An article about Windows XP? What is this, a blog post written in 2005?
No, this is the year 2020 and unfortunately, there are some systems out there that are still running ancient operating systems (and software) which stopped receiving support from their maker over a decade ago.
If your first reflex is to say “Why? Just shut them all off!” you are overlooking the cause of the problem. The reason these boxes are online, in most cases, is that they are hosting what the company considers to be applications that are crucial for their business operations. Whatever application is running on it is vital for the smooth operation of the company and must be kept online at all costs.
The exception is, of course, that no resources can be made available to port the application(s) to a new platform. Something that doesn’t require Windows XP or Windows 2000 or their insecure counterpart.
And that’s how you arrive at a point where the devices in a business that are the most easy to hack are also the systems that should be the biggest target of any hacker. What a combination. Oh, and just in case you’re thinking virtualization will solve your problems… No, that won’t solve the problem, since the source of the insecurity is on the software side of things.
What we’re trying to say is that there are still Windows XP boxes out there whom are far more important than they have any right to be. And they’re really simple to hack. But don’t take our word for it. We have posted a video on our YouTube channel which demonstrates how a novice pentester attempted to hack a Windows XP machine.
Their previous experience with hacking devices? None. All it took was finding a vulnerability and spending three minutes on Google to taking over a machine.
The reason we’re emphasizing that the video was originally made by a beginner, is to illustrate a point. If it takes an inexperienced person less than 12 minutes after accessing your network to potentially disable a box, how long do you think it’ll take an experienced hacker? In all honestly, it doen’t matter, because ten minutes is nothing in IT time. It’s probably how long you wait for your computer to properly boot – or at least that’s your excuse to get a cup of coffee first.
If you have read this far and think to yourself “Yeah, but I already knew that” you can still help making the world a slightly better place by sharing the article or video with people who still aren’t sold on “upgrading”. To put it in terms the people in charge understand: it costs a hacker $10 of his time to do potentially thousands of dollars of damage to your company.