Security threats Toolkit

Story: Microsoft 'frightened' by police XP hack

• 
• 

Sometimes it takes a crowbar to convince the Microsofties

I guess the MS salesman hasn't a clue that he's peddling damaged goods. If Microsoft was really serious about security, they'd offer for a small fee to people running only SP1, illegal or not, to upgrade to SP2. Call it an amnesty program for the illegals. Even though the boxes are running SP1, they still call home. Send a packet back to the transmitter and offer the amnesty or the link to the SP2 feed. Get them clean.

When the deadline passes, send the "packet of death" to kill the IP stack and the networking software on the pirate computer when it comes up on the Internet if it hasn't updated its security. The existence of the "stealth" updates and the WGA crap tells me contrary to the PR, Microsoft CAN kill the box remotely if they want. I know using XP Embedded I can do it to our licensed XPE machines if necessary when they get stolen and no I won't tell you how to do it.

The reality is that if Microsoft wanted to they could kill the pirates stolen boxes each time one of them decided to call home. If the hackers figure out how to protect their boxes from being hijacked and zombied then the problem has fixed itself. If they haven't and they won't upgrade to SP2, the "packet of death" can stop the botnets, box by box.

To enforce it, use WGA in a way that makes sense. Have it respond to an encrypted string with yet another so that a "MS certified" seal or token can be stored on the system that shows the packet of death to pass by. Kind of like sheep's blood on the door lintel. They could call it Microsoft Operating System Encrypted Security, or MOSES. BillyBoy could have a Charleton Heston moment. Sorry I couldn't resist.

Seriously, the token can use enough bits and a tight enough means of encryption to make the token reasonably secure. Enough so it will cost more to break it than its worth to the botnet master.

• 
• 

• 
• 
• 

Full Talkback thread