Windows XP Support Ending, What does that mean to you?
Support for Microsoft’s popular operating system, Windows XP will end on April 8, 2014, 12 years after it was introduced to PC users. By that, Microsoft will no longer provide security updates or technical support for the Windows XP operating system to the user community. SecurityOrb.com, an information security, privacy and internet safety awareness organization recommend users that are currently using Windows XP, migrate to a modern operating system such as Windows 7 or Windows 8.1 if possible. If users do not migrate to a modern operating system, they will eventually increase their risk exposure exponentially as time increases.
Another areas of concern also lie with the banking industry. At it highest point 92% of automated teller machines (ATMs) worldwide operated on Windows XP. Recent speculation, In spite of numerous upgrading projects, estimate there are still perhaps 80% of ATM still operating on the Windows XP platform, both abroad and in the US (Seltzer, Feb 2014).
Even though the current ATM situation does pose some security risk, the positive aspect of this scenario is ATMs as well as other devices such as Point of Sales (PoS) run Windows in what Microsoft describes “with embedded restrictions” until 2016. Embedded restrictions makes the device that it is operating on look and act less like a regular computer and minimize its attack surface as well.
SecurityOrb.com has identified locations and personnel that maybe slow to migrate from Windows XP to a modern operating system. They are as follows:
- Senior citizens
- Small businesses and solos
- Smaller Non-profits
- Individuals that may have been donated a computer
In addition to Windows XP coming to an end on April 8, 2014, support for Windows Server 2003, Exchange Server 2003, Small Business Server 2003 and Office 2003 are also on the chopping block.
Again, it is recommended that you upgrade and if you are not able to upgrade, understand the risk and operate accordingly until you can.
SANS Security West 2014 – Emerging Trends in Cybersecurity – is coming up on May 8-17
SANS Security West 2014 is a vital event for information security professionals looking to stay on top of industry trends, to acquire certifications, and to learn and immediately apply new cybersecurity skills. Security West features:
* Panel discussions on emerging trends in cybersecurity
* 25+ hands-on immersion InfoSec courses
* Industry-leading instructors with real-world experience
=========================
Emerging Trends in Cybersecurity
=========================
Security West features emerging trends in cybersecurity and is highlighted by evening talks and star-studded panel discussions from teams who will present the following:
* Keynote: Emerging Security Trends: Crossing the Chasm to Protecting a “Choose Your Own IT” World presented by John Pescatore
* Emerging Trends Panel: DFIR led by Rob Lee
* Emerging Trends Panel: Offense Informs Defense, but How? led by Ed Skoudis
* Emerging Trends Panel: Will The Real Next Generation Security Please Stand Up? led by John Pescatore
=========================
Security Training Courses
=========================
This training event will offer more than 25 outstanding hands-on immersion courses for all security professionals in IT audit, security management, technical security, penetration testing, and computer forensics. At SANS Security West, you have the opportunity to advance your information security skillset, learn to prepare your organization for the future, and enjoy the Pacific Ocean and San Diego!
For a complete list of course descriptions and to register, please visit:
http://www.sans.org/info/154435
( Save 5% on your course with discount code: SecOrb5_SANS )
The Anatomy of Deception Based Attacks: How to Secure Against Today’s Major Threat
Presenter: Lital Asher-Dotan, Senior Product Marketing Manager, Rapid7 and Matthew Hathaway, Senior Product Manager, Rapid7
Deception-based attacks impose a dangerous and growing risk to organizations. These kinds of attacks are inherently difficult to detect because they are designed to be stealthy, clever, and targeted – especially for the untrained eye. Watch this webcast to explore this topic further.
Microsoft Ending Support for Windows XP and Office 2003
US-CERT original posting here.
Alert (TA14-069A)
Microsoft Ending Support for Windows XP and Office 2003
Systems Affected
- Microsoft Windows XP with Service Pack 3 (SP3) Operating System
- Microsoft Office 2003 Products
Overview
Microsoft is ending support for the Windows XP operating system and Office 2003 product line on April 8, 2014. [1] After this date, these products will no longer receive:
- Security patches which help protect PCs from harmful viruses, spyware, and other malicious software
- Assisted technical support from Microsoft
- Software and content updates
Description
All software products have a lifecycle. End of support refers to the date when Microsoft no longer provides automatic fixes, updates, or online technical assistance. [2] As of February 2014, nearly 30 percent of Internet-connected PCs still run Windows XP. [3]
Microsoft will send “End of Support” notifications to users of Windows XP who have elected to receive updates via Windows Update. Users in organizations using Windows Server Update Services (WSUS), System Center Configuration manager, or Windows Intune will not receive the notification. [4]
Impact
Computer systems running unsupported software are exposed to an elevated risk to cybersecurity dangers, such as malicious attacks or electronic data loss.
