EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

11.27.10

Windows Kernel Vulnerability for Thanksgiving, Insecurity Used for Surveillance Again

Posted in Microsoft, Security, Windows at 5:56 am by Dr. Roy Schestowitz

Oppression and proprietary software are a pair

Guard with machine gun

Summary: Another major security problem in Windows, new destinations for Stuxnet, and new excuses for tracking one’s Web trails

IT IS not uncommon for Microsoft to leave systems administrators rather restless over the holidays, most typically over Christmas. Users too are left paranoid. This holiday season (US in particular) was no exception as a new Windows kernel vulnerability bypasses UAC, says Slashdot, citing Sophos:

“A new vulnerability in the Windows kernel was disclosed Wednesday that could allow malware to attain administrative privileges by bypassing User Account Control (UAC). Combined with the unpatched Internet Explorer vulnerability in the wild this could be a very bad omen for Windows users.”

From the original source rather than Slashdot‘s summary:

A new zero-day exploit in Microsoft Windows was disclosed today. The exploit allows an application to elevate privilege to “system,” and in Vista and Windows 7 also bypass User Account Control (UAC). The flaw was posted briefly on a programming education site and has since been removed.

According to another report, Stuxnet is still out there and now it is sold on the black market.

According to a report from Sky News, the Stuxnet worm has already been traded on the black market. The report does not clarify whether this refers to the source code or to binary samples. British security specialists now fear that terrorists could use the worm to attack critical infrastructure. The report quotes an IT security consultant to the UK government as claiming, “You could shut down power stations, you could shut down the transport network across the United Kingdom”.

We wrote about Stuxnet many times before and it is interesting because some say it was engineered in order to spy on or to sabotage nuclear facilities in so-called ‘rogue’ nations. See for example:

  1. Ralph Langner Says Windows Malware Possibly Designed to Derail Iran’s Nuclear Programme
  2. Windows Viruses Can be Politically Motivated Sometimes
  3. Who Needs Windows Back Doors When It’s So Insecure?
  4. Windows Insecurity Becomes a Political Issue
  5. Windows, Stuxnet, and Public Stoning
  6. Stuxnet Grows Beyond Siemens-Windows Infections
  7. Has BP Already Abandoned Windows?
  8. Reports: Apple to Charge for (Security) Updates
  9. Windows Viruses Can be Politically Motivated Sometimes
  10. New Flaw in Windows Facilitates More DDOS Attacks
  11. Siemens is Bad for Industry, Partly Due to Microsoft
  12. Microsoft Security Issues in The British Press, Vista and Vista 7 No Panacea
  13. Microsoft’s Negligence in Patching (Worst Amongst All Companies) to Blame for Stuxnet
  14. Microsoft Software: a Darwin Test for Incompetence
  15. Bad September for Microsoft Security, Symantec Buyout Rumours
  16. Microsoft Claims Credit for Failing in Security
  17. Many Windows Servers Being Abandoned; Minnesota Goes the Opposite Direction by Giving Microsoft Its Data
  18. Windows Users Still Under Attack From Stuxnet, Halo, and Zeus
  19. Security Propaganda From Microsoft: Villains Become Heroes
  20. Security Problems in iOS and Windows
  21. Eye on Security: BBC Propaganda, Rootkits, and Stuxnet in Iran’s Nuclear Facilities
  22. Eye on Security: ClamAV Says Windows is a Virus, Microsoft Compromises Mac OS X, and Stuxnet Runs Wild

A few days ago we mentioned MSBBC articles which clearly neglected to mention Windows in stories that were about Windows-exclusive problems.

“ANOTHER Windows only story from the #BBC not mentioning Windows,” wrote Gordon, “they send people to jail for not paying for this s**t,” he added” (the MSBBC is funded by British taxpayers).

Gordon is right because Windows malware is the central issue discussed in the article (although it avoids mentioning Microsoft or Windows). For example:

He was caught installing password-capturing software by computer staff examining network problems.

This is a form of surveillance by a criminal. But we previously explained how surveillance uses security as a pretext (sometimes targeted marketing is the preferred excuse) and this includes security problems in software. On that issue, Gordon shares another MSBBC article . It talks about “virus alert system” (not mentioning Windows of course) and Gordon says one “gotta love the ISPs who spy on their customers connections #TalkTalk… this excuse is “malware protection” [still Windows of course]“:

Talk Talk is launching trials of a controversial anti-malware system following intervention by the Information Commissioner (ICO).

