Daily Bulletin


News

  • Written by Brianna O'Shea, Lecturer, Ethical Hacking and Defense, Edith Cowan University
Airports, ATMs, hospitals: Microsoft Windows XP leak would be less of an issue, if so many didn't use it

The source code of the Windows XP operating system is now circulating online as a huge 43GB mega-dump.

Although the software is nearly two decades old, it’s still used by people, businesses and organisations around the world. This source code leak leaves it open to being scoured for bugs and weaknesses hackers can exploit.

The leaked torrent files, published on the bulletin board website 4chan, include the source code for Windows XP Service Pack 1, Windows Server 2003, MS DOS 3.30, MS DOS 6.0, Windows 2000, Windows CE 3, Windows CE 4, Windows CE 5, Windows Embedded 7, Windows Embedded CE, Windows NT 3.5 and Windows NT 4.

Tech news site The Verge claims to have verified the material. And Microsoft said it was “investigating the matter”, according to reports.

The leak came with files containing bizarre misinformation related to Microsoft founder Bill Gates and various conspiracy theories. This is consistent with past leaks from 4chan, a site often associated with extremist content and internet trolls.

Using the name “billgates3”, the leaker reportedly said:

I created this torrent for the community, as I believe information should be free and available to everyone and hoarding information for oneself and keeping it secret is an evil act in my opinion.

If the leak is genuine, this won’t be the first time a Microsoft operating system source code was released online. At least 1GB of Windows 10 source code was leaked a few years ago, too.

Vulnerabilities in the source code

The source code is the “source” of a program. It’s essentially the list of instructions a computer programmer writes when they develop a program, which can then be understood by other programmers.

A leaked source code can make it easier for cyber criminals to find and exploit weaknesses and serious security flaws (such as bugs) in a program. It also makes it easier for them to craft malware (software designed to cause harm).

One example would be “rogue” security software trying to make you think your computer is infected by a virus and prompting you to download, or buy, a product to “remove” it. Instead, the download or purchase introduces a virus to your computer.

According to a report from computer security company F-Secure, on average it takes about 20 minutes for a Windows XP machine to be hacked once it’s connected to the internet.

Read more: Australia’s cybersecurity strategy: cash for cyberpolice and training, but the cyberdevil is in the cyberdetail

Is Windows XP still supported?

Windows XP hasn’t had “official” support from Microsoft since 2014. This means there are currently no security updates or technical support options available for users of the operating system.

However, until as recently as last year, Microsoft continued to release security fixes and virus preventive measures for it.

The most notable was an emergency patch released in 2017, to prevent another incident like the massive WannaCry ransomware attack from happening again. This malware affected 75,000 computers in 99 countries – impacting hospitals, Telefonica, FedEx and other major businesses.

Windows XP is still used by people, airlines, banks, organisations and in industrial environments the world over.

In 2016, the network which runs the Royal Melbourne Hospital, Melbourne Health, was infected with a virus targeting computers using Windows XP. The attack forced staff to temporarily manually process blood, tissue and urine samples.

Online, users have posted photos of Windows XP being used at places such as Singapore’s Changi Airport, Heathrow Airport and Zeventem Brussels Airport.

Although the exact figure isn’t known, one estimate suggests the operating system was running on 1.26% of all laptops and desktops, as of last month.

Is there still incentive for hackers to target Windows XP?

The availability of the Windows XP source code opens access for cyber criminals to search for “zero-day threats” in the code that could be exploited.

These are discovered flaws in software, hardware or firmware that are unknown to the parties responsible for patching or “fixing” them – in this case, Microsoft.

Zero-day threats are often found in older ATM machines, for example, as these can’t be patch-managed remotely. This is because they have an embedded version of Windows XP with limited connectivity.

To upgrade in such cases, a bank’s IT professionals would have to visit the machines one by one, branch by branch, to apply security patches for the embedded systems. One report suggests hackers can break through the defences and security features of these older style ATMs within 10-15 minutes.

There’s no easy way to confirm whether ATMs in Australia are still running this 19-year-old software, but past reports indicate this could be the case. The Conversation has reached out to certain parties to obtain this information and is awaiting a response.

Possible defences

Windows XP was left to its own defences back in 2014 when Microsoft stopped mainstream support for the operating system.

But as one of Microsoft’s most widely-used operating systems, it’s still being run and could be around for many years to come.

According to Microsoft Support, since Windows XP is no longer supported, computers running it “will not be secure and will still be at risk for infection”.

Any antivirus software has limited effectiveness on computers that don’t have the latest security updates. The number of holes in software also increases as machines are left unpatched.

Luckily, most organisations have strategies (requiring money and human resources) to manage large-scale upgrades and isolate their most critical systems.

If your computers are still running on the extremely outdated Windows XP operating system, you too should migrate to a more modern one. No one can force you, but it’s certainly a good idea.

Read more: Apple iPhones could have been hacked for years – here's what to do about it

Authors: Brianna O'Shea, Lecturer, Ethical Hacking and Defense, Edith Cowan University

Read more https://theconversation.com/airports-atms-hospitals-microsoft-windows-xp-leak-would-be-less-of-an-issue-if-so-many-didnt-use-it-147018

Writers Wanted

The Best Android tools and Utility Apps

arrow_forward

How to Find the Best SEO Services Company That Offers Guaranteed Results

arrow_forward

The Conversation
INTERWEBS DIGITAL AGENCY

Politics

Prime Minister Interview with Ben Fordham, 2GB

BEN FORDHAM: Scott Morrison, good morning to you.    PRIME MINISTER: Good morning, Ben. How are you?    FORDHAM: Good. How many days have you got to go?   PRIME MINISTER: I've got another we...

Scott Morrison - avatar Scott Morrison

Prime Minister Interview with Kieran Gilbert, Sky News

KIERAN GILBERT: Kieran Gilbert here with you and the Prime Minister joins me. Prime Minister, thanks so much for your time.  PRIME MINISTER: G'day Kieran.  GILBERT: An assumption a vaccine is ...

Daily Bulletin - avatar Daily Bulletin

Did BLM Really Change the US Police Work?

The Black Lives Matter (BLM) movement has proven that the power of the state rests in the hands of the people it governs. Following the death of 46-year-old black American George Floyd in a case of ...

a Guest Writer - avatar a Guest Writer

Business News

How to Find the Best SEO Services Company That Offers Guaranteed Results

As a business owner, you have to be strategic about how you’ll be able to reach your target market. That is why entrepreneurs implement various marketing tactics to reach their goals. With today...

News Co - avatar News Co

Top Reasons Why Your Business Needs SEO

SEO is crucial for the ranking of a website. You may think that SEO offers greater searchability while it can do more than this. The most cost-effective tool for the survival of smalls businesse...

News Co - avatar News Co

Nisbets’ Collab with The Lobby is Showing the Sexy Side of Hospitality Supply

Hospitality supply services might not immediately make you think ‘sexy’. But when a barkeep in a moodily lit bar holds up the perfectly formed juniper gin balloon or catches the light in the edg...

The Atticism - avatar The Atticism



News Co Media Group

Content & Technology Connecting Global Audiences

More Information - Less Opinion