Jump to content

Xpocalypse


badbass

Recommended Posts

I honestly don't think it's going to be that big of a deal... MS essentials will still be updated, 3rd party antivirus software will still be updated.. the world isn't going to collapse

Link to comment
Share on other sites

I do feel that if you're still using XP, you're missing out. Windows 7 seems to be a step up in most regards. Unless you use the machine for specific tasks that require specific software which you know does NOT work under W7, in which case I would suggest to unplug that machine at least from the externally visible network and just keep the box as a dedicated device for that task. It's not like it'll stop working.

I think that most home networks are sufficiently secure and unless you've got a wide open access point to manage the LAN the mere fact that a device is on the lan shouldn't be a big problem. Just try to not use that machine for internet browsing and if you really must, stick to Chrome which as far as I can tell will keep producing updated builds for that platform for still some more time to come.

Link to comment
Share on other sites

In cases where legacy machines need to be supported in most cases companies will move to virtualization when they can except where situations arise with specialized hardware and corporate network monkeys will have to do their best to corner off the older machines from being exposed and compromised. Nature of the beast, but where I used to work we had similar issues with software companies that went belly up and using specialized hardware and software, in which we still had Win95 and NT3.5 boxes on the LAN that handled specialized functions with virtually no support other than the people who worked there and maintained the machines.

With XP though, in most cases virtualization with separate network shares for storage to run specific older software and locked desktop environments will still be around for a long time to come even after support ends exposing companies to holes they'll assess as risks worth taking depending on the costs of loss. Case in point, we were using Windows 98 well after 2005 with TN3270 clients to log on to our mainframe before they moved to XP and then thin clients to replace our Dumb Terminals, and there are still a lot of POS/Cash Register machines running Windows 3.1 out in the wild and embedded kiosks with some form of outdated embedded OS's that only use FAT16 and don't support NTFS due to the software they run, so XP is not the only OS that companies still use while trying to keep them segregated from the main LAN/WAN, which is wider spread than many people may realize. I'm sure a Shodan search or even masscan results may find a plethora of machines and devices people long thought retired and no longer supported from printers(I think Mubix and HD Moore even did a talk or paper on the topic of things they found while constantly scanning the internet), routers and other connected devices most would not even be looking for like HVAC and utility systems running outdated OS's. Having worked at a bank, I know a lot of ATM machines for example still use XP and recently even seen a local WaWa ATM being worked on with a small Dell running XP on it, with many of them having dial-up/in capabilities, not just internet based ethernet back to the banks and credit card vendors.

Link to comment
Share on other sites

Hadn't thought of that. Assuming the machine is sufficiently potent VirtualBox with XP and your software on it would be a pretty decent solution to much of the problem.

Link to comment
Share on other sites

I got a mail from the ex yesterday. She's still on xp for her machine (don't ask) and apparently the bank is warning her that unless she upgrades they will block acces to her online banking account.

Sounds a bit drastic to me, but I do feel they're acting responsibly on this one.

Link to comment
Share on other sites

I got a mail from the ex yesterday. She's still on xp for her machine (don't ask) and apparently the bank is warning her that unless she upgrades they will block acces to her online banking account.

Sounds a bit drastic to me, but I do feel they're acting responsibly on this one.

Doesn't surprise me. Can she use chrome or firefox for the banking site? I'm guessing it's the outdated internet exploder that's being blocked, and not xp.

Link to comment
Share on other sites

You assumed wrong. She's on Chrome.

There's IE8 on there for work purposes but I made her promise me she would never use that for regular browsing. She still did that once and I got really, REALLY angry with her. Explained what getting hacked would entail (full format and reinstall. I don't give a shit how precious your bookmarks, photos etc are - everything's out. Yes, it doesn't HAVE to be that way, but she doesn't know that) and I trust her to not do that again, now that she realises the potential consequences.

Link to comment
Share on other sites

While the Australian government might have been onto the migration away from Windows XP years ago, banks around the world are still using the Windows XP Embedded system in many of their ATMs.

Just came across this in the news this morning: http://www.zdnet.com/dutch-government-pays-millions-to-extend-microsoft-xp-support-7000028116/

Link to comment
Share on other sites

I'm a bit torn here. On the one hand I didn't expect the government to do this seeing they're getting all sorts of flack over poor spending decisions and this undoubtedly is one of those.

Oh the other hand, if there's ANY group in the netherlands where mismanagement runs so rampant that you simply MUST accept the possibility of such a deal being made, it must be the government.