The Virus Alert system keeps an eye on the websites customers visit to stop them accidentally going to places riddled with viruses.

More here in The Inquirer:

BROADBAND PROVIDER Talk Talk has announced it will continue rolling out a traffic monitoring system that it claims will protect its customers.

The opt-in Virus Alerts Service (VAS) was recently likened to the now banned traffic snuffling operation Phorm by the UK Information Commissioner’s Office. It claims to track URLs visited by Talk Talk customers and warn them if a website harbours malware.

The problem here is proprietary software and also this illusion of needing government help (with Phorm that’s harboured by it) to simply navigate through some Web pages.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New


  1. Team UPC Calls Critics of the UPC Idiots, Deletes Their Comments, and Blocks Them

    A new low for Team UPC, which is unable to cope with reality and has begun literally mocking and deleting comments of people who speak out truths



  2. How the Opposition to CRISPR Patents at the EPO Sent Shockwaves Through the Industry

    Additional reports/coverage on the EPO (European Patent Office) revoking Broad Institute's CRISPR patent show that the issue at hand isn't just one sole patent but the whole class/family of patents



  3. Unified Patents Says That RPX, Which Might Soon be Owned by Patent Trolls, Paid Patent Trolls Hundreds of Millions of Dollars

    Unified Patents, which helps crush software patents, takes note of RPX’s financial statements, which reveal the great extent to which RPX actually helped trolls rather than stop them



  4. IAM Together With Its Partner, IIPCC, is Lobbying the USPTO to Crush PTAB and Restore Patent Chaos

    Having handled over 8,000 petitions (according to Professor Lemley's Lex Machina), PTAB champions patent quality at the USPTO, so front groups of the litigation 'industry' creep in and attempt to lobby the likely next Director of the USPTO (inciting him against PTAB, as usual)



  5. Software Patents Are Still Dropping Like Flies in 2018, Thanks to Alice v CLS Bank (SCOTUS, 2014) and Section 101 (USPTO)

    Section 101 (§ 101) is thriving in the sense that it belatedly throws thousands of patents -- and frivolous lawsuits that depend on them -- down the chute; the patent trolls and their allies in the patent microcosm are very furious and they blame PTAB for actually doing its job (enforcing Section 101 when petitioned to do so)



  6. Patent Troll Finjan Looks Like It's About to Collapse, But Patent Maximalists Exploit It for Software Patents Promotion

    Patent trolls are struggling in their use of software patents; few (if any) of their patents are upheld as valid and those that miraculously remain in tact become the subject of fascination if not obsession among trolls' advocates



  7. The Attacks on PTAB Are Slowing Down and Attempts to Shield Oneself From Inter Partes Reviews (IPRs) Are Failing

    The Patent Trial and Appeal Board (PTAB) reapplies patent eligibility tests/guidelines in order to squash likely invalid patents; The litigation 'industry' is not happy about it, but its opposition to PTAB is also losing steam



  8. Links 21/1/2018: Wine 3.0 Coverage, KaOS 2018.01, Red Hat Among 'Admired Companies'

    Links for the day



  9. Blockchain Patents Are a Catastrophe in the Making as Trolls and Aggressors Accumulate Them

    As patents pertaining to blockchains continue to be granted -- even in defiance of Alice/Section 101 -- it seems likely that patent wars will sooner or later erupt, involving some large banks, IBM, and patent trolls associated with the notorious Erich Spangenberg



  10. Qualcomm/Broadcom/NXP Combination Would Become a Disastrous Patent Thicket Which Benefits Nobody

    Worried by the prospect of mega-mergers and takeovers which would put far too much market power (and monopoly through patents) in one place, governments and corporations speak out



  11. Patent Litigation in East Asia: Huawei, Samsung, HTC, Nintendo and COLOPL

    A quick look at some high-profile cases in which large Asian firms are embroiled; it seems clear that litigation activities have shifted eastwards (where actual production is done)



  12. Patent Litigation in the US is Down Sharply and Patent Trolls' Demise Has Much to Do With It

    Docket Navigator and Lex Machina both show a significant decline in litigation -- a trend which is likely to carry on now that TC Heartland is in tact (not for just half a year but a whole year) and PTAB completes another record year



