Back in those days when XP was introduced, it completely overhauled windows 98 with new graphics and functionality. Currently, Windows XP has become 16 years but it has not lost its popularity, we can still see windows XP in different kinds of organizations, especially in government organizations in Nepal. I have observed, government employees, playing Solitaire while we waited in line for hours. According to statcounter.com, Windows XP is still running on 3% of all desktops.

Key Vulnerabilities

There is no support for XP by Microsoft since April 8, 2014. So, Windows XP computers are more vulnerable to information security threats. Hence, came the Ransomware attack which was in the headlines in May 2017. This is not the end of it, we will most likely hear more security attacks on XP machines in near future also. Further, this will lead the Windows XP machine to be the target of Zero-Day exploits as when windows launch any security patches for its operation system, exploiters will figure out what vulnerability is fixed by that patch and then launch with launch their exploit on Windows XP machines.

There are many vulnerabilities found in Windows XP like buffer overflow of internet explorer and easy targets of different malware. The major key security threat in XP was that the administrator account had unlimited privileges.

I have made the following video to show how windows machines can be exploited using these vulnerabilities. In this video, I have used different techniques to attack windows XP machines to show you how vulnerable these machines are. The two techniques related to buffer overflow attack: memory flaws of Internet Explorer 6 and another well-known flaw of SMB protocol. The third one is the Man-In-Middle attack. The final one is related to deploying Trojan or backdoor.

DISCLAIMER: THis VIDEO IS MADE FOR EDUCATIONAL PURPOSE ONLY. PLEASE RESPECT OTHER PEOPLE’S PROPERTY AND PRIVACY AS YOU DO FOR YOURS. THANK YOU.

Why Use of XP so prevalent

As discussed earlier, the Windows XP machines are still being used largely in various types of the organization. Why is the reason for being so? The main reason is the usually in a government organization, once they purchase a desktop, they will not replace it until and unless it turns to scrap material. During the Window 98 era, more organization were in manual mode, most of these institutions did not use the computer for day to day work. When they did gradually started to upgrade them, they got stuck on XP and then decided not to upgrade at all. Up-gradation requires a lot of effort and time.

Microsoft launched Windows Vista after the success of Windows XP, however, it failed miserable. As per Wikipedia, Vista was expensive, the current user hardware system was not able to support that product and other legal issues to name a few. Due to the mass failure of windows VISTA, the user uninstalls that operating system and switch back to Windows XP.

Mitigation

The only way to protect yourself is to upgrade window XP with the latest version windows system. There is no other option. However, if you still need to use Windows XP then the following solution may be adopted.

1. Segregate the network in which the XP machine is installed. This network should be protected by a strong firewall to control the traffic going inside and outside the network.
2. The main problem with XP was that its’ administrator had unlimited privileges. Therefore, such accounts should be strictly controlled and monitored.
3. Finally, to emphasize again, this kind of system should be upgraded as soon as possible. Because in coming future new vulnerabilities are likely to discover and exploits will be made to compromise these kinds of vulnerabilities.

Thank you for reading. If you have found it useful, please do share.

It is estimated that only 4% is on the surface web, while 96% of online content is found on Deep Web. So what is the concept of the deep web, darknet, onion routing? Let’s Explore Them. 

Onion Routing was developed in the 1970s which created an overlay network that is built on the top of another network i.e., the Internet. This network finally became available under an open-source license for everyone to use which eventually became TOR. There are other networks like TOR, together all of them became Deep Web. The contents of this web cannot be accessed by normal search engines like google, bing. One example of such a network can be a private network of any organization which cannot be accessed through any commercial search engines.

The dark Net is a shady area inside the Deep web which is used by criminals to perpetuate their criminal activities. like drug trafficking, illegal sale of weapons, child pornography. All these goods are purchased and sold via Bitcoin.

Deep Web and Dark Web when combined becomes Dark Net. 

Concept of TOR

The main reason for the birth of Tor was to provide anonymity to users while surfing on the deep web. It does this by encrypting the IP address of users by routing via several other computers using the same software. Since normal browsers like, Chrome, Firefox is not able to access the Dark Net, one needs TOR Browser to access TOR hidden services which are a bunch of URLs that are merely a string of meaningless numbers and letters that end in .onion like this one http://owmx2uvjkmdgsap2.onion/. TOR also can be used to access other sites indexed by Google and other search engines.

The popularity of Dark Net

The main purpose of the creation of the Dark Net is to provide anonymity to users which have been a major concern regarding protecting one’s privacy. This issue got further escalated when in 2013,  Edward Joseph Snowden disclosed illegal surveillance programs carried out by NSA, USA. In today’s world, when you use the internet, you leave digital fingerprints. As a result, your details like time, location, and goods purchased from credit card, debit card when combined with data in your mobile phone will create Metadata about you and it tells a story about you based on facts that are not entirely true. So, these Metadata are maintained by different Countries’ governments, big corporations, and so on to analyze your behavior, preferences. There are examples where people were detained or hassle by authorities because they made certain comments against their government or searched something on the internet. So Dark Net became an alternative internet that provides anonymity to people securely from the prying eyes of the government. Privacy is a privilege that should not be taken for granted. When your privacy is limited, then you suddenly became aware of what you type in search engines. This puts a limit on freedom of expression which is an intellectual blockade. This is the reason why the Dark Net has become an asylum for Whistle Blower, journalists who can express their opinion without any fear of being reprimanded.

