EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

11.27.10

Windows Kernel Vulnerability for Thanksgiving, Insecurity Used for Surveillance Again

Posted in Microsoft, Security, Windows at 5:56 am by Dr. Roy Schestowitz

Oppression and proprietary software are a pair

Guard with machine gun

Summary: Another major security problem in Windows, new destinations for Stuxnet, and new excuses for tracking one’s Web trails

IT IS not uncommon for Microsoft to leave systems administrators rather restless over the holidays, most typically over Christmas. Users too are left paranoid. This holiday season (US in particular) was no exception as a new Windows kernel vulnerability bypasses UAC, says Slashdot, citing Sophos:

“A new vulnerability in the Windows kernel was disclosed Wednesday that could allow malware to attain administrative privileges by bypassing User Account Control (UAC). Combined with the unpatched Internet Explorer vulnerability in the wild this could be a very bad omen for Windows users.”

From the original source rather than Slashdot‘s summary:

A new zero-day exploit in Microsoft Windows was disclