EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

11.27.10

Windows Kernel Vulnerability for Thanksgiving, Insecurity Used for Surveillance Again

Posted in Microsoft, Security, Windows at 5:56 am by Dr. Roy Schestowitz

Oppression and proprietary software are a pair

Guard with machine gun

Summary: Another major security problem in Windows, new destinations for Stuxnet, and new excuses for tracking one’s Web trails

IT IS not uncommon for Microsoft to leave systems administrators rather restless over the holidays, most typically over Christmas. Users too are left paranoid. This holiday season (US in particular) was no exception as a new Windows kernel vulnerability bypasses UAC, says Slashdot, citing Sophos:

“A new vulnerability in the Windows kernel was disclosed Wednesday that could allow malware to attain administrative privileges by bypassing User Account Control (UAC). Combined with the unpatched Internet Explorer vulnerability in the wild this could be a very bad omen for Windows users.”

From the original source rather than Slashdot‘s summary:

A new zero-day exploit in Microsoft Windows was disclosed today. The exploit allows an application to elevate privilege to “system,” and in Vista and Windows 7 also bypass User Account Control (UAC). The flaw was posted briefly on a programming education site and has since been removed.

According to another report, Stuxnet is still out there and now it is sold on the black market.

According to a report from Sky News, the Stuxnet worm has already been traded on the black market. The report does not clarify whether this refers to the source code or to binary samples. British security specialists now fear that terrorists could use the worm to attack critical infrastructure. The report quotes an IT security consultant to the UK government as claiming, “You could shut down power stations, you could shut down the transport network across the United Kingdom”.

We wrote about Stuxnet many times before and it is interesting because some say it was engineered in order to spy on or to sabotage nuclear facilities in so-called ‘rogue’ nations. See for example:

  1. Ralph Langner Says Windows Malware Possibly Designed to Derail Iran’s Nuclear Programme
  2. Windows Viruses Can be Politically Motivated Sometimes
  3. Who Needs Windows Back Doors When It’s So Insecure?
  4. Windows Insecurity Becomes a Political Issue
  5. Windows, Stuxnet, and Public Stoning
  6. Stuxnet Grows Beyond Siemens-Windows Infections
  7. Has BP Already Abandoned Windows?
  8. Reports: Apple to Charge for (Security) Updates
  9. Windows Viruses Can be Politically Motivated Sometimes
  10. New Flaw in Windows Facilitates More DDOS Attacks
  11. Siemens is Bad for Industry, Partly Due to Microsoft
  12. Microsoft Security Issues in The British Press, Vista and Vista 7 No Panacea
  13. Microsoft’s Negligence in Patching (Worst Amongst All Companies) to Blame for Stuxnet
  14. Microsoft Software: a Darwin Test for Incompetence
  15. Bad September for Microsoft Security, Symantec Buyout Rumours
  16. Microsoft Claims Credit for Failing in Security
  17. Many Windows Servers Being Abandoned; Minnesota Goes the Opposite Direction by Giving Microsoft Its Data
  18. Windows Users Still Under Attack From Stuxnet, Halo, and Zeus
  19. Security Propaganda From Microsoft: Villains Become Heroes
  20. Security Problems in iOS and Windows
  21. Eye on Security: BBC Propaganda, Rootkits, and Stuxnet in Iran’s Nuclear Facilities
  22. Eye on Security: ClamAV Says Windows is a Virus, Microsoft Compromises Mac OS X, and Stuxnet Runs Wild

A few days ago we mentioned MSBBC articles which clearly neglected to mention Windows in stories that were about Windows-exclusive problems.

“ANOTHER Windows only story from the #BBC not mentioning Windows,” wrote Gordon, “they send people to jail for not paying for this s**t,” he added” (the MSBBC is funded by British taxpayers).

Gordon is right because Windows malware is the central issue discussed in the article (although it avoids mentioning Microsoft or Windows). For example:

He was caught installing password-capturing software by computer staff examining network problems.

