Tag Archive for XP

| April 30, 2018
Comments Off on ATM Jackpotting

ATM Jackpotting

ATM JackpottingThe U.S. Secret Service has warned (PDF) financial institutions of logical (jackpot) attacks on Automated Teller Machines (ATMs). These ATM attacks originated in Mexico and have spread to the US. These jackpotting attacks are an industry-wide issue and as one vendor stated, are “a call to action to take appropriate steps to protect their ATMs against these forms of attack and mitigate any consequences.”

The attack mode involves a series of steps to defeat the ATM’s existing security mechanisms and the authorization process for setting the communication within the ATM. Internal communications are used when computer components like the mainboard or the hard disk have to be exchanged for legitimate reasons.

Description of an ATM attack

Automated Teller Machines (ATMs)In a Jackpotting attack, the criminal gains access to the internal infrastructure of the terminal to infect the ATM PC or by completely exchanging the hard disk (HDD). There are a number of steps the attacker has to take for this type of attack:

  1. The top of the ATM must be opened.
  2. The original hard disk of the ATM is removed and replaced by another hard disk, which the attackers have loaded with an unauthorized and/or stolen image of ATM platform software.
  3. In order to pair this new hard drive with the dispenser, the dispenser communication needs to be reset, which is only allowed when the safe door is open. A cable in the ATM is unplugged to fool the machine into allowing the crooks to add their bogus hard drive to the ATM.
  4. A dedicated button inside the safe needs to be pressed and held to start the dispenser communication. The crooks insert an extension into existing gaps next to the presenter to depress the button. CCTV footage has shown that criminals use an industrial endoscope to complete the taskATM's

In other Jackpotting attacks, portions of a third-party multi-vendor application software stack to drive ATM components are used. Brian Krebs at Krebs on Security reports that Secret Service issued a warning that organized criminal gangs have been attacking stand-alone ATMs in the United States using “Ploutus.D,” an advanced strain of jackpotting malware first spotted in 2013.

Mr. Krebs also reports that “During previous attacks, fraudsters dressed as ATM technicians and attached a laptop computer with a mirror image of the ATMs operating system along with a mobile device to the targeted ATM. Once this is complete, fraudsters own the ATM and it will appear Out of Service to potential customers according to the confidential Secret Service alert. At this point, the crook(s) installing the malware will contact co-conspirators who can remotely control the ATMs and force the machines to dispense cash.

In previous Ploutus.D attacks, the ATM Dispensed at a rate of 40 bills every 23 secondscontinuously dispensed at a rate of 40 bills every 23 seconds,” the alert continues. Once the dispense cycle starts, the only way to stop it is to press cancel on the keypad. Otherwise, the machine is completely emptied of cash, according to the alert. While there are some risks of the money mule being caught by cameras, the speed in which the operation is carried out minimizes the mule’s risk.”

Specific Guidance and Recommendations

The most common forms of logical attack against ATMs are “Black Box” and “Offline Malware”. The steps to minimize the risks to ATMs are the same as any other enterprise device.

  1. Make sure firmware and software are current with the latest updates, are important protections to mitigate the impact of Black Box attacks. Four out of five cash machines still run Win XP or Win XP Embedded. The Secret Service alert says ATMs still running on Windows XP are particularly vulnerable, and it urged ATM operators to update to at least Windows 7 to defeat this specific type of attack.
  2. Use secure hard drive encryption protections against Offline Malware
  3. Use a secure BIOS remote control app to lock the ATM BIOS configuration and protect the configuration with a password.
  4. Deploying an application whitelisting solution.
  5. Limit Physical Access to the ATM:
    • Use appropriate locking mechanisms to secure the head compartment of the ATM.
    • Control access to areas used by staff to service the ATM.
    • Implement two-factor authentication (2FA) controls for service technicians.
  6. Set up secure monitoring
  7. Use the most secure configuration of encrypted communications. In cases where the complete hard disk is being exchanged, encrypted communications between ATM PC and dispenser protect against the attack.
    • Ensure proper hardening and real-time monitoring of security-relevant hardware and software events.
    • Investigate suspicious activities like deviating or non-consistent transaction or event patterns, which are caused by an interrupted connection to the dispenser. Monitor unexpected opening of the top hat compartment of the ATM.

