this post was submitted on 18 May 2024
343 points (93.0% liked)

Weird News - Things that make you go 'hmmm'

973 readers
2 users here now

Rules:

  1. News must be from a reliable source. No tabloids or sensationalism, please.

  2. Try to keep it safe for work. Contact a moderator before posting if you have any doubts.

  3. Titles of articles must remain unchanged; however extraneous information like "Watch:" or "Look:" can be removed. Titles with trailing, non-relevant information can also be edited so long as the headline's intent remains intact.

  4. Be nice. If you've got nothing positive to say, don't say it.

Violators will be banned at mod's discretion.

Communities We Like:

-Not the Onion

-And finally...

founded 11 months ago
MODERATORS
 

Just a fun, somewhat terrifying read

top 50 comments
sorted by: hot top controversial new old
[–] [email protected] 13 points 7 months ago

The XP stands for eXPloit.

[–] [email protected] 12 points 7 months ago

This makes me think of the Blackwall in Cyberpunk 2077. That game felt too real while I was playing it and I’m not looking forward to more of it feeling real as time goes on

[–] [email protected] 9 points 7 months ago (1 children)

Doesn’t a bunch of military equipment still run WinXP?

[–] [email protected] 15 points 7 months ago (3 children)

U.S. military doesn't run standard versions of Windows and many if not most military terminals don't connect to World Wide Web.

Not perfect but if it's only connectd to Army intranet, might not be vulnerable?

[–] [email protected] 1 points 7 months ago (1 children)

Can you expand on this with some more detail?

I’ve worked on DoD networks continuously since 2011 and nothing you said is true, provided I understood you correctly.

[–] [email protected] 2 points 7 months ago

I am more referring to the U.S. Army intranet system. Which while some services can be accessed from the internet, some can only be accessed while connected to the Army Intranet. The Amry uses alot of terminals, computers, that have no need to connect to the internet but only the Army intranet.

Also, the Army modfies some of the programs and hardwere they use, such as Windows from their standard commercial versions, removing or changing features and such.

[–] [email protected] 1 points 7 months ago

Embedded systems may technically run an OS or on and OS, but they’re really their own thing.

[–] [email protected] 7 points 7 months ago (1 children)

That question mark instills a lot of confidence.

[–] [email protected] 7 points 7 months ago (2 children)

The biggest vulnerability in most computer systems are people. Many Soldiers are too lazy to save or encrypt thier files and lose them or comprise them all the time.

A computer system that isn't designed to and doesn't need to connect to the World Wide Web should be safe. If no one, for example decides they want to access a certain civilian website and so finds a way to connect their terminal to the World Wide Web, compromising it.

[–] [email protected] 1 points 7 months ago (1 children)
[–] [email protected] 1 points 7 months ago

Neat, didn't know that and am unfortunately not very surprised. Yeah, can, on paper, design robust SOPs and machines, then set the passcode to 0.

[–] [email protected] 4 points 7 months ago (1 children)

I'm sure you're aware, but the internet and the "world wide web" are different things. The common term for what you're describing is air gapping.

[–] [email protected] 4 points 7 months ago

Yes, world wide web isn't the right term in this case. Proper term is just internet and it is an air gapped network.

[–] [email protected] 168 points 7 months ago* (last edited 7 months ago) (2 children)

A bit clickbaity..

configured it to be fully exposed with no firewall and no anti-virus software

And I'm also assuming this was then exposed directly to the internet like a server, not behind a NAT or anything like that.

I mean you're setting up a 20 yo unpatched consumer lever OS to fail for the giggles and you kneecap it on top of it - which is fine, but hardly surprising.

[–] [email protected] 16 points 7 months ago (2 children)

And I’m also assuming this was then exposed directly to the internet like a server, not behind a NAT or anything like that.

That's how consumer PCs were often setup back in the early XP days though. There was a time when a household typically didn't have more than one computer or internet connected device. So people didn't have a NAT-ing router and instead connected their DSL or cable modem directly to their PC, and were completely exposed to the internet. To make matters worse, the firewall was disabled by default in early XP versions as well, until SP2.

This is how Sasser and the Blaster worm were able to wreak havoc, and until home routers started to become common, it was a genuine concern that on a new XP installation you'd be hacked before you had time to patch.

In the early days we learned a lot of things about security through trial-and-error, basically running head-on into the issues, and then going "oh...".

[–] [email protected] 4 points 7 months ago (1 children)

Was it disabled? I thought that XP just didn't have a firewall and got one added later on. I forget which virus it was but RPC would crash within seconds of a device being connected to the internet meaning you had to reboot.

Edit

Apparently it was MSBlaster

[–] [email protected] 2 points 7 months ago

According to Wikipedia, it used to be called Internet Connection Firewall in early versions of XP and then was rebranded to Windows Firewall and turned on automatically in SP2.

[–] [email protected] 7 points 7 months ago

This isn't a test of the "early days" XP and internet. This is a test of current day, because clearly the implication is "look how bad it is to use XP in 2024"

[–] [email protected] 27 points 7 months ago (1 children)

I bet they just threw it into the DMZ, turns out when you park your car in a bad part of town and leave all the windows open and the doors unlocked, bad stuff happens to it

[–] [email protected] 15 points 7 months ago (1 children)

And the keys in it, with a light on top flashing "look at me!"

[–] [email protected] 14 points 7 months ago (1 children)

Honestly, I'd be a little surprised if anyone actually did anything to it.

Not for lack of wanting to, but because they, like me, would probably just assume it's a bait car and cops are 5 seconds away with a kill switch.

[–] [email protected] 2 points 7 months ago

There's tons of botnets in countries that don't care about cyber crime just waiting for this sort of thing to be put on the internet. They'd just autopwn as soon as it was discovered and don't really give a shit since the cops can't even touch them.

[–] [email protected] 12 points 7 months ago

Damn just imagine this being the old net. With viruses still roaming the digital waterfront eager to infect and eat anything that is foolish enough to breach in.

[–] [email protected] 24 points 7 months ago

Security research is interesting. Exploits get fixed but not everyone updates their software and not every company ensures their software isn't vulnerable to them. So there are programs that will run through every known vulnerability and test if the target is vulnerable. They'll check for old exploits that work on Windows XP and Internet Explorer 6. Apparently it's not uncommon to find large enterprises still running these.

load more comments
view more: next ›