All Discussions Tagged 'xp' - 12160 Social Network2024-03-29T05:53:54Zhttps://12160.info/forum/topic/listForTag?tag=xp&feed=yes&xn_auth=noWindows XP holdouts vulnerable to hackerstag:12160.info,2014-02-18:2649739:Topic:14156752014-02-18T14:42:57.549ZRobert Carobenehttps://12160.info/profile/RobertCarobene
<div class="content-head"><div class="bcnv11" id="breadcrumbnav"><div class="clearfix" id="subnav"><ul id="subzones">
<li><a href="http://www.cbc.ca/newsblogs/technology/quirks-quarks-blog/" target="_top">Quirks & Quarks Blog</a></li>
<li><a href="http://www.cbc.ca/spark/" target="_top">Spark</a></li>
<li><a href="http://www.cbc.ca/news/technology/photos" target="_top">Photo Galleries…</a></li>
</ul>
</div>
</div>
</div>
<div class="content-body story"></div>
<div class="content-head"><div id="breadcrumbnav" class="bcnv11"><div id="subnav" class="clearfix"><ul id="subzones">
<li><a href="http://www.cbc.ca/newsblogs/technology/quirks-quarks-blog/" target="_top">Quirks & Quarks Blog</a></li>
<li><a href="http://www.cbc.ca/spark/" target="_top">Spark</a></li>
<li><a href="http://www.cbc.ca/news/technology/photos" target="_top">Photo Galleries</a></li>
</ul>
</div>
</div>
</div>
<div class="content-body story"><div class="wrap12 story-head" id="content"><div class="colfull"><div class="story-headline"><h1 class="story-title">Windows XP holdouts vulnerable to hackers</h1>
</div>
<h3 class="story-deck">Microsoft retiring XP on April 8, ending malware support in 2015</h3>
<p class="small lighttext"><span class="spaced"><a href="http://www.cbc.ca/news/cbc-news-online-news-staff-list-1.1294364">CBC News</a></span> <span class="delimited">Posted: Feb 11, 2014 2:51 PM ET</span> Last Updated: Feb 11, 2014 4:19 PM ET</p>
</div>
</div>
<div class="wrap8 story-primary"><div id="leadmedia" class="story-leadmedia col8"><div class="figure"><div class="cbc-avembed-container col8width"><div class="cbc-avembed video col8width aspectratio16x9 leadmedia" id="avEmbed_2435995378"><a href="http://www.cbc.ca/player/News/Technology%20and%20Science/ID/2435995378/" title="Click to play media"><img title="" height="349" alt="Microsoft XP at risk of cyberattacks" width="620" src="http://i.cbc.ca/1.2531386.1392142204!/httpImage/image.jpg_gen/derivatives/16x9_620/image.jpg"/></a><div class="avembed-playButton">►</div>
</div>
</div>
<p class="figure-caption"><strong class="spaced">Microsoft XP at risk of cyberattacks</strong> 3:02</p>
</div>
</div>
<div class="wrap8 story-bodywrapper sclt-storybody"><div class="story-middle col2" id="sharecount_gig_containerParent"><div id="sharecount" class="sclt-share"><div class="gig-bar-container gig-share-bar-container"><table cellspacing="0">
<tbody><tr><td><div class="gig-button-container gig-button-container-facebook gig-button-container-count-right gig-share-button-container gig-button-container-vertical gig-share-button-container-vertical"><table cellspacing="0">
<tbody><tr><td class="gig-button-td"><div class="gig-button gig-share-button gig-button-up gig-button-count-right" id="sharecount-reaction0" title=""><table cellspacing="0">
<tbody><tr><td id="sharecount-reaction0-left"><div id="sharecount-reaction0-left_img"></div>
</td>
<td id="sharecount-reaction0-icon"><div id="sharecount-reaction0-facebook_img"></div>
</td>
<td id="sharecount-reaction0-text"><div class="gig-button-text gig-share-button-text">Facebook</div>
</td>
<td id="sharecount-reaction0-right"><div id="sharecount-reaction0-right_img"></div>
</td>
</tr>
</tbody>
</table>
</div>
</td>
<td><div class="gig-counter gig-share-counter gig-counter-$rid gig-counter-right" id="sharecount-reaction0-count"><span class="gig-counter-text gig-share-counter-text gig-counter-text-right gig-share-counter-text-right" id="sharecount-reaction0-count-value">95</span></div>
</td>
</tr>
</tbody>
</table>
</div>
</td>
</tr>
<tr><td><div class="gig-button-container gig-button-container-twitter gig-button-container-count-right gig-share-button-container gig-button-container-vertical gig-share-button-container-vertical"><table cellspacing="0">
<tbody><tr><td class="gig-button-td"><div class="gig-button gig-share-button gig-button-up gig-button-count-right" id="sharecount-reaction1" title=""><table cellspacing="0">
<tbody><tr><td id="sharecount-reaction1-left"><div id="sharecount-reaction1-left_img"></div>
</td>
<td id="sharecount-reaction1-icon"><div id="sharecount-reaction1-twitter_img"></div>