Secondly, Dark Net is advertisement free. As discussed earlier, every activity about users is recorded in the vast database which is owned by big corporations. On the basis of those data, they analyze people’s likings and whatnot, and then they start to bombard them with different kinds of advertisements. Don’t believe me, try searching Youtube relating how to create your own website 2-3 times, next time even if you watch a funny cat video, they will be showing you web hosting or tech-related adds.

Finally, you cannot be stalked by any hackers. Your anonymity is preserved and you are sure that no one looking at financial records, medical records or browsing internet history. 

What is Bitcoin?

Bitcoin’s inception has its root in the 2008 global financial crisis. Where the banks, which were too big to fail like the Lehman Brothers, collapsed leading to a chain effect and ultimately causing a worldwide economic meltdown. In that crisis, many people were protesting against their central governments who did not take any precautionary measures to prevent this crisis leading to worldwide disbelief in their way of managing currency.

In this turmoil situation, an anonymous person or group of persons, known as Santoshi Nakamoto, published his research paper on public cryptography forum, where he said that he had developed an electronic cash system that will work over the internet which is based on peer to peer transaction. He explained his theory in his white paper with proof of concept. Later on, other brilliant minds decided to join him and that lead to the creation of the first global decentralized money or virtual currency known as bitcoin.

Now, it is time that you understand the concept of money. Fiat or physical currency that you carry is nothing more than a promissory note or legal tender that is recognized by everybody, why?? because the government of the country to which that currency belongs has promised or guaranteed that they will pay the value mentioned in that currency. In this way, we are trusting our government to make good on its promises by keeping the value of the currency afloat. So, what happens, when a government betrays our trust, the money becomes worthless, we lose our hard-earned saving,s and let’s say, what follows is not a good picture.

In peer to peer transactions, the value of bitcoin is determined by people based on demand and supply, when there is more demand for Bitcoin it’s price will increase and when there is less, it will decrease.

As of today, 13^th  June 2020 at 4 hours 3 minutes 23 seconds, the current price index of bitcoin can be seen from this figure.

I like to point out another major thing, that is, BitCoin is a very volatile currency. History is witness, that value of bitcoin has increased sharply and in a similar way plunged, causing a lot of investors to lose their substantial money. So, if you are thinking of investing in bitcoin, make sure you do your homework. Don’t invest because your father’s friend’s son is getting rich by doing it.

The transaction of Bitcoin works as an open accounting system as there is a network of a lot of computers whose main job is to record the ownership of transactions in a public ledger which is called a blockchain. The process of recording the ownership of a transaction is called Mining. Every miner is rewarded with a Bitcoin for successful completion of the recording of the transaction. We will not go into the details of blockchain or mining because they are a huge topic on their own so it may be subject matter for my next video lectures.

In some countries, it is illegal to trade in bitcoin. In Nepal, it is illegal to trade in bitcoin, as you can see from this notice from Nepal Rastra Bank, which is the Central Bank of Nepal. It says clearly that Bitcoin is not recognized as the official currency of Nepal, so, it is illegal for anybody to carry out any transactions in the bitcoin. But, if you are in other countries, you want to first check with your country’s regulatory requirements before you decide to do transactions in bitcoin.

In the below tutorial, we will show you how a bitcoin wallet can be created using Electrum.

Important Concept of Money Laundering that you ought to know:

For newbies, Money laundering is not converting illegal money to legal but it is the process of hiding the source of income. The following example will clarify this concept.

Let’s say, somebody, we will call him Mr. Criminal, has stolen a whole bunch of credit cards. He cannot use those cards directly because the transactions can be traced and he will be caught. So, his next genius plan is to buy a lot of gift cards from those credit cards. Now, what he will do, is to covert the value of those gift cards into bitcoins. So, in this way what he has done is called money laundering. He had obtained those cards illegally by stealing and converted the money into gift cards. Again the source of income of that gift card is still stolen money from credit cards, right. Finally, once, he has converted gift cards into bitcoin, he has successfully hidden the source of income because the whole premise of bitcoin is based on privacy and anonymity.

Having said that, we don’t want you to take this point home, that is, bitcoin is bad. The purpose which had lead to the creation of Bitcoin was very good. It’s is the best gift for humankind. With privacy there comes anonymity. Both concepts look similar in a sense but may carry different meanings according to the situation. You want privacy, that is your right. But when somebody wants to be anonymous then the main objective here is that he does not want others to find out what is he doing. In most cases, that maybe not for the right purpose. Take the example of the Silk Road, where anybody could buy any kind of illegal drugs via Bitcoin. Yes, there are bad actors who are using bitcoin but aren’t there are in other sectors also.

Accessing Dark Net

I have found two ways to access Dark Net. One way is to install TOR Browser in your computer and configure it. You also need to have a good VPN. You can find instruction to install TOR Browser in windows, Linux, mac in the following link:
https://www.torproject.org/projects/torbrowser.html.en

The other method is using TAILS software. It is safe and easy to use. The following video shows how to use TAILS to access the darknet.

However, users should need to use some common sense while surfing through the deep web like never revealing their Personal Identification Information(PII). There are lots of scam websites on the darknet so caution is advised. Dark Net is also swamped with illegal websites so when you visit them there is still a chance that you will be tracked later.

Have happy and safe surfing.

SHARE if you found it useful….