Tuesday, April 14, 2015

Widespread failure on all Windows systems... since 1997

A vulnerability that affects all versions of Windows operating systems for almost 20 years has been discovered. The failure would allow the theft of passwords stored in the system. Today is also the day when the authors of one of the largest botnets in history, Mariposa, are being tried at the Spanish National Court. At least, we will discuss leaks and illegal sale of data.

At the time we're writing this lines, the Microsoft company downplayed the bug, dubbed "SMB Redirection" because it fools the SMB system registry. According to Microsoft, it has been tested in a laboratory only and no one will exploit it, so they haven't released any patch. Meanwhile, the news spreads like wildfire, because it affects all versions of Windows, including 10, and some programs from other brands like Adobe, Apple, Oracle and Symantec.
Meanwhile, in the National Court in Madrid, the group of malicious hackers "Nightmare Days", composed by Spanish and Slovak citizens, is on trial for creating the Mariposa virus and the botnet with the same name, which would have infected a million computers around the world. The botnet was used for scams and Denial of Service Attacks and was dismantled in December 2009.

In another vein, today we know the results of the Verizon annual report on data breaches, which quantifies in up to $ 400 million  the damage of these thefts, which affected 700 million personal data records in 2014. Health, education, civil services, hospitality and financial are, in this order, the most affected sectors.

But, what happens to this personal data once it's been stolen? Usually it ends in the black market. A study by InfoSec Institute shows how in this market´s windows, credit card numbers, banking credentials to access Paypal accounts and other interesting data such as Social Security numbers, driver's licenses or passports, credentials of Amazon, Apple, eBay, Facebook, Twitter and Instagram accounts, and online games are sold.

So we live in a world, the virtual one, where the passwords are key, pure gold, and still, poorly managed.


Post a Comment