</td>
<td id="sharecount-reaction1-text"><div class="gig-button-text gig-share-button-text">Twitter</div>
</td>
<td id="sharecount-reaction1-right"><div id="sharecount-reaction1-right_img"></div>
</td>
</tr>
</tbody>
</table>
</div>
</td>
<td><div class="gig-counter gig-share-counter gig-counter-$rid gig-counter-right" id="sharecount-reaction1-count"><span class="gig-counter-text gig-share-counter-text gig-counter-text-right gig-share-counter-text-right" id="sharecount-reaction1-count-value">0</span></div>
</td>
</tr>
</tbody>
</table>
</div>
</td>
</tr>
<tr><td><div class="gig-button-container gig-button-container-reddit gig-button-container-count-none gig-share-button-container gig-button-container-vertical gig-share-button-container-vertical"><div class="gig-button gig-share-button gig-button-up gig-button-count-none" id="sharecount-reaction2" title=""><table cellspacing="0">
<tbody><tr><td id="sharecount-reaction2-left"><div id="sharecount-reaction2-left_img"></div>
</td>
<td id="sharecount-reaction2-icon"><div id="sharecount-reaction2-reddit_img"></div>
</td>
<td id="sharecount-reaction2-text"><div class="gig-button-text gig-share-button-text">Reddit</div>
</td>
<td id="sharecount-reaction2-right"><div id="sharecount-reaction2-right_img"></div>
</td>
</tr>
</tbody>
</table>
</div>
</div>
</td>
</tr>
<tr><td><div class="gig-button-container gig-button-container-google-plusone gig-button-container-count-right gig-share-button-container gig-button-container-vertical gig-share-button-container-vertical"><div id="sharecount-reaction3"><div id="___plusone_0"></div>
</div>
</div>
</td>
</tr>
<tr><td><div class="gig-button-container gig-button-container-share gig-button-container-count-right gig-share-button-container gig-button-container-vertical gig-share-button-container-vertical"><table cellspacing="0">
<tbody><tr><td class="gig-button-td"><div class="gig-button gig-share-button gig-button-up gig-button-count-right" id="sharecount-reaction4" title=""><table cellspacing="0">
<tbody><tr><td id="sharecount-reaction4-left"><div id="sharecount-reaction4-left_img"></div>
</td>
<td id="sharecount-reaction4-icon"><div id="sharecount-reaction4-share_img"></div>
</td>
<td id="sharecount-reaction4-text"><div class="gig-button-text gig-share-button-text">Share</div>
</td>
<td id="sharecount-reaction4-right"><div id="sharecount-reaction4-right_img"></div>
</td>
</tr>
</tbody>
</table>
</div>
</td>
<td><div class="gig-counter gig-share-counter gig-counter-$rid gig-counter-right" id="sharecount-reaction4-count"><span class="gig-counter-text gig-share-counter-text gig-counter-text-right gig-share-counter-text-right" id="sharecount-reaction4-count-value">95</span></div>
</td>
</tr>
</tbody>
</table>
</div>
</td>
</tr>
<tr><td><div class="gig-button-container gig-button-container-email gig-button-container-count-none gig-share-button-container gig-button-container-vertical gig-share-button-container-vertical"><div class="gig-button gig-share-button gig-button-up gig-button-count-none" id="sharecount-reaction5" title=""><table cellspacing="0">
<tbody><tr><td id="sharecount-reaction5-left"><div id="sharecount-reaction5-left_img"></div>
</td>
<td id="sharecount-reaction5-icon"><div id="sharecount-reaction5-email_img"></div>
</td>
<td id="sharecount-reaction5-text"><div class="gig-button-text gig-share-button-text">Email</div>
</td>
<td id="sharecount-reaction5-right"><div id="sharecount-reaction5-right_img"></div>
</td>
</tr>
</tbody>
</table>
</div>
</div>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<div class="story-relatedlinks module sclt-relatedlinks"><div class="story-relatedlinks-body module-body"><div class="story-relatedlinks-submodule story-internallinks module"><h3 class="story-internallinks-head story-internallinks-heading module-head module-heading">Related Stories</h3>
<div class="story-internallinks-body module-body"><ul class="story-internallinks-list">
<li><a href="http://www.cbc.ca/news/technology/windows-xp-anti-malware-support-extended-to-2015-1.2500582">Windows XP anti-malware support extended to 2015</a></li>
<li><a href="http://www.cbc.ca/news/technology/windows-8-1-released-by-microsoft-1.2100781">Windows 8.1 released by Microsoft</a></li>
</ul>
</div>
</div>
</div>
</div>
</div>