rb-

Followers of the Bach Seat know how to secure their PCs, I have written about securing PCs many times here. So the question is why not ATMs? Research says that consumers go into the branch less every year. The experts say that by 2022 customers will visit a branch only 4 times a year. In many cases, ATMs are the bank’s surrogates for most cash transactions. It makes sense to get it right.

Related article

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , ,
| March 12, 2016
Comments Off on Not the Windows Startup You Knew

Not the Windows Startup You Knew

Not the Windows Startup You KnewMental Floss brought us the work of London-based musician Daniel John Jones who has experimented with slowing down the playback of an assortment of Windows start-up sounds. As part of a project on his Soundcloud page, he has slowed down a number of Windows start-up sounds by up to 4000 percent.

SoundcloudIn the case of Windows XP, the iconic sound takes on an eerie trance-like tone that lasts just shy of three minutes. Its build-up and dramatic payoff never seemed to make the pay-off when I started up my PC. Listen here.

The Windows 95 start-up sound, which lasts nearly 4 minutes takes on a new-agey mood with a sinister edge to it. Listen here.

The full collection of Jones’s Windows work can be found here.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , ,
| February 10, 2015
Comments Off on Windows 7 Reaches Middle Age

Windows 7 Reaches Middle Age

Windows 7 Reaches Middle AgeNow that you have almost eliminated Microsoft (MSFT) Windows XP from your network and settled on Windows 7 it should be time to catch your breath. But NOOO!! Windows 7 has reached the end of mainstream support.  That’s right we are already 5 years into the Windows 7 era. Repeat after me… Windows 7 still has five years left … Windows 7 still has five years left … Windows 7 still has five years left.

MMicrosoft Windows 7 logoicrosoft commits to 10 years of security fixes and 5 years of feature enhancements and bug fixes for each major OS release. Windows 7 has moved from mainstream support – free help for everyone – to extended support, which means Microsoft will charge for help with the software. That will end in 2020 when Microsoft turns out the lights on Windows 7 for good.

The recent techno-flops from the boys and girls in Redmond, Vista, and Windows 8 have taught enterprises to plan for a new desktop OS every other release. This puts businesses in a bind. MSFT’s track record prevents forward-looking firms from organically growing their desktop fleet into the next cycle. There are those that argue that until Microsoft separates consumer from commercial desktops, Microsoft commercial customers will continue to skip one or more iterations of Windows, their only real answer to the high costs and disruption of upgrading.

Gregg KeizerMirosoft update cycle at ComputerWorld cites research from Gartner (IT) which prognosticates that many enterprises cannot change their processes. Many organizations will go through the same machinations they did with XP. Or maybe even balk at dumping Windows 7 at the same pace as the venerable Windows XP, making things worse. Michael Silver of Gartner told ComputerWorld that having a plan could help organizations avoid a repeat of XP’s expensive end-of-support scramble. Gartner believes that the same EOL mad-scramble we saw with XP will occur again when time is up on Windows 7. Mr. Silver claims:

[A repeat of Windows XP] is certainly likely to happen … One of the big differences that’s been under-considered is that because Vista took five years to come out [after XP], there were eight years between XP and Windows 7. So Windows XP felt pretty old. … Windows 7 won’t feel that old to people…” 

Microsoft Windows 10 logoMr. Keizer argues that the failure of Windows 8 to win enterprise hearts and minds has created an oddity: Even though Windows 7 has made middle age, Microsoft continues to let OEMs sell PCs running the Windows 7 business edition.  Microsoft has yet to name an end date for OEM sales of machines powered by Windows 7 Professional. But because it has promised a 12-month notice, those PCs can still be sold at least until early January 2016, when the OS has but four years of life left.