This is a form of surveillance by a criminal. But we previously explained how surveillance uses security as a pretext (sometimes targeted marketing is the preferred excuse) and this includes security problems in software. On that issue, Gordon shares another MSBBC article . It talks about “virus alert system” (not mentioning Windows of course) and Gordon says one “gotta love the ISPs who spy on their customers connections #TalkTalk… this excuse is “malware protection” [still Windows of course]“:

Talk Talk is launching trials of a controversial anti-malware system following intervention by the Information Commissioner (ICO).

The Virus Alert system keeps an eye on the websites customers visit to stop them accidentally going to places riddled with viruses.

More here in The Inquirer:

BROADBAND PROVIDER Talk Talk has announced it will continue rolling out a traffic monitoring system that it claims will protect its customers.

The opt-in Virus Alerts Service (VAS) was recently likened to the now banned traffic snuffling operation Phorm by the UK Information Commissioner’s Office. It claims to track URLs visited by Talk Talk customers and warn them if a website harbours malware.

The problem here is proprietary software and also this illusion of needing government help (with Phorm that’s harboured by it) to simply navigate through some Web pages.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New


  1. Links 29/5/2017: Another Linux RC, Enlightenment 0.21.8 Released

    Links for the day



  2. Links 28/5/2017: Mesa 17.1.1, Wine 2.9, KDevelop 5.1.1

    Links for the day



  3. Patent Dangers to Linux and Android: Qualcomm, Apple, and Nokia

    The prevailing problem which is companies with mountains of patents going after OEMs, using a bulk of infringement accusations, and demanding 'protection' money



  4. Colossal Institutional Failure Surrounding the European Patent Office (EPO) and EPO Chickens Out of Debate About It

    Shielded by a network of institutions, governments, and departments that facilitate the EPO's abuses by inexcusable inaction, Team Battistelli continues to hoard more money and power



  5. The United States Has Already Tackled Both Software Patents and Patent Trolls

    An outline of some notable responses to TC Heartland and where we go from here



  6. Cloudflare Wants to Completely Squash the Patent Troll Blackbird Technologies by Squashing the Only Thing It Has

    Putting more of its money to good use, for a change, Cloudflare goes for the kill against Blackbird Technologies, which has no technologies, just patents and lawsuits



  7. Links 25/5/2017: Mesa 17.1.1, Qt 5.9.0 RC, and Much More

    Links for the day



  8. Links 24/5/2017: New RHEL Beta, SteamOS Updated

    Links for the day



  9. Great News: While IBM et al Try to Undermine Patent Reform the Supreme Court Deepens the Reform in TC Heartland Case

    In a unanimous decision, with the court ruling 8-0 against TC Heartland, the monkey business in East Texas (beneficial to patent trolls and large businesses that leverage software patents) may have just come to an end



  10. Speculations About Battistelli's End of Term, Campinos at EUIPO, and Failed UPC Ambitions

    Rumours and speculations surrounding the fate of the EPO's leadership now that the UPC gravy train is stuck again and Battistelli's protector, Jesper Kongstad, is about to leave



  11. Martijn van Dam is Wrong to Believe That Battistelli's Abuses Are Somehow Acceptable or Tolerable Because His Term is Possibly Ending

    Coverage of Martijn van Dam’s stance (he is the Dutch State Secretary for Economic Affairs) reveals that economic gain trumps ethics and justice, irrespective of what the law says



  12. Media and Staff Association Elections at EPO and WIPO Are Compromised

    A campaign of abuse (legal bullying) and gifting to the media, combined with a wide-ranging assault on critics who represent the interests of staff, have led WIPO and EPO down the route to totality



  13. New Documents Help Demonstrate That ILO Delivers Institutional Injustice to EPO Employees and Cushions Team Battistelli

    The International Labour Organisation Administrative Tribunal (ILOAT) delivers not justice but merely the illusion of justice, probably in defiance of Article 6 of the European Convention on Human Rights (ECHR)



  14. Leaked: 2017 European Inventor Award Finalists, or Stooges Whom the Tyrant Battistelli Exploits for PR Purposes and Media Manipulation

    The stupidest ceremony in Europe (turning serious science into something sketchy such as Eurovision) is disliked among EPO staff and is exploited by the person who destroys the EPO (Benoît Battistelli) to pretend all is fine and dandy, at huge expense to the Office (as extraordinary as about 5 million Euros for a ~2-hour show)



