back to article Yellow alert over Windows shortcut flaw

Windows Shortcut's zero-day attack code has gone public. The development increases the risk that the attack vector, already used by the highly sophisticated Stuxnet Trojan to attack Scada control systems, will be applied against a wider range of vulnerable systems. All versions of Windows are potentially vulnerable to the …

COMMENTS

This topic is closed for new posts.
  1. Paul Crawford Silver badge
    FAIL

    Utter muppets

    WTF?

    "The Siemens SIMATIC WinCC SCADA systems...use hard-coded admin username / password combinations that users are told not to change...changing Siemens' hard-coded password will crash vulnerable SCADA systems"

    You could not make that up! Using Windows, with its Swiss cheese history of security holes, is bad enough, but actually designing a system where the #1 rule of security (Thou shall not use well known user/password that world+dog knows) is deliberately broken!

    Siemens should be hauled over red hot coals for that one. Fail for Windows, and fail for the muppet approach to security on systems that are intended for critical applications.

    1. Eddie Johnson
      Unhappy

      This Is Common Practice

      I've found this is common practice in niche markets. I use embedded wireless modems and the manufacturer advises against changing any of the default port numbers or passwords, depending only on the obscurity of the hardware for protection. It's just laziness on their part because it makes remote support and diagnosis easier for them.

  2. Ralphe Neill
    Black Helicopters

    What next?

    Windows for Warships? The mind boggles!

    1. Mr Brush
      Unhappy

      Already here.

      http://www.theregister.co.uk/2009/01/05/windows_for_warships_hits_type_23s/

    2. Mystic Megabyte
      Pirate

      @Ralph Neill

      Sitting here in my solid gold bath inside my volcano fortress I am playing battleships. Aided, of course, by my slinky female assistants :)

      The evil beauty of it is when I steer my little fleet around the bath the Royal Navy are forced to imitate my manoeuvres! Beware the plastic ducks! Mwahahaha!!

    3. Loyal Commenter Silver badge
      FAIL

      You WHAT?

      "The Siemens SIMATIC WinCC SCADA systems specially targeted by the Stuxnet Trojan use hard-coded admin username / password combinations that users are told not to change. "

      Well, there's your problem right there, they went ahead and designed the system using weapons-grade stupidity.

      1. Paul Crawford Silver badge
        Coffee/keyboard

        @Loyal Commenter

        The phrase "weapons-grade stupidity" seems so apt! Bravo!

  3. Anonymous Coward
    Anonymous Coward

    Scada system

    Described as -

    "Our SCADA system offers maximum functionality and a user-friendly user interface. With this configurable and scalable system, you have the advantage of absolute openness to both the office environment and to production. An integrated process database and Plant Intelligence, for example, ensure transparency in production. Numerous options and add-ons extend and expand the scope of performance."

    Nope they don't claim to be secure, just open and transparent. I guess as such it doesn't really matter that the system is sufficiently transparent that pretty well anybody can run it. Siemens are delivering what it says on the tin?

  4. Annihilator
    Go

    Step it up to red alert

    "Sir, are you absolutely sure? It does mean changing the bulb."

  5. Boris the Cockroach Silver badge
    Linux

    I'm

    sure glad our robots run a custom OS based on linux... and our 2 windows based robots dont have USB sockets.

    But the caution is as always.... disable the fricking USB sockets, they starting to get as bad as the old floppy drives were....

    ahh the good old days of sneaker viruses

  6. Cameron Colley

    How can it affect all versions of Windows?

    Didn't Microsoft rewrite Windows from the ground up to make it more secure at around the time Vista was released?

    MS bashing aside -- what is surprising is that it took so long for someone to discover this flaw.

    1. Tom 13
      Joke

      Re: rewrite all the code

      Why yes they did. But you must admit there are some sections of code that are so utterly bog simple and obvious that no one could write insecure code for them, and it saves R&D time to simply borrow those and recompile them under the new secure system.

      1. Goat Jam

        Rewrite the code?

        No, no they didn't.

        They tried that with Longhorn. Result was an epic fail.

        Vista was a slapdash merger of XP and Server2003, hence its utter crappiness.

        Vista != Longhorn

  7. Anonymous Coward
    Happy

    @cameron

    "Didn't Microsoft rewrite Windows from the ground up to make it more secure at around the time Vista was released?"

    Err no.

    Unless you mean Midori, which has a long way to go yet.

    1. Anonymous Coward
      Linux

      Actually you're wrong

      "Didn't Microsoft rewrite Windows from the ground up to make it more secure at around the time Vista was released?"

      Err no. "

      Wrong, M$ put a LOT of effort into making it more secure....with the Protected Media Path, DRM, and WGA/WAT, and other goodies to secure the system from the user, Fair Use and the Doctrine of First Sale (and to suck up to the RIAA, MPAA, BSA, etc). But nevermind about external threats....

    2. Anonymous Coward
      Linux

      Dead Wrong

      Of course M$ put a lot of effort into security. All this nice features to secure the system from the User and Fair Use...roll the feature list...