But if you are just finishing your last migration, then you don’t have all that much time to start planning the next one.

rb-

If you don’t like the Redmond hamster wheel, consider your alternatives. Sophos compares the Windows upgrade schedule to some other options. 10 years might be the best option out there. For example:

  • Apple’s (AAPL) OS X is supported for mystery years,
  • Apple’s mobile iOS is supported for mystery years (3?)
  • Android seems to leave it up to you, but don’t expect Google (GOOG) to commit to securing it.
  • Ubuntu LTS is supported for around 5 years, and
  • Red Hat Enterprise 13 years (with extended support).
Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , , , , , ,
| August 28, 2014
Comments Off on Millions of PC’s Still Have Stuxnet Bug

Millions of PC’s Still Have Stuxnet Bug

Millions of PC's Still Have Stuxnet BugLately, I have covered a few pieces of old IT business here, here, and here. And here is another piece of old business from Infosecurity Magazine. Tara Seals at Infosecurity Magazine recently pointed out new research from Kaspersky. They are reporting that there are 10’s of millions of systems that are still vulnerable to the most infamous malware families that enabled Stuxnet.

Patched in late 2010

RadarResearch by Kaspersky has found the vulnerability that allowed Stuxnet, Flame, and Gauss malware campaigns (CVE-2010-2568) is still being exploited. They are still being exploited despite the flaw having been patched in late 2010 by Microsoft. Kaspersky Lab reported more than 50 million detections on more than 19 million computers worldwide in the past eight months.

The lack of patching by IT administrators is surprising given that the vulnerability has an infamous history. The author explains that the vulnerability is an error in processing tags in Microsoft (MSFT) Windows OS. The flaw enabled the download of the random dynamic library without the user’s awareness. The vulnerability affects Windows XP, Vista, and Windows 7, as well as Windows Server 2003 and 2008.

Sality worm

MalwareThe first malware exploiting this vulnerability appeared in July 2010: the worm Sality. Sality generated vulnerable tags and distributed them through the LAN. Ms. Seals writes that if a user opens a folder containing one of these vulnerable tags, a malicious program immediately begins to launch. The summer of 2010 then saw the appearance of Stuxnet. Stuxnet is a computer worm that was specifically designed (likely by the US and Israel) to sabotage the uranium enrichment process at several factories in Iran. Subsequently, the state-sponsored Flame and Gauss spyware made use of the security hole.

Windows XP vulnerable to Stuxnet

Infosecurity Magazine dug into the statistics and found that most of the unpatched systems were running Microsoft’s outdated Windows XP. Kaspersky said the report.

Knife in the toasterThe lion’s share of detection’s (64.19%) registered .. involved XP and only 27.99% were on Windows 7 … Kaspersky Lab products protecting Windows Server 2003 and 2008 also regularly report detection of these exploits (3.99% and 1.58% detection’s respectively)

Kaspersky data suggests that the problem is self-inflicted.

The large number of detection’s coming from XP users suggests that most of these computers either don’t have an installed security solution or use a vulnerable version of Windows – or both.

Kaspersky also analyzed the geographical distribution of CVE-2010-2568 detections. According to Infosecurity, the top nations with the vulnerability were:

  1. Vietnam (42.45%)
  2. India (11.7%) and
  3. Algeria (5.52%)

Kaspersky researchers told the author, “So many users of outdated versions of Windows mean these exploits are effective even though almost four years have passed since the disclosure and patching of the vulnerability.”

rb-

C’mon, if you are going to use an orphaned operating system, update it as far as you can and get off it as fast as possible.

As Kaspersky pointed out, using an outdated version of an operating system is fraught with the risk of cyber-attacks involving exploits, special programs that target vulnerabilities in legitimate software to infect a computer with other dangerous malware.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , ,
| August 21, 2014
Comments Off on MSFT Closing More Windows Support

MSFT Closing More Windows Support

MSFT Closing More Windows SupportIT departments organizations are busy keeping up with XP replacements, Cloud migrations, BYOD implementations and now Microsoft has reminded everybody that there are other fires burning on the horizon. Microsoft (MSFT) is warning that they are ending mainstream support for more popular Windows products. Some of the key products ending mainstream support include; Windows 7, Window Server 2008, Exchange 2010, and SharePoint 2010.