<div class="story-body"><div class="story-content"><p>Are you still running Windows XP? Many governments, utilities, banks and businesses are, and they could be vulnerable to malware and hackers, especially when Microsoft stops providing free updates in April, an Ottawa security consultant warns.</p>
<p>"Ultimately, if you're running critical software on an architecture that has security flaws in it, you're eventually going to be bitten," said Chris Dodunski, chief technology officer at Phirelight Security Solutions.</p>
<p>Dodunski estimates that about half of government and business computers in Canada still use Windows XP due to the cost of upgrading.</p>
<p>Worldwide, as of January, about 30 per cent of desktop computers were still running the operating system released by Microsoft in 2001.</p>
<p>Microsoft is set to retire XP on April 8, and won't be providing support such as bug fixes after that, although it says it will <a href="http://www.cbc.ca/news/technology/windows-xp-anti-malware-support-extended-to-2015-1.2500582">extend anti-malware support until 2015</a>. However, the company is encouraging users to upgrade to the latest version of its operating system, <a href="http://www.cbc.ca/news/technology/windows-8-1-released-by-microsoft-1.2100781">Windows 8</a>.</p>
<ul>
<li><a href="http://www.cbc.ca/news/technology/windows-8-1-released-by-microsoft-1.2100781">Windows 8.1 released by Microsoft</a> More here <a href="http://www.cbc.ca/news/technology/windows-xp-holdouts-vulnerable-to-hackers-1.2532609">http://www.cbc.ca/news/technology/windows-xp-holdouts-vulnerable-to-hackers-1.2532609</a></li>
</ul>
</div>
</div>
</div>
</div>
</div> !!! ALERT !!! Windows users read thistag:12160.info,2009-10-09:2649739:Topic:1121102009-10-09T20:56:22.694ZAnti Oligarchhttps://12160.info/profile/AntiOligarch
<a href="http://www.heise.de/tp/r4/artikel/5/5263/1.html" target="_blank">Heiss</a> - A 'CARELESS' mistake by Microsoft programmers has revealed that special access codes prepared by the US National Security Agency have been secretly built into Windows. The NSA access system is built into every version of the Windows operating system now in use, except early releases of Windows 95 (and its predecessors). The discovery comes close on the heels of the revelations earlier this year that another US…
<a href="http://www.heise.de/tp/r4/artikel/5/5263/1.html" target="_blank">Heiss</a> - A 'CARELESS' mistake by Microsoft programmers has revealed that special access codes prepared by the US National Security Agency have been secretly built into Windows. The NSA access system is built into every version of the Windows operating system now in use, except early releases of Windows 95 (and its predecessors). The discovery comes close on the heels of the revelations earlier this year that another US software giant, Lotus, had built an NSA "help information" trapdoor into its Notes system, and that security functions on other software systems had been deliberately crippled.<br />
<br />
The first discovery of the new NSA access system was made two years ago by British researcher Dr Nicko van Someren. But it was only a few weeks ago when a second researcher rediscovered the access system. With it, he found the evidence linking it to NSA.<br />
<br />
Computer security specialists have been aware for two years that unusual features are contained inside a standard Windows software "driver" used for security and encryption functions. The driver, called ADVAPI.DLL, enables and controls a range of security functions. If you use Windows, you will find it in the C:Windowssystem directory of your computer.<br />
<br />
ADVAPI.DLL works closely with Microsoft Internet Explorer, but will only run cryptographic functions that the US governments allows Microsoft to export. That information is bad enough news, from a European point of view. Now, it turns out that ADVAPI will run special programmes inserted and controlled by NSA. As yet, no-one knows what these programmes are, or what they do.<br />
<br />
Dr Nicko van Someren reported at last year's Crypto 98 conference that he had disassembled the ADVADPI driver. He found it contained two different keys. One was used by Microsoft to control the cryptographic functions enabled in Windows, in compliance with US export regulations. But the reason for building in a second key, or who owned it, remained a mystery.<br />
<br />
A second key<br />
<br />
