XPost: comp.os.ms-windows.misc   
   From: Mr.joejoseph@yahoo.com   
      
   "Steve Hayes"  wrote in message   
   news:cchaj9h45dqsae34ak3ii42nc8nglmlvgj@4ax.com...   
      
   Be Wary: Hackers are Readying Security Updates for XP Users   
   Thursday, March 27, 2014   
   Contributed By:   
   Tripwire Inc   
      
   By: Katherine Brocklehurst   
      
   After April 8, you should be very watchful and wary of ‘security   
   updates’ for   
   Microsoft systems and here’s why: Microsoft ends its support on that   
   date for   
   Windows XP. Timothy Rains, director of trustworthy computing at   
   Microsoft says   
   “the probability of attackers using security updates for Windows 7, 8,   
   and   
   Vista to attack Windows XP is about 100 percent.”   
      
   The significance of this long-foretold moment may be felt hardest by   
   the   
   financial, retail, and energy industries as well as government. The   
   majority   
   of ATMs, many Point-of-Sale (POS) systems, lots of systems within our   
   critical   
   infrastructure environments (and certainly our power grid), and a   
   large   
   percentage of government systems are still running this version of   
   Microsoft’s   
   2001 operating system (in many cases, it’s embedded XP, which   
   Microsoft has   
   committed to supporting a while longer, but some do have regular XP OS   
   in   
   place).   
      
   Approximately 40% of PC users still run desktop versions of Windows XP   
   as   
   well. Windows XP has been regarded by many as the best version of   
   Windows   
   ever. As with all Microsoft OS’s, it’s certainly been patched a lot.   
   Check out   
   this list of XP CVEs. And in 2007 people flatly refused to upgrade   
   even though   
   Microsoft tried to move people off of it then.   
      
   The good news is (per Microsoft) – there’s a fix! Upgrade to Windows   
   8.1 – an   
   OS that has been fraught with highly publicized vulnerabilities since   
   it   
   launched. Or, potentially purchase support from Microsoft at a fat   
   price tag.   
   (What are they quoting your organization for individualized XP   
   software   
   support, and how encompassing is it? – I’d love to hear…I’ve heard   
   that   
   support in year two could incur a five-times multiple!)   
      
   Here’s the bad news – ATMs are a sweet spot for hackers – and many   
   well-organized groups have hit the news with successful cash grabs,   
   and now   
   they’re about to become an even easier target. Estimates are that 95%   
   of bank   
   ATM machines will be vulnerable to XP hackers after April 8.   
      
   The ATM industry is a patchwork of thousands of terminals that range   
   from   
   national banks and their satellite cash locations to individual   
   convenience-store, doughnut shop, beach-side delis, and out-moded ATMs   
   on back   
   roads. It’s difficult to get these systems all upgraded at once, and   
   many   
   machines cannot be updated remotely.   
      
   Many may require a complete physical replacement since they can’t be   
   upgraded   
   due to lack of computing power. Aravinda Korala, CEO of ATM software   
   provider   
   KAL, believes only 15 percent of ATMs in the U.S. will be upgraded by   
   April 8.   
   Many banks are paying Microsoft to extend support for XP on cash   
   machines   
   while they make the switch to Windows 7, according to Reuters.   
      
   So while it’s not quite the apocalypse, it is going to be a very   
   sketchy   
   period of time for XP users. Hackers will have significant opportunity   
   with   
   XP, and you should ready your organization. Suggestions are that if   
   you can’t   
   securely upgrade before April 8, at least prepare to harden your   
   configurations as much as possible in advance, and definitely step up   
   security   
   awareness within your user environment.   
      
   This was cross-posted from Tripwire's The State of Security blog.   
      
   http://www.infosecisland.com/blogview/23696-Be-Wary-Hackers-are-   
   eadying-Security-Updates-for-XP-Users-.html   
      
   ****************************************************************   
   ****************   
      
   Personally, I'm happy to see it go.  It was great in it's time.   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)