0wn3d in 200 seconds | The Register : An unprotected Windows XP machine was breached within four minutes, and became a zombie in less than ten hours, tests conducted by USA Today show. The paper set up six honeypot PCs and monitored the results.

An XP PC running SP1 was breached by an intruder through a hole that the Sasser worm used, only four minutes into the test. Within fifteen minutes two intrusions took place, one using the MS Blaster hole. Within ten hours hackers had established an irc channel and the machine was broadcasting its vulnerabilities to the world at large. A Windows Small Business Server was similarly compromised, with the intruder uploading a program which gave full control of the machine.


Never, never, plug a brand new PC onto the internet without a firewall between it and the net. If you've already got a network and router in place this is all fairly easy. What worries me though is the average home user this christmas who finally splashes out on Broadband and a PC. Most of them will just plug it in, find it works and go and get a cup of tea. The machine may well start automatically downloading and installing SP2, but the machine will be attacked and 0wn3d well before they ever get to installing it.

This problem is solvable. Just not this year and not the way PCs currently start up from being taken out of the box for the first time.

I was checking my incoming logs a week ago, and I'm getting attacked 2 or 3 times a minute. I wondered why the cable modem light was on pretty much continuously these days. This is not going to get better any time soon. [from: JB Ecademy]


[ << The Negativland iPod featuring the letter U and the number 2 ] [ MSN Spaces, Messenger >> ]
[ 03-Dec-04 12:40am ] [ ]