      WGA/WAT

      DRM

      Protected Media Path

      Driver Revocation

      Device Driver Signing

      Trusted Computing

      Of course I guess they didn't forsee any baddies coming in against the (supposed) user. Once I read about the draconian LongHorn details back in 2003-4, I made the mass migration to GNU/Linux, haven't regretted it since.

      1. Anonymous Coward
        WTF?

        Maybe..

        ...I'm missing the concept of "Ground Up".

        Ground up , means completely starting over again.

        Adding additional security features does not mean starting from ground up.

  8. Winkypop Silver badge
    Joke

    Yellow alert time...

    ..often leads on to brown trouser time.

  9. Ross 7

    Surely a first?

    Wow, Seimens outdoing MS? Hard coded admin user/pass is pure genius! Makes you wonder why they bothered having one. Also makes you wonder who's lost what IP and how long ago it all started.

    PS - I remember the old (I mean like 10 years old) .lnk overflow that broke Windows but was considered non-exploitable. Is this related?

  10. DJ 2
    Unhappy

    Reminds me of an old AS400

    About 12 years ago I had a call out from an IBM engineer to repair the companies AS400, he thoughtfully changed the Administrator password back to it's default setting.

    A quick search came up with, qsysopr / qsysopr , when I tried logging in with all the other default passwords yep, they had never been changed and IBM's warrenty would be invalidated if I changed them.

    Things never change they just get reinvented

  11. Anonymous Coward
    Gates Horns

    Security anyone?

    "All versions of Windows are potentially vulnerable to the exploit."

    Good old Microsoft.

    Good to know that they still make operating systems that are secure as the previous ones!

  12. heyrick Silver badge

    Easy answer...

    Don't use USB sticks that are not your own, and don't use them in computers that are not your own. If given free (trade shows, etc), format them as soon as you get home on a non-Windows machine (it isn't hard to drop a basic copy of Ubunu on an SD card...).

    If a corporate setting, just disable access to flash media. If a user really *really* needs an external file, they can give the thing to sysadmin [this implies you're also scanning/filtering mail attachments]. I bet you'll find a lot of users suddenly have much less need for externally-sourced files.

  13. Eddie Johnson
    Joke

    An Interesting Mitigation

    http://support.microsoft.com/kb/823732 is a fix for disabling USB. The funny part is their advice:

    "Note if you are not on the computer that has the problem, save the Fix it solution to a flash drive or a CD and then run it on the computer that has the problem."

    I suppose they recommend the same for the undo?

    1. Anonymous Coward
      Joke

      Microsoft carpentry class 101

      When a staircase collapses, first ascend the stairs and then rebuild the staircase from the top step downwards.

      1. Doug Glass
        Go

        Exactly

        If you don't know where to get off the bus watch me, and get off three stops before I do.

  14. Anonymous Coward
    Flame

    Shouldn't take more than an hour

    Dunno about having their work cut out to make it for August's patch tuesday. I bet I could quickly code a fix that doesn't execute DLL initialisation code if all that is really wanted is an icon from the DLL file in question. It probably loads the entire DLL into memory and executes any initialisation routine that may be present before extracting the icon it wants wasting pots of time and memory, all because of OOP suitable for the production of buggy bloatware. If OOP actually worked, shouldn't there have been a buffer object that simply cannot overflow about 20 years ago? Sack the scropt kiddies and bring back real programmers! Rant over. Thank you.

    1. Anonymous Coward
      Anonymous Coward

      Re : Shouldn't take more than an hour

      Maybe fixing it could be quick - but checking the spaghetti code of the rest of Windows for unforeseen consequences is what probably takes the time. Probably breaks 'neat' features

  15. Anonymous Coward
    Flame

    Solution

    Get a Mac, seriously!

    1. Anonymous Coward
      Grenade

      @Soloution...

      http://www.afterdawn.com/news/article.cfm/2010/07/13/apple_tops_vulnerabilities_list

      "A new report from security firm Secunia has listed Apple on top of the list of companies whose software for PCs has the most security vulnerabilities in H1 2010"

      Now crawl back under the bridge.

  16. halms
    Boffin

    yeah, right

    there have been a lot of articles describing how vulnerable mac os x is. with thousands of theories about how it can happen, lets face it, how many mac users have actually been hit by viruses, malware, spamware, etc? 1 for every hundred thousand, monthly, maybe? compared that to millions of m$ users on a daily basis. ive been using linux and mac for over 10 years and never once i ever thought of viruses or the likes. and never suffered from any of the effect, except a few times i formatted by drives forgetting to backup my emails and my works properly. but thats a different story.

    m$ systems will never be free of viruses and all those craps. why? m$ security software is billions dollars business. anti virus company has been trying to sell their softwares to linux and mac users for years. go figure!

  17. zoher
    Flame

    New potential vectors

    Microsoft updated their advisory with new information about possible attack vectors.

    New vectors:

    - Internet Explorer

    - Microsoft Office

    This means that in the nearest future we will see e-mails with malicious attachments exploiting this vulnerability.

    Full Details, PoC Code read this:

    http://ptresearch.blogspot.com/2010/07/stuxnet-attacks-one-more-zero-day-for.html

This topic is closed for new posts.

Other stories you might like