  13. Cheating the US Patent System is a Lot Harder After TC Heartland

    Some new examples of tricks (and sometimes cheats) attempted by patent claimants and their representatives; it does not go as well as they hoped



  14. RPX Might Soon be Owned by Patent Troll Erich Spangenberg

    RPX, whose top executives are leaving and business is gradually dying, might end up as another 'asset' of patent trolls



  15. Patent Quality (Not Numbers) as an Asset: Oppositions, Appeals and Rejections at the EPO

    Benoît Battistelli wants a rubber-stamping operation (like INPI) rather than a functional patent office, but oppositions at the Office prove to be fruitful and many erroneously-granted patents are -- by extrapolation -- already being revoked (affecting, in retrospect, Battistelli's so-called 'results')



  16. Links 19/1/2018: Linux Journalism Fund, Grsecurity is SLAPPing Again

    Links for the day



  17. The EPO Ignores This Week's Decision Which Demonstrates Patent Scope Gone Awry; Software Patents Brought Up Again

    The worrisome growth of European Patents (EPs) — a 40% jump in one year in spite of decline in the number of patent applications — is a symptom of the poor judgment, induced largely by bad policies that impede examiners’ activities for the sake of so-called ‘production’; this week's decision regarding CRISPR is another wake-up call and software patents too need to be abolished (as a whole), in lieu with the European Patent Convention (EPC)



  18. WesternGeco v ION Geophysical (at the US Supreme Court) Won't Affect Patent Scope

    As WesternGeco v ION Geophysical is the main if not sole ‘major’ patent case that the US Supreme Court will deal with, it seems safe to say that nothing substantial will change for patent scope in the United States this year



  19. Links 18/1/2018: MenuLibre 2.1.4, Git 2.16 Released

    Links for the day



  20. Microsoft, Masking/Hiding Itself Behind Patent Trolls, is Still Engaging in Patent Extortion

    A review of Microsoft's ugly tactics, which involve coercion and extortion (for businesses to move to Azure and/or for OEMs to preload Microsoft software) while Microsoft-connected patent trolls help hide the "enforcement" element in this whole racket



  21. Patent Prosecution Highway: Low-Quality Patents for High-Frequency Patent Aggressors

    The EPO's race to the bottom of patent quality, combined with a "need for speed", is a recipe for disaster (except for litigation firms, patent bullies, and patent trolls)



  22. Press Coverage About the EPO Board Revoking Broad's CRISPR Patent

    Even though there's some decent coverage about yesterday's decision (e.g. from The Scientist), the patent microcosm googlebombs the news with stuff that serves to distract from or distort the outcome



  23. Links 17/1/2018: HHVM 3.24, WordPress 4.9.2

    Links for the day



  24. No Patents on Life (CRISPR), Said EPO Boards of Appeal Just a Few Hours Ago

    Broad spectacularly loses its key case, which may soon mean that any other patents on CRISPR too will be considered invalid



  25. Only Two Weeks on the Job, Judge Patrick Corcoran is Already Being Threatened by EPO Management

    The attack on a technical judge who is accused of relaying information many people had already relayed anyway (it was gossip at the whole Organisation for years) carries on as he is again being pushed around, just as many people predicted



  26. EPO Board of Appeal Has an Opportunity to Stop Controversial Patents on Life

    Patent maximalism at the EPO can be pushed aback slightly if the European appeal board decides to curtail CRISPR patents in a matter of days



  27. Links 16/1/2018: More on Barcelona, OSI at 20

    Links for the day



  28. 2018 Will be an Even Worse Year for Software Patents Because the US Supreme Court Shields Alice

    The latest picks (reviewed cases) of the Supreme Court of the United States signal another year with little or no hope for the software patents lobby; PTAB too is expected to endure after a record-breaking year, in which it invalidated a lot of software patents that had been erroneously granted



  29. Patent Trolls (Euphemised as “Public IP Companies”) Are Dying in the United States, But the Trouble Isn't Over

    The demise of various types of patent trolls, including publicly-traded trolls, is good news; but we take stock of the latest developments in order to better assess the remaining threat



  30. EPO Management and Team UPC Carry on Lying About Unified Patent Court, Sinking to New Lows in the Process

    At a loss for words over the loss of the Unitary Patent, Team UPC and Team Battistelli now blatantly lie and even get together with professional liars such as Watchtroll


CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts