Security Software Breach Alert

Terms of Reference

Refer to the post, Terms of Use Agreement Xerqon Technologies, WIX Blog 2025, for early, legal due diligence

As a former victim of VPN network attacks, and many compromised computers later, it has taken the author over a decade of troubleshooting to gain insight into how VPNs are being exploited by network intruders. Never store security passwords, particularly private keys in plain sight. They must never be seen by human eyes or exposed to human insight, including via aural or verbal distribution.

Call centre security employees can be the only verbal or email leak of passwords for internet security, by showing too much compassion for somebody who has been password-locked out of their software’s operation - a scenario which is enhanced by inclusion of an exchange of favour between caller and the person who can reset account information, especially the email address used for password resets.

The software in traditional Internet Security Software, particularly VPN cyphers may offer direct network port access from one Internet Security installation to another installation of the same software with matching login (password) configuration. This would allow a network intruder to take over a computer with software installed at the point of presence of the target user.

The previous component is knowing the device login and password configuration. The last is often gained by a compromised third party including an operating system technician - gained by obtaining the computer serial number from the vendor.

Once an alternative BIOS password from the network intruder is placed into the device remotely, the intruder becomes the computer senior administrator and they have supreme control of the device.

Microsoft should only issue proxy or composite BIOS login primary keys (passwords). Their update service is also security software.

All security applications must use the solution in the blog post Device Level, MAC IP Address Authentication for application network isolation. It means that all security software installations are unique. That solves the security breach concern. An additional factor would be to make Security Software completely thick client software with MAC authenticated installation and operation. All software on Windows computers should be preregistered with Microsoft and updated only via Microsoft, by customer agreement.

Microsoft can avert the network access control disablement by simply employing OTP (one time password) to reset the bios password. The same would be required to reset the operating system or it MAC address by including MAC Address Authentication as part of the phone’s two factor authentication. The necessity of the MAC Authentication is that it prevents a cloned SIM from accessing the OTP authentication from another device.

Microsoft Remote Desktop Services is where the updated and historical MAC address and other network parameters are discoverable on a Windows device. In the meantime simply placing your own BIOS password on your Windows device will prevent hardware, network Administration surrender. While BIOS password does not guarantee full protection against intrusion, it will limit the device from being commandeered by the intruder. That is why the passwords must be stored on an alternative database. They never must be stored simply in a thin client or thick client database on the same device, such as Google or Apple password manager, unless they can only accessed with their own passkey.

Buyer beware. Best of fortune in hardening business and personal networks.

© Xerqon ABN 97661410108 2025