The Register® — Biting the hand that feeds IT

Feeds

Yellow alert over Windows shortcut flaw

Windows Shortcut's zero-day attack code has gone public. The development increases the risk that the attack vector, already used by the highly sophisticated Stuxnet Trojan to attack Scada control systems, will be applied against a wider range of vulnerable systems. All versions of Windows are potentially vulnerable to the …

This topic is closed for new posts.

This post has been deleted by a moderator

Paul Crawford
FAIL

Utter muppets

WTF?

"The Siemens SIMATIC WinCC SCADA systems...use hard-coded admin username / password combinations that users are told not to change...changing Siemens' hard-coded password will crash vulnerable SCADA systems"

You could not make that up! Using Windows, with its Swiss cheese history of security holes, is bad enough, but actually designing a system where the #1 rule of security (Thou shall not use well known user/password that world+dog knows) is deliberately broken!

Siemens should be hauled over red hot coals for that one. Fail for Windows, and fail for the muppet approach to security on systems that are intended for critical applications.

Eddie Johnson
Unhappy
Reply Icon

This Is Common Practice

I've found this is common practice in niche markets. I use embedded wireless modems and the manufacturer advises against changing any of the default port numbers or passwords, depending only on the obscurity of the hardware for protection. It's just laziness on their part because it makes remote support and diagnosis easier for them.

Ralphe Neill
Black Helicopters

What next?

Windows for Warships? The mind boggles!

Mr Brush
Unhappy
Reply Icon

Already here.

http://www.theregister.co.uk/2009/01/05/windows_for_warships_hits_type_23s/

Mystic Megabyte
Pirate
Reply Icon

@Ralph Neill

Sitting here in my solid gold bath inside my volcano fortress I am playing battleships. Aided, of course, by my slinky female assistants :)

The evil beauty of it is when I steer my little fleet around the bath the Royal Navy are forced to imitate my manoeuvres! Beware the plastic ducks! Mwahahaha!!

Loyal Commenter
FAIL
Reply Icon

You WHAT?

"The Siemens SIMATIC WinCC SCADA systems specially targeted by the Stuxnet Trojan use hard-coded admin username / password combinations that users are told not to change. "

Well, there's your problem right there, they went ahead and designed the system using weapons-grade stupidity.

Paul Crawford
Coffee/keyboard
Reply Icon

@Loyal Commenter

The phrase "weapons-grade stupidity" seems so apt! Bravo!

Titus Technophobe

Scada system

Described as -

"Our SCADA system offers maximum functionality and a user-friendly user interface. With this configurable and scalable system, you have the advantage of absolute openness to both the office environment and to production. An integrated process database and Plant Intelligence, for example, ensure transparency in production. Numerous options and add-ons extend and expand the scope of performance."

Nope they don't claim to be secure, just open and transparent. I guess as such it doesn't really matter that the system is sufficiently transparent that pretty well anybody can run it. Siemens are delivering what it says on the tin?

Annihilator
Go

Step it up to red alert

"Sir, are you absolutely sure? It does mean changing the bulb."

Boris the Cockroach
Linux

I'm

sure glad our robots run a custom OS based on linux... and our 2 windows based robots dont have USB sockets.

But the caution is as always.... disable the fricking USB sockets, they starting to get as bad as the old floppy drives were....

ahh the good old days of sneaker viruses

Cameron Colley

How can it affect all versions of Windows?

Didn't Microsoft rewrite Windows from the ground up to make it more secure at around the time Vista was released?

MS bashing aside -- what is surprising is that it took so long for someone to discover this flaw.

Tom 13
Joke
Reply Icon

Re: rewrite all the code

Why yes they did. But you must admit there are some sections of code that are so utterly bog simple and obvious that no one could write insecure code for them, and it saves R&D time to simply borrow those and recompile them under the new secure system.

Goat Jam
Reply Icon

Rewrite the code?

No, no they didn't.

They tried that with Longhorn. Result was an epic fail.

Vista was a slapdash merger of XP and Server2003, hence its utter crappiness.

Vista != Longhorn

Anonymous Coward
Happy

@cameron

"Didn't Microsoft rewrite Windows from the ground up to make it more secure at around the time Vista was released?"

Err no.

Unless you mean Midori, which has a long way to go yet.

Anonymous Coward
Linux
Reply Icon

Actually you're wrong

"Didn't Microsoft rewrite Windows from the ground up to make it more secure at around the time Vista was released?"

Err no. "

Wrong, M$ put a LOT of effort into making it more secure....with the Protected Media Path, DRM, and WGA/WAT, and other goodies to secure the system from the user, Fair Use and the Doctrine of First Sale (and to suck up to the RIAA, MPAA, BSA, etc). But nevermind about external threats....

Anonymous Coward
Linux
Reply Icon

Dead Wrong

Of course M$ put a lot of effort into security. All this nice features to secure the system from the User and Fair Use...roll the feature list...

