Feds blame Windows 7 and lax security for Oldsmar facility hack

From the link, I think the part I have put in bold was by far the biggest risk factor...

...the system, which was running on Windows 7 with every person using the same password...
...and totally unbelievable that anyone could think it was secure!
 

My Computers My Computers

  • At a glance

    Windows 7 Home Premium x64AMD V1204GB
    Computer type
    Laptop
    Computer Manufacturer/Model Number
    Toshiba satellite C650D
    OS
    Windows 7 Home Premium x64
    CPU
    AMD V120
    Memory
    4GB
    Internet Speed
    150 Mbps
    Antivirus
    MSE
    Browser
    IE11, Edge, Firefox
    Other Info
    I also have W7 Pro on my System Two, and several W7 Hyper-V VMs. My other machines run Windows 10/11. Their specs are in my Ten Forums & Eleven Forum profiles.
  • At a glance

    Windows 7 Pro x64Intel i5-3320M8 GB
    Computer type
    Laptop
    System Manufacturer/Model Number
    Lenovo Thinkpad T430
    OS
    Windows 7 Pro x64
    CPU
    Intel i5-3320M
    Memory
    8 GB
    Hard Drives
    250GB Samsung SSD 860 EVO
    Antivirus
    MSE
LMAO! No, really. L-M-A-O. The cure all here is not an upgraded OS based on the vector. It's as if the FBI has been working with Redmond or something because it's twice now the FBI has said to update your OS beyond Windows 7.

Lets point out the pertinent from this article that is spewing hyperbole for the Win 10 upgrade crew.

Investigators suspect a desktop-sharing software was likely used to access the system...

Question:

A) Was it Team Viewer with no 2FA by chance?

B) Was there any CVE for this software? Was the code even code signed?

Answer:

A) This is your obvious vector. Not the OS its self.


which was running on Windows 7 with every person using the same password.

Question:

A) Was the password complex?

B) Was it in a massive leaked database?

Answer:

A) If not A or is equal to B then assume C.

C) Yo ass just got owned and tea bagged. Enjoy the bad breath.


Now to the crux of the issue. You can go to Shodan and find how insecure SCADA systems are over hell. In the U.S., UK, Germany, Romania, you freaking name it. If there are any CVEs or weak passwords, Hydra will crack it wide open. This is just a taste of what could be and we need a cybersecurity consortium of white hat hackers and computer scientists to come together and formulate ideas on fixing the crap we have now otherwise we will have a COVID-21 so to speak except it will be cyber related. Plan on using your computer or anything that depends on electricity? Kiss its ass goodbye. Just look at what could happen as a microcosm from the small incident in Texas with ice. That was just mother nature in one location.

Don't even get me started on modernizing the electrical grid and hardening the electrical grid from a CME from the sun. The last event was in the mid 1860s and it WILL happen again. Since everything is highly dependent on electricity it will be a massive SHTF scenario on so many levels. If it's cold you freeze to death, if it's hot you die from heatstroke. Can't buy food due to no power at the store, the POS (Point Of Sale) terminal, ATMs are down, banks are down, your water is down, etc, etc, etc ad nauseam.

Now lets point something out here that many may not know about Windows 10.

Windows 7 was released in 2009 and I count at least 1,190 CVEs (Common Vulnerabilities and Exposures) (source) from 2009 (its inception) till now. But, many of these CVEs also describe Windows 10 and other versions. So to be fair lets just drastically and conservatively cut that number in half to 595. Remember that number. That's the approximate CVEs for Windows 7 since its inception till now.

Lets now look at Windows 10. Windows 10 was released in 2015 and I count at least 1,073 CVEs from 2015 (its inception) till now. Add again, some of these CVEs cover Windows 7 and other Windows versions so lets drastically and conservatively cut that number in half to 536.

So we see Windows 7 has around ~595 CVEs since its inception till now and Windows 10 already has around ~536 CVEs since its inception. Yet Windows 10 is only six years old and Windows 7 is a massive 12 years old. So we see here Windows 10 is already on par to Windows 7's CVEs for Windows 7's lifetime!

So when people, especially your government say use Windows 10 because its more secure are full of shit. Yeah, they're patched but that's not the point at all. Point is how many other CVEs will come out of the wood work that will also need yet another cumbersome update that can and WILL hose your OS over and all of your data due to low QC (Quality Control)? And guess what? If it's free you're probably the product. I highly doubt a multi billion dollar company (currently $234.51 on NASDAQ wanted to be nice and just give a product away for free. No, I've recorded Windows 10 emanate TONS of Internet traffic from the NIC. At least 20 ASNs worth. This is what an ASN looks like. They represent whole swaths of CIDRs. https://bgp.he.net/AS8068#_prefixes So what does a /24 represent? 256 IP addresses. I count 20,992 IPs alone just for that one ASN. Did I mention Windows 10 using at least 20 ASNs? Yeah... Windows 7 or XP doesn't have any of that. Just a few IP hits for common stuff like Windows time, local network stuff, etc.


Anyway, will you eventually have to use 10? Yes. But I'd strip the hell out of it with nLite or check out Windows 10 AME. Though, that's not for everyone. So far I'm happy with AME during my testing. That's just me.

In the mean time, I downloaded the advisory in PDF format and will read it later. And remember. Seasons don't fear the reaper.
 

My Computer My Computer

At a glance

Windows 7 Ultimate x64
Computer type
PC/Desktop
OS
Windows 7 Ultimate x64
Is it just me, or was I the only one that read lax as in the ICAO for Los Angeles International Airport? LOL!
 

My Computer My Computer

At a glance

Windows 7 Ultimate x64
Computer type
PC/Desktop
OS
Windows 7 Ultimate x64
Back
Top