Users may also encounter problems with software and hardware compatibility since new software applications and hardware devices may not be built for Windows XP or Office 2003.
Organizations that are governed by regulatory obligations may find they are no longer able to satisfy compliance requirements. [4]
Solution
Computers operating Windows XP with SP3 or running Office 2003 products will continue to work after support ends. However, using unsupported software may increase the risk of viruses and other security threats.
Users have the option to upgrade to a currently supported operating system or office productivity suite. The Microsoft “End of Support” pages for Windows XP and Office 2003 offer additional details.
There are software vendors and service providers in the marketplace who offer assistance in migrating from Windows XP or Office 2003 to a currently supported operating system or office productivity suite. US-CERT does not endorse or support any particular product or vendor.
Users who choose to continue using Windows XP after the end of support may mitigate some risks by using a web browser other than Internet Explorer. The Windows XP versions of some alternative browsers will continue to receive support temporarily. Users should consult the support pages of their chosen alternative browser for more details.
References
Revisions
- March 10, 2014 – Initial Release
SANS 2014 Salary Survey is open and we need your input before April 1st
SANS is resurrecting its salary survey! Our 2008 survey was the most widely read paper for several years in the highly-trafficked SANS reading room.
This survey examines the evolving roles of security professionals worldwide and what technologies are driving new hires and career mobility.
The results of our Salary Survey (as well as the lucky winner in our drawing for one iPad) will be announced at the related webcast Thursday, May 8, 1:00 p.m. Eastern.
The survey is located here.
Meetup’s Service Outage
Meetup’s Service Outage
Update 3/2/14 at 7:00 am EST
For more details on the DDoS attack and Meetup’s response, read this account from Scott Heiferman, Meetup’s Co-Founder and CEO.
Update 3/2/14 at 8:23 pm EST
We hate to say it, but Meetup is down again as of 8:09 pm EST. We continue to be hit by a distributed denial of service (DDoS) attack. Organizer and member data is secure, including credit card information. No data has been accessed or stolen.
Our team has not stopped fighting this attack since it began, and we will continue to work hard to bring Meetup back up. Thanks to everyone for their patience.
Status 3/2/14 at 11:52 am EST
Meetup’s website and apps remain widely available. While you can access the site, some features will not work as expected. We thank you again for your patience as we do everything we can to bring site functionality back to normal.
- Email service on the Meetup platform has been restored, but it will take time for the backlog of emails to send and for service to return to normal.
- If your group has a custom domain, that URL should work again
- Photos should now be accessible on the site
Status 3/2/14 at 1:53 am EST
Meetup is up for most people right now. Our website came online at midnight EST, and our apps became available at 1:15 am EST. While this is obviously great news, it’s possible we’ll see intermittent outages in the hours ahead, and we’re still working on restoring full functionality.
We genuinely thank everyone for your patience. Our team is doing everything we can to keep Meetup up and reliable because all of us are in on this mission to create community together.
Status 3/1/14 at 10:54 pm EST
Meetup’s website and apps are still down due to a distributed denial of service (DDoS) attack. Organizer and member data is secure, including credit card information. No data has been accessed or stolen.
While this has been a major inconvenience for many organizers and members, we’ve been inspired by countless stories of people who keep meeting up. Rest assured, our team will not stop working on this until service is fully restored.
Status 3/1/14 at 5:10 pm EST
Unfortunately, Meetup is under a distributed denial of service (DDoS) attack again, resulting in service outage for our website and apps. Our team is hard at work and fighting back.
Status 3/1/14 at 11:55 am EST
Our website and our apps are widely available. (We are aware that there are some places where the site and apps still need to be restored.)
Our engineers continue to work to bring all functionality back to normal. Email functionality was restored yesterday, but as of now, not all backlogged emails have been successfully delivered. This is a top priority for our team through the weekend.
Status 2/28/14 at 8:14 pm EST
Our website and our apps are widely accessible. Unfortunately Meetup is still not available in all locations. We made substantial changes to our infrastructure in order to end the attack. It takes a while for changes of this size to be distributed across the Internet, and that happens over time.
While most people can access Meetup, some functionality is not available. As of 5 pm EST, email functionality was restored. Please note, it will take hours for backlogged emails to send.
Our team is working urgently to restore full functionality as quickly as possible. We appreciate your support and patience.
Status 2/28/14 at 11:13 am EST
http://meetupblog.meetup.com/post/78113362079/meetups-service-outage
In a DDoS attack, a bad actor overwhelms a network with traffic with the explicit goal of making services unavailable. That’s exactly what happened in our case.
Our engineers are working urgently to resolve the issue, and the website and the apps may be intermittently unavailable. We know this is a major inconvenience.
The Meetup community exists because all of you keep showing up. We will continue to work hard behind the scenes to make Meetup a safe and secure platform for organizers and members. We can’t thank you enough for being a part of it.
Original posting located here.
