Slashdot Mirror

← Back to Stories (view on slashdot.org)

The BBC's Honeypot PC

Posted by ryuzaki0 on from the hijack-my-pc-please dept.

Alex Pontin writes, "This article from the BBC shows how vulnerable XP Home really is. Using a highly protected XP Pro machine running VMWare, the BBC hosted an unprotected XP Home system to simulate what an 'average' home PC faces when connected to the internet." From the article: "Seven hours of attacks: 36 warnings that pop-up via Windows Messenger. 11 separate visits by Blaster worm. 3 separate attacks by Slammer worm. 1 attack aimed at Microsoft IIS Server. 2-3 "port scans" seeking weak spots in Windows software." The machine was attacked within seconds of being connected to the Internet, and at no time did more than 15 minutes elapse between attacks.

4 of 344 comments (clear)

  1. Yawn... by rsilvergun · · Score: 3, Informative

    this has been done before with WinXP SP1, we already know it's insecure. But you know what? Most home users have firewalls now, if only in the form of a hardware router from their ISP, and any new users are running XP SP2. A simple firewall and a few trips to www.windowsupdate.com takes care of most problems. Now, a better article would point out who Windows Media Player will run any old code as root on your box if you've got "Obtain licenses automatically" checked. I can't believe there isn't more of a sh*t storm over that.

    --
    Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
  2. Their 'unprotected'=flawed by i_should_be_working · · Score: 3, Informative

    So by unprotected, they mean some old installation without any recent patches, not a patched machine with no firewall. Scared me for a moment.

    I can attest (I'm sure many can) to how fast an unpatched XP machine gets hit. I have an installation disc from 2002 (sp1). When I use it I install with the ethernet cable unplugged. After install I plug in the ethernet and go straight away to Windows update but still, on the last go, within 5 minutes I got a somewhat obviously (to me) fake and malicious pop-up telling me I'd better click on it to protect my computer.

  3. Re:Well Duh! by SlartibartfastJunior · · Score: 5, Informative

    it's easy to say "well duh!", but when you have a brand-new out-of-the-box computer, it doesn't exactly come with instructions. My grandmother has no way of knowing she's supposed to be running a firewall, or going to get a Microsoft Security update before doing anything else. WE know these things, because we hang out on Slashdot, but they're not obvious to the rest of the world, and I applaud the BBC for bothering to put this in people's minds. Until the day Microsoft starts shipping Windows with firewalls INSTALLED and ON by default, articles like this will truly be helpful.

  4. Re:We have a Love connection. by Lave · · Score: 3, Informative
    From my experience the Beeb runs a large amount of linux articles. And is quite vocal about free open source alternatives (a benefit of not being funded from corporate sponsors). For evidence try typing "linux" into their search engine. It gives you 49 pages of hits for the whole of bbc.co.uk, 9 pages of which come from just the "news" section.

    So you are simply wrong.

    --
    http://skeptobot.blogspot.com/ - A site for the Renaissance man and woman