Category Archives: Case Study

‘Windows XPocalypse’ and Security

‘Windows XPocalypse’ and Security
By Tim (TK) Keanini

Technical support and automatic updates for Windows XP will ended on Tuesday, April 8th, 2014. This has brought up some concerns around security, as patches for known issues were previously delivered via the now defunct automatic updates. What does this mean for Windows XP users?

The Basics

First it is important to note that on April 8th, only a few variants of the XP operating system were End-of-Support. End-of-Support means that there will be no new security updates, non-security hotfixes, free or paid assisted support options, or online technical content updates. Further details can be found on Microsoft’s web site, but I will summarize the changes here.

The systems that people must worry about are:

  • -Windows XP Home Edition
  • -Windows XP Media Center
  • -Windows XP Professional
  • -Windows XP Tablet PC Edition

When it comes to embedded systems (non-desktop versions of XP), the only one that people need to take urgent action on is Windows XP Professional for Embedded Systems. This product is identical to Windows XP, and Extended Support ended on April 8, 2014. If you have an XP variant for which support ended on 4/8/14, you need to treat it as if it were already dead and move quickly into getting it replaced. Pretend that it caught fire, and you will be moving with the right amount of urgency.

Here are some other variants of Windows XP that are going to receive updates after 4/8/2014. Organizations should still be planning now for cutovers on these systems.

  • -Windows XP Embedded Service Pack 3 (SP3). This is the original toolkit and componentized version of Windows XP. It was originally released in 2002, and Extended Support will end on Jan. 12, 2016.
  • -Windows Embedded Standard 2009. This product is an updated release of the toolkit and componentized version of Windows XP. It was originally released in 2008, and Extended Support will end on Jan. 8, 2019.

Point of Sale Systems

It turns out that Point of Sale (POS) systems run two types of Windows Embedded platforms, but those End-of-Support dates are not until 4/12/2016 and 4/9/2019. Businesses should, however, take immediate action to identify which version they have and put in motion a plan to migrate well before these deadlines.

These systems include:

  • -Windows Embedded for Point of Service SP3. This product is for use in Point of Sale devices. It is built from Windows XP Embedded. It was originally released in 2005, and Extended Support will end on April 12, 2016.
  • -Windows Embedded POSReady 2009. This product for Point of Sale devices reflects the updates available in Windows Embedded Standard 2009. It was originally released in 2009, and Extended Support will end on April 9, 2019.

Since POS systems deal with such sensitive information and have become such big targets for attackers, retailers should definitely already be working with vendors to plan for these upgrades to ensure that there are no lapses in security. Some have asked if retailers should switch from traditional POS systems to wireless tablets and smart devices to increase security. However, this is not an effective defensive strategy as the adversary is able to find weaknesses in all information technology. The best strategy is to maintain diligent and vigilant security measures for whatever systems a retailer is using to take payments.

Security Vigilance

As businesses leverage information technology to remain competitive and grow, there is an equal responsibility to manage the security of this infrastructure. An accurate inventory and maintenance schedule is fundamental, and if a business or technology partner does not know the End-of-Support schedules for critical devices, bad things are certain to happen.

Businesses need to know the End-of-Life/End-of-Support schedule not only for all of the items on their own asset list, but also for the systems used by partners. If you have partners with technology, or you are using a Value Added Reseller, ask them to produce a monthly report of their applications or appliances that are coming up for End-of-Life/End-of-Support in the next 24 months. Stay ahead of the game and minimize surprises.

Handling Windows XP End-of-Support – Feed it, kill it, but don’t starve it.

As you all know by now, on April 8th 2014, Microsoft stopped supporting some variants of XP. The software industry for years has operated this way with every system on your network having a predetermined service life, but given the current threat landscape, I would like to propose a change. You see, the problem is that on 4/8/2014, all of these systems that are End-of-Support will continue to work just as they did on days and years prior. This is a big problem because people don’t change their behavior when things are business as usual.

What I’d like to see happen when any information technology reaches End-of-Support – meaning no fixes will be issued for newly found security vulnerabilities – is that it stops working. That’s right, kill it!  Having an End-of-Support/End-of-Life technology alive and connected to the Internet makes it a liability for everyone online. It is called End-of-Life for a reason, and what I want to see happen is for the vendor to literally end the technology’s life. One of the rules in my personal playbook is: Feed it or kill it, but never starve it. Complex and dynamic systems do not deal with this lingering state very well, and it is time we make a change in how we handle the service life of a product.

Traditionally, the retirement phase of a product’s service lifecycle begins with the announcement of the End-of-Sale (meaning you can no longer purchase the product), followed by a period of time known as the End-of-Life that ultimately ends with the End-of-Support date when no more updates will be released. This is a critical stage for close-sourced products, because no one other than the vendor can issue fixes, and that vendor just told you they will never issue another update no matter what. Right here, kill it please. The implementation of this new policy must happen early in the service life, but if done well both technically and socially, the world will be a safer place because the right expectations and events will drive the right behavior.

No product should be online if there is no opportunity to fix newly found vulnerabilities. We have a problem on the Internet where a patch is available and yet people are still irresponsibly running old versions. At least in these situations, remediation is available via an update, but when there is no update, my position is that the technology should be killed immediately.

These expired versions of Windows XP will continue to work, and trust me, they will be targeted by attackers because what better investment can the adversary make? If they spend a week to develop a new exploit, they get to use it on expired technologies until the end of time, as no patches will ever fix it.

