposes. I'm not sure why the MS exec called it "frightening" - none of this is news.

[danrok]

Sounds like, they're trying to scare people in to buying Vista.

[ccperf721p]

If you actually use XP in that configuration you should be hacked and have your surfing privileges revoked.

[dsio]

Quote:

Originally Posted by Áedán

My intepretation of what occured: SOCA connected to a wireless network, fished around for other machines using a copy of "ping". (ARP scanner would have been faster though). They used a copy of Nessus and ran that against the machine. They then proceeded to use a copy of Metasploit to exploit one of the many holes there are in an unpatched Windows XP system. That provided a nice shell for them (VNC's another option too), and they used TFTP to download code to the machine. That and they did it in six minutes.

That's fairly slow, but it was for demonstration purposes. I'm not sure why the MS exec called it "frightening" - none of this is news.

Do you time yourself?

[Daniel ~]

Quote:

Originally Posted by Áedán

My intepretation of what occured: SOCA connected to a wireless network, fished around for other machines using a copy of "ping". (ARP scanner would have been faster though). They used a copy of Nessus and ran that against the machine. They then proceeded to use a copy of Metasploit to exploit one of the many holes there are in an unpatched Windows XP system. That provided a nice shell for them (VNC's another option too), and they used TFTP to download code to the machine. That and they did it in six minutes.

That's fairly slow, but it was for demonstration purposes. I'm not sure why the MS exec called it "frightening" - none of this is news.

My guess? They say that so that we will feel they share in the anguish they've created for us to enjoy...That they as well as we are the victims here....rather than the real perps... Just a guess.":O}

[Gizmo]

Quote:

Originally Posted by Daniel ~

My guess? They say that so that we will feel they share in the anguish they've created for us to enjoy...That they as well as we are the victims here....rather than the real perps... Just a guess.":O}

Gee, sounds just like a politician!

[cloasters]

Quote:

Originally Posted by danrok

Sounds like, they're trying to scare people in to buying Vista.

That wouldn't surprise me at all.