Windows XP SP1 Final Release Date
Posted by Daniel Fleshbourne on 07 August 2002 - 10:11 · 12 comments & 145 views
About the Author
Full name: Daniel Fleshbourne
Forum name: Daniel
Contact: via forum PM
Submissions: Normal · Headline
Full name: Daniel Fleshbourne
Forum name: Daniel
Contact: via forum PM
Submissions: Normal · Headline
Slashdot It!
Submit to reddit
Submit to blinklist
Bookmark on del.icio.us
Add to furl
Share on Facebook
Add to Windows Live
Add to Google
- Internet Explorer.
- Outlook Express
- Windows Media Player.
- Windows Messenger.
- Microsoft's Java Virtual Machine.
Based on feedback from beta testers, PC makers, and the DOJ, Microsoft will make additional changes to XP SP1 to make the product's middleware-hiding feature "even more clear to users."Rather than teaching hackers in the audience how to monitor others' networks, Higbee and Davis said the demonstration was intended to alert network administrators to the danger that many innocent-looking devices could pose to network security.
"We are really attacking the concept of what computers are," he said, adding that many other devices could be used to monitor networks, including TiVo television recording devices, some new "intelligent" vending machines and even printers.
Walking into a company and dropping a device onto the network is a simple way to defeat much of the network security that businesses might erect to keep out attackers, Higbee said.
"Physical access is pretty easy to obtain," he said. "Especially for short moments of time."
Moreover, companies tend to build a wall around their networks, with heavy security at the perimeter--between the Internet and the firm's network--but have little security on the inside. So getting a device on the internal network can give a hacker far more access, they warned.
"The data that is valuable and worth protecting is on the inside," Higbee said. "We want to get on the inside."
The software that Higbee and Davis have created--they stress that they haven't modified the hardware because they don't want to run afoul of the Digital Millennium Copyright Act--is a Linux-based system. The software will first scan the network the Dreamcast console is on and then attempt to create an encrypted network back to the hacker's network.
Dubbed "180-degree" hacking by the duo, the ability to have a device on the inside makes a hacker's job much easier.
"Most people believe that inside traffic is trusted," he said, adding that most of the time a system administrator believes that any traffic coming from the inside is legitimate.
"I truly believe that in this attack...firewalls are pointless," Davis said. "They need to be a lot more aware of what's on their network. They almost have to treat their internal network as the Internet--as an untrusted network."