You can ask customers politely and even urgently to upgrade, but until their current version stops working, or worse, is part of a security-related catastrophe, they will typically do nothing. The reason Y2K drove a change in human behavior was because on that date, old code was going to fail – there was a clear and significant event approaching. On April 8th 2014, customers’ Windows XP systems worked just like they did on days prior. I predict that End-of-Support XP systems will still be on the Internet and will be used for botnets and other supply-side resources for adversaries.

Consider this problem five or ten years into the future when millions of devices brought on by the Internet of Things are allowed to remain online after their End-of-Support date. We cannot afford this, people! The change I’m pushing is good for everyone because Internet security is everyone’s problem.

Tim (TK) Keanini is the CTO of Lancope.

Journalism Professor Analyzes Role of Political Cartoons, Social Media During Syrian Crisis

Journalism Professor Analyzes Role of Political Cartoons, Social Media During Syrian Crisis
By Mike Krings

Political cartoons aren’t just for newspapers any more. A University of Kansas professor and her students analyzed how political cartoons were presented on Facebook during the Syrian uprising, the themes they explored, reactions to them and what they can tell us about social media use in Syria.



When Syrians rose up against President Bashar al-Assad in 2011, the government began a severe crackdown against its people. Hyunjin Seo, assistant professor of journalism, and doctoral students Goran S. Ghafour and Ren-Whei Han archived and analyzed 164 political cartoons from the Comic4Syria Facebook page, a site devoted to posting cartoons from professional and amateur illustrators about the conflict and the suffering of the Syrian people. The researchers examined cartoons from July 24, 2012, when the page opened, until Nov. 23, 2013.Seo and her co-authors analyzed the images to understand more about the topics of the cartoons, the frames they used, characters depicted in them, how they depicted men, women and children and which types of images drew the most reaction from viewers.

Examining political cartoons from Syria in a digital age served several purposes, as social media has allowed more people to share political opinions freely. The medium is also undergoing transition from being the domain of newspapers, especially in countries such as Syria with significant media censorship.

“As the platform has become more democratic, I think there are a lot more studies that can be done about the role of political cartoons,” Seo said. “Their use in Syria was very interesting as the landscape of Syrian opposition is very complicated.”

The researchers analyzed the structure of the cartoons to determine common features. Of the 164 images studied, 81 percent featured Arabic only, while 11 percent featured English only and about 8 percent featured both Arabic and English. Nearly half, 47 percent, of the cartoons featured both male and female characters, 39 percent featured only male characters, and only 1.8 percent featured only female characters. The rest featured characters whose gender was unclear or did not feature human characters at all.

Of the cartoons featuring human characters, 60 percent featured only adults, while 28 percent featured adults and children, while 3.7 featured only children, and the remainder were characters whose age group was unclear.

Syrian cartoons averaged more than 243 “likes,” with the highest number of likes reaching 1,531. Comments made on the images averaged 11.77, ranging from zero to 110. The images were also shared frequently, including one that was shared 3,237 times.

The researchers examined frames used in the cartoons and identified six: freedom, oppression, international influence, hypocrisy, media influence and sectarianism. Oppression was by far the most common frame, at 52 percent, while freedom and international influence followed at 14 and 12 percent, respectively.

The president’s regime was by far the most common topic, featured in 89 percent of analyzed comics. Mental torture and physical torture were also common, featured in more than 50 percent of the cartoons as well.

The most common topics and frames did not necessarily draw the most viewer reaction.

“There were cartoons examining media effects and how they were distorting facts and supporting al-Assad’s propaganda,” Seo said. “Those were the cartoons that received the most likes.”

Cartoons with a hypocrisy or oppression frame followed media influence in most likes generated. Freedom and sectarianism received the fewest. Media-influence cartoons were also the most shared, followed by international influence and hypocrisy. Those patterns held true for cartoons that generated the most comments as well. Media influence was once again at the top.

In terms of cartoon topics, martyrdom was the most effective, generating more likes and comments than others such as mental torture, al-Assad’s regime and others. However, in terms of which topics were more likely to be shared, mental torture rated the highest, followed by martyrdom, international influence and the Syrian regime.

When examined by types of characters featured, those with political leaders of other countries received the most likes, comments and shares.

Seo and her co-authors will present their research in May at the International Communication Association Conference in Seattle. The research is part of an ongoing line of work in which Seo has analyzed the role social media can play in social change. She has studied social media use during the Arab Spring, Twitter images used in the Israeli-Palestinian conflict and Internet connectivity in the Middle East. She is beginning a new grant-funded study in which she’ll analyze the Facebook use of al-Assad and opposition forces during the ongoing uprising and civil war. She was also selected as an emerging scholar by the Association for Education in Journalism and Mass Communication in recognition of her work.

The analysis of Comic4Syria images not only adds to visual communication studies, it helps provide a deeper look at how Syrians viewed the uprising, especially important in a region of the world in which media censorship is common practice and crackdowns were common against both Syrian and foreign journalists.

“Social media has emerged as an important channel through which Syrian civilians document the Syrian revolution and people around the world get a glimpse of what was happening in Syria,” the authors wrote. “By analyzing political cartoons posted to the Comic4Syria Facebook page, this research helps provide a more nuanced understanding of digital media-facilitated communication practices in Syria.”

Mike Krings is a public affairs officer in the KU News Service.