商业 - 科技


David Z. Morris 2014年04月03日

微软将从4月8日起终止支持Windows XP系统。因为升级到Win7代价高昂,很多金融机构依然犹豫不决,特别是大量的独立ATM运营商和小型的金融机构。同时,黑客们也在摩拳擦掌,准备一显身手。届时,这些机构可能会面临巨大的黑客袭击风险。


    为了考察可能的安全性风险,博泰扎图经常出没于地下的黑客论坛。他声称,等到微软正式终止支持Windows XP那一分钟一过,黑客们就会对不安全的XP机器发动突袭。他说:“当一个操作系统被宣布寿终正寝时,黑客们就会疯狂地开发它,因为现在他们可以无限利用它,这就像恶意软件的圣杯。”





    博泰扎图说:“这个问题很快也会在其它操作系统上发生,现在应该开始从Windows 7升级到其它系统了。”(财富中文网)


    But Bogdan Botezatu, senior e-threat analyst for the anti-malware software company Bitdefender, couldn't disagree more. He talks about the issue with the barely suppressed terror of a father watching his teenage son drive solo for the first time. "They're not panicky," he says, "and actually that makes me panicky."

    Botezatu, who haunts underground hacking forums to keep an eye on looming security threats, claims that hackers are gearing up to raid suddenly insecure XP machines the minute Microsoft support ends. "When an operating system is announced as reaching its end of life, [hackers] are frantically looking for exploits, because then they can use it indefinitely," he says. "It's the holy grail of malware."

    To take fullest advantage of the situation, black-market vendors selling new XP exploits have been stockpiling them, waiting to release them until after Microsoft is no longer monitoring and repairing security flaws. Though third-party security firms will continue to update anti-malware programs for XP, users not running or updating such software could be permanently vulnerable to an ever-growing set of exploits. Mercury Payment Systems' John Berkeley confirms that "If a hacker discovers [a vulnerability] a month or two after the end of [XP support], they have more time to exploit that."

    These exploits could range from stealing credit card information from small vendors to even more dramatic forms of theft, many of them easily circumventing external security measures such as the semi-closed payments network. Botezatu says there have been reports of an ATM exploit through a mobile phone connected through an ATM's card reader. He also cites a legendary stunt by the security expert Barnaby Jack at the Black Hat security conference in 2010, where he demonstrated a "Jackpotting" hack that easily emptied an XP-based ATM machine. According to Botezatu, Jack, who died in 2013, never revealed the nature of this exploit, meaning that it could remain an unpatched vulnerability in XP-based machines.

    Most troubling of all, Botezatu predicts that unsecured XP machines of all kinds will be compromised by hackers to form new botnets. This kind of system, in which hacked systems' processors are put to new tasks unbeknownst to their owners, can be used for everything from massive Denial of Service attacks to mining cryptocurrency, and would add substantially to the insecurity of the Internet as a whole. "I see a lot of trouble," Botezatu warns.

    Whether April 9th brings a plague of cash-spewing ATMs, zombie PCs, and thieving credit-card readers remains to be seen. But Botezatu sounds exasperated that he even has to consider these scenarios. "It's an operating system that was released 13 years ago. Everyone should have started migrating two or three years ago" to avoid the mad rush and risks that come with the end of support. He hopes, at least, that this episode will motivate today's users to think about the future.

    "This is going to happen soon with other operating systems," Botezatu says. "You should start upgrading from Windows 7 now."

上一页 1 2