I'm sure they have a huge stack of machines that nobody looked at in over 8 years but someone somewhere once said that box is vital so whatever you do DO NOT turn it OFF! Good to see my tax euros being spent on technological innovation...

Link to comment
Share on other sites

I think this is a reality in all parts of the world; businesses and governments deployed work environments years ago with no budget in mind for forward looking advancement costs to technology, or the onset of rampant malware and security holes that would out pace the security of the existing OS's, software and hardware in use. The fact today's world economy is as bad as it is and jobs alone are scarce, no one wants to hire, let alone buy new hardware to support the requirements of newer operating systems. On the upside, if they did, it would open up a lot of jobs for techs in migration and updating companies systems but I think the learning curve is also still behind in a lot of places when it comes to support. Not many places have solid IT departments any more that hire full time employees(at least in my neck of the woods) and many have moved to hiring consultants or outsourcing IT support, which is even worse for support than having an outdated system with a dedicated team monitoring the network.

Link to comment
Share on other sites

I think this is a reality in all parts of the world; businesses and governments deployed work environments years ago with no budget in mind for forward looking advancement costs to technology, or the onset of rampant malware and security holes that would out pace the security of the existing OS's, software and hardware in use. The fact today's world economy is as bad as it is and jobs alone are scarce, no one wants to hire, let alone buy new hardware to support the requirements of newer operating systems. On the upside, if they did, it would open up a lot of jobs for techs in migration and updating companies systems but I think the learning curve is also still behind in a lot of places when it comes to support. Not many places have solid IT departments any more that hire full time employees(at least in my neck of the woods) and many have moved to hiring consultants or outsourcing IT support, which is even worse for support than having an outdated system with a dedicated team monitoring the network.

Hey! I resemble that remark! We're in the process of migrating a few of our clients over to Win7 machines. Finally got them to convert. Only been suggesting it for the last few years. What's real fun is running into those weird niche applications that are 6 years past their company folding and still have to support it, that won't run on 7.... Good times.

Link to comment
Share on other sites

Hey! I resemble that remark! We're in the process of migrating a few of our clients over to Win7 machines. Finally got them to convert. Only been suggesting it for the last few years. What's real fun is running into those weird niche applications that are 6 years past their company folding and still have to support it, that won't run on 7.... Good times.

One of the reasons I say its worse when they outsource everything, not against the people doing the work so much, but because the people coming in, have no one left from the IT Team that setup the apps or know how much of it works or the requirements to support a lot of the legacy systems and often you end up with systems more insecure than before they started the migration. In one place I worked, much of the people that worked there for 20+ years were laid off and consultants brought in when the company was bought out, and they were hired in batches to do small batches of work to migrate the system from one company to the other's, only to flip the switch to make the move, and watch everything fall over. Each group had their part working, but they never tested them all at the same time, together, so when they all went into production, the system collapsed in on itself and took over a week, to get back on track. This was for a bank, which cost them a shit ton of money and loss of customers because their migration plan didn't include any of the original programmers and support people, so no one knew how things worked or meshed together, causing more problems. Most consultants came in, did their portion of work, then left, then on D Day, all hell broke loose and they were forced to bring in extra consultants and some of the previous consultants and temps to fix all the problems. The scary thing was, employees, regular workers not related to the incident, or IT, wearing their bank shirts, started getting harassed when out for lunch breaks because customer accounts couldn't be touched, were overdrawn, or other issues with their money affected. I remember one employee quitting, after going to lunch, they had to call the cops because people at a local convenience stop surrounded the person and were shoving him around.

Outsourcing isn't a bad thing, so long as the team, stays on for long term contracts to monitor and maintain the system; in our case, they were more like temps, in and out after a project was done and no errors showed up in their development tests, but after all the systems were in place, no one tested them together to make sure they worked which left everyone scrambling to try and fix all the problems.

Previously when we merged or even bought out other banks, we kept the new employees and our team worked in conjunction to test and rarely ever had issues. It wasn't until they started to do away with internal people and bring in all outsource consultants that the problems began. I think a prime example, is the new US Healthcare site, that had holes, and couldn't handle the traffic, so they brought in more consultants, threw more nodes on the system to keep things up, and the second time around introduced more holes than they had the first time. Dave Kennedy (Rel1k) testified before congress not once, but twice, with the assessment that it was not only insecure, but got worse after they tried to fix things, and he wasn't the only one to give testimony to congress about the changes and new holes added by poor planning and migration management in updating and securing the system.

https://www.trustedsec.com/january-2014/explaining-security-issues-healthcare-gov/

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...