Home Depot Hacked with Old WinXP Flaw

The estimated 56 million Home Depot accounts exposed to potentially 3 billion in loses – was driven by an old WinXP flaw.–PC Pitstop

Home Depot Hacked with Old WinXP Flaw

By Stu Sjouwerman, for KnowBe4.com Security Awareness Training

The massive security breaches and theft of credit card information at The Home Depot and Target have something in common. They were both allowed by a vulnerability in XP embedded that was more than 10 years old!

The XP embedded, used in their POS systems, (yes, both definitions apply) was Win XPe SP3, which is not the last version of the XP-based embedded OSes. This whole disaster could have been avoided if Target and Home Depot upgraded to Win7 for Embedded Systems. Internal IT security people knew about this and told their friends and relatives to pay cash at Home Depot. OUCH.

Specific malware created for embedded XP systems reared up its ugly head in the middle of the last decade. They use a technique called “RAM scraping”, as WinXP has relatively weak memory access protection. Win 7’s memory protection is much better.

Article continued here

Want to get monthly tips & tricks?

Subscribe to our newsletter to get cybersecurity tips & tricks and stay up to date with the constantly evolving world of cybersecurity.

Related Articles