WGA/WAT

DRM

Protected Media Path

Driver Revocation

Device Driver Signing

Trusted Computing

Of course I guess they didn't forsee any baddies coming in against the (supposed) user. Once I read about the draconian LongHorn details back in 2003-4, I made the mass migration to GNU/Linux, haven't regretted it since.

Anonymous Coward
WTF?
Reply Icon

Maybe..

...I'm missing the concept of "Ground Up".

Ground up , means completely starting over again.

Adding additional security features does not mean starting from ground up.

Winkypop
Joke

Yellow alert time...

..often leads on to brown trouser time.

Ross 7

Surely a first?

Wow, Seimens outdoing MS? Hard coded admin user/pass is pure genius! Makes you wonder why they bothered having one. Also makes you wonder who's lost what IP and how long ago it all started.

PS - I remember the old (I mean like 10 years old) .lnk overflow that broke Windows but was considered non-exploitable. Is this related?

DJ 2
Unhappy

Reminds me of an old AS400

About 12 years ago I had a call out from an IBM engineer to repair the companies AS400, he thoughtfully changed the Administrator password back to it's default setting.

A quick search came up with, qsysopr / qsysopr , when I tried logging in with all the other default passwords yep, they had never been changed and IBM's warrenty would be invalidated if I changed them.

Things never change they just get reinvented

Anonymous Coward
Gates Horns

Security anyone?

"All versions of Windows are potentially vulnerable to the exploit."

Good old Microsoft.

Good to know that they still make operating systems that are secure as the previous ones!

heyrick

Easy answer...

Don't use USB sticks that are not your own, and don't use them in computers that are not your own. If given free (trade shows, etc), format them as soon as you get home on a non-Windows machine (it isn't hard to drop a basic copy of Ubunu on an SD card...).

If a corporate setting, just disable access to flash media. If a user really *really* needs an external file, they can give the thing to sysadmin [this implies you're also scanning/filtering mail attachments]. I bet you'll find a lot of users suddenly have much less need for externally-sourced files.

Eddie Johnson
Joke

An Interesting Mitigation

http://support.microsoft.com/kb/823732 is a fix for disabling USB. The funny part is their advice:

"Note if you are not on the computer that has the problem, save the Fix it solution to a flash drive or a CD and then run it on the computer that has the problem."

I suppose they recommend the same for the undo?

Anonymous Coward
Joke
Reply Icon

Microsoft carpentry class 101

When a staircase collapses, first ascend the stairs and then rebuild the staircase from the top step downwards.

Doug Glass
Go
Reply Icon

Exactly

If you don't know where to get off the bus watch me, and get off three stops before I do.

Anonymous Coward
Flame

Shouldn't take more than an hour

Dunno about having their work cut out to make it for August's patch tuesday. I bet I could quickly code a fix that doesn't execute DLL initialisation code if all that is really wanted is an icon from the DLL file in question. It probably loads the entire DLL into memory and executes any initialisation routine that may be present before extracting the icon it wants wasting pots of time and memory, all because of OOP suitable for the production of buggy bloatware. If OOP actually worked, shouldn't there have been a buffer object that simply cannot overflow about 20 years ago? Sack the scropt kiddies and bring back real programmers! Rant over. Thank you.

Anonymous Coward
Anonymous Coward
Reply Icon

Re : Shouldn't take more than an hour

Maybe fixing it could be quick - but checking the spaghetti code of the rest of Windows for unforeseen consequences is what probably takes the time. Probably breaks 'neat' features

Anonymous Coward
Flame

Solution

Get a Mac, seriously!

Anonymous Coward
Grenade
Reply Icon

@Soloution...

http://www.afterdawn.com/news/article.cfm/2010/07/13/apple_tops_vulnerabilities_list

"A new report from security firm Secunia has listed Apple on top of the list of companies whose software for PCs has the most security vulnerabilities in H1 2010"

Now crawl back under the bridge.

halms
Boffin

yeah, right

there have been a lot of articles describing how vulnerable mac os x is. with thousands of theories about how it can happen, lets face it, how many mac users have actually been hit by viruses, malware, spamware, etc? 1 for every hundred thousand, monthly, maybe? compared that to millions of m$ users on a daily basis. ive been using linux and mac for over 10 years and never once i ever thought of viruses or the likes. and never suffered from any of the effect, except a few times i formatted by drives forgetting to backup my emails and my works properly. but thats a different story.

m$ systems will never be free of viruses and all those craps. why? m$ security software is billions dollars business. anti virus company has been trying to sell their softwares to linux and mac users for years. go figure!

zoher
Flame

New potential vectors

Microsoft updated their advisory with new information about possible attack vectors.

New vectors:

- Internet Explorer

- Microsoft Office

This means that in the nearest future we will see e-mails with malicious attachments exploiting this vulnerability.

Full Details, PoC Code read this:

http://ptresearch.blogspot.com/2010/07/stuxnet-attacks-one-more-zero-day-for.html

This topic is closed for new posts.