Two weeks ago, a US security company came up with conclusive evidence that the second key belongs to NSA. Like Dr van Someren, Andrew Fernandez, chief scientist with Cryptonym of Morrisville, North Carolina, had been probing the presence and significance of the two keys. Then he checked the latest Service Pack release for Windows NT4, Service Pack 5. He found that Microsoft's developers had failed to remove or "strip" the debugging symbols used to test this software before they released it. Inside the code were the labels for the two keys. One was called "KEY". The other was called "NSAKEY".<br />
<br />
Fernandes reported his re-discovery of the two CAPI keys, and their secret meaning, to "Advances in Cryptology, Crypto'99" conference held in Santa Barbara. According to those present at the conference, Windows developers attending the conference did not deny that the "NSA" key was built into their software. But they refused to talk about what the key did, or why it had been put there without users' knowledge.<br />
<br />
A third key?!<br />
<br />
But according to two witnesses attending the conference, even Microsoft's top crypto programmers were astonished to learn that the version of ADVAPI.DLL shipping with Windows 2000 contains not two, but three keys. Brian LaMachia, head of CAPI development at Microsoft was "stunned" to learn of these discoveries, by outsiders. The latest discovery by Dr van Someren is based on advanced search methods which test and report on the "entropy" of programming code.<br />
<br />
Within the Microsoft organisation, access to Windows source code is said to be highly compartmentalized, making it easy for modifications to be inserted without the knowledge of even the respective product managers.<br />
<br />
Researchers are divided about whether the NSA key could be intended to let US government users of Windows run classified cryptosystems on their machines or whether it is intended to open up anyone's and everyone's Windows computer to intelligence gathering techniques deployed by NSA's burgeoning corps of "information warriors".<br />
<br />
According to Fernandez of Cryptonym, the result of having the secret key inside your Windows operating system "is that it is tremendously easier for the NSA to load unauthorized security services on all copies of Microsoft Windows, and once these security services are loaded, they can effectively compromise your entire operating system". The NSA key is contained inside all versions of Windows from Windows 95 OSR2 onwards.<br />
<br />
"For non-American IT managers relying on Windows NT to operate highly secure data centres, this find is worrying", he added. "The US government is currently making it as difficult as possible for "strong" crypto to be used outside of the US. That they have also installed a cryptographic back-door in the world's most abundant operating system should send a strong message to foreign IT managers".<br />
<br />
"How is an IT manager to feel when they learn that in every copy of Windows sold, Microsoft has a 'back door' for NSA - making it orders of magnitude easier for the US government to access your computer?" he asked.<br />
<br />
Can the loophole be turned round against the snoopers?<br />
<br />
Dr van Someren feels that the primary purpose of the NSA key inside Windows may be for legitimate US government use. But he says that there cannot be a legitimate explanation for the third key in Windows 2000 CAPI. "It looks more fishy", he said.<br />
<br />
Fernandez believes that NSA's built-in loophole can be turned round against the snoopers. The NSA key inside CAPI can be replaced by your own key, and used to sign cryptographic security modules from overseas or unauthorised third parties, unapproved by Microsoft or the NSA. This is exactly what the US government has been trying to prevent. A demonstration "how to do it" program that replaces the NSA key can be found on Cryptonym's website.<br />
<br />
According to one leading US cryptographer, the IT world should be thankful that the subversion of Windows by NSA has come to light before the arrival of CPUs that handles encrypted instruction sets. These would make the type of discoveries made this month impossible. "Had the next-generation CPU's with encrypted instruction sets already been deployed, we would have never found out about NSAKEY."<br />
<br />
FROM THE <a href="http://nationalexpositor.com/News/1128.html" target="_blank">National Expositor</a>