So what does Redmond mean when it ends “Mainstream Support”?

  • Microsoft supportMainstream support is the typically five-year period when Microsoft provides free patches and fixes, including but not limited to security updates, for its products.
  • When a product exits the mainstream support phase, Microsoft continues to provide a period (also often five years) of extended support, which means users get free security fixes but other types of updates are paid and require specific licensing deals.
  • “End of support” means there will be no more fixes or patches — paid or free, security or non-security — coming for specific products. CNET says there are some temporary workarounds, as Windows XP users have discovered, but as a general rule, end of support means, for most intents and purposes, the end.

start planning nowHere are some critical (or not so critical) dates. You may want to circle in red on your calendar and start planning now. Do you have funds in your 2020 capital budget for new hardware? Will cloudifying these be the answer? Are you up to speed on Azure? Are your apps up to speed on Azure?

September 14, 2014 mainstream support ends Windows Phone 7.8.

October 14, 2014, is a critical date, support ends for

  • Office 2010 (Including Viso and Project) with Service Pack 1 mainstream support ends.
  • SharePoint Server 2010 Service Pack 1 mainstream support ends

ending mainstream support for more popular Windows productsJanuary 13, 2015, is a big day for Microsoft support

  • Windows 7, Mainstream, free support ends on for all versions of  Windows 7 (Enterprise, Home Basic, Home Premium, Ultimate, and Starter) as well as Windows 7 SP1.
  • Extended support for Windows 7 lasts until January 14, 2020, so users can expect to continue to receive free security updates, but not feature updates, for Windows 7 until that point.
  • Some industry watchers have speculated that Microsoft will end up pushing out Windows 7’s support dates the way the company did for XP, given Windows 7’s popularity and pervasiveness, but so far, CNET says there is no evidence of it happening.
  • Windows Server 2008 – Mainstream support also ends on all versions of Windows Server 2008 and 2008 R2. Extended support remains in place until 2020.
  • Exchange 2010 – Mainstream support will also end on all versions of Exchange 2010. Extended support remains in place until 2020.
  • Other Microsoft products whose mainstream support ends on January 13, 2015 include :
    • All editions of Windows Storage Server 2008,
    • Dynamics C5 2010,
    • NAV 2009 and NAV 2009 R2
    • Forefront Unified Access Gateway 2010 with SP3
    • Visual Studio 2012
  • Microsoft recommends its customers to get updated, “Customers should migrate to the next available Service Pack to continue to receive security updates and be eligible for other support options.”

extended support cuts offJuly 14, 2015, Microsoft’s extended support period for Server 2003 cuts off (I covered the end of 2003 here). MSFT won’t be issuing patches, updates, or fixes of any kind for that operating system (unless users have pricey Custom Support Agreements in place). Redmond is hoping to move 2003 hold-outs to Windows Server 2012 R2 and/or Azure.

October 13, 2015, is another big deal day

  • Office 2010, Visio 2010, Project 2010 — Mainstream Support ends. Extended support should run into 2020.
  • SharePoint Server 2010 — Mainstream support ends. Extended support should run into 2020.

April 11, 2017 – Extended Support ends for Windows Vista ends. No more updates. Time to upgrade (rb- if you haven’t already moved on).

August 11, 2017 – Extended Support ends for Exchange Server 2007. No more updates. Time to upgrade.

January 10, 2018, Mainstream support for Windows 8.1 ends for all versions of Windows 8. Customers still running Windows 8 have until January 12, 2016, to update to Windows 8.1 in order to stay supported.

rb-

Remember this – running out-of-date software which no longer receives security updates is playing into the hands of online criminals and hackers.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , , , ,
« Older Entries