  15. EPO: Can the Staff Union of the European Patent Office (SUEPO) Still Save It?

    Genuine concerns about the slow process at the European Court of Human Rights (ECHR) and the lack of progress at ILO, which coincide with weakening of the unions and threat to jobs of patent examiners (leaving ordinary Europeans more vulnerable to meritless patent lawsuits)



  16. Links 21/5/2017: Linux 3.18.53, Tizen 4.0

    Links for the day



  17. Cloudflare's Enemy is Software Patents, Not Just One Software Patent or One Patent Troll

    With a bounty of $50,000, which is likely less than the cost of legal defense, Cloudflare looks for help with its own case rather than the underlying issues that need tackling worldwide



  18. Patent Laws -- and Especially Eligibility of Software Patents -- Are Being Hijacked by Large Corporations and Their Front Groups

    Intervention by large multinational corporations and their lawyers, front groups, etc. (like the classic lobbying model) gives room for concern in multiple continents where most software development is done



  19. Links 18/5/2017: Catching Up With the Past Three Days

    Links for the day



  20. The US Supreme Court Consults USPTO Director Michelle Lee Regarding the Patent Trial and Appeal Board (PTAB) Which is Invalidating Software Patents With CAFC's Approval

    Software patents continue to get knocked out by the Leahy-Smith America Invents Act (AIA) whose introduction of PTAB gave a helping hand to companies that are susceptible to abusive litigation (with bogus patents)



  21. IBM and Its Revolving Doors Lobby Are Plotting to Undermine Supreme Court Rulings to Restore Patentability of Software

    IBM has become so evil that it is now trying to steal democracy, label programmers "thieves", and basically attack the rule of law by extra-judicially overturning a Supreme Court decision



  22. 3 Years After the Alice Case at the Supreme Court the Plague of Software Patents is Easier to Cope With

    Litigation figures are down, rejection rates of software patents remain high, and only spin (e.g. cherry-picking) or constant lobbying can save those who used to profit from software patents



  23. The Attacks of Patent Trolls as Outlined in the Media This Past Week

    An outline of some of the latest troll cases to be aware of and their consequences too (e.g. software patents being used to literally shut down entire programs)



  24. Links 14/5/2017: Linux 4.12 RC1 and KDE Frameworks 5.34.0

    Links for the day



  25. Industry Giants Challenge Qualcomm's Patent Practices While the Federal Trade Commission (FTC) Closely Examines Such Behavior

    Scrutiny of Qualcomm's patent aggression and coercion -- scrutiny that can profoundly change the way software patents, SEPs and FRAND are viewed -- as seen in various amicus briefs (amici) from industry giants that are affected



  26. Professor Lisa Larrimore Ouellette Questions Whether Patents Work When Patent Scope is Too Broad

    Citing MIT economist (and MacArthur “genius”) Heidi Williams, Professor Lisa Larrimore Ouellette from Stanford challenges old myths and quotes: “we still have essentially no credible empirical evidence on the seemingly simple question of whether stronger patent rights—either longer patent terms or broader patent rights—encourage research investments.”



  27. OIN is Still a Distraction Unless We Want GNU/Linux to Coexist With Software Patents (Rather Than Eliminate Those)

    Another wave of media coverage by/for the Open Invention Network (OIN) necessitates a reminder of what OIN stands for and why it is not tackling the biggest problems which Free/Open Source software (FOSS) faces



  28. Links 13/5/2017: Neptune Plasma 5 ISO, a Shift to Free (FOSS) Databases

    Links for the day



  29. Countries With a Dozen European Patents Are an Easy Photo-Op 'Sell' for Battistelli While the EPO's Demise is Largely Ignored by the Patent Microcosm

    Behind the façade of legitimacy, the EPO suffers from an incompetent, insecure and delusional boss, whose actions will almost certainly lead to the collapse of both the Office and the entire Organisation (whose founding document he routinely shreds to pieces)



  30. Our Assessment: Unitary Patent (UPC) Will Crumble Along With Battistelli's Regime at the EPO

    A reflection and an opinion on where the EPO stands and what it means for the UPC, which doesn't seem to be going anywhere (it's all talk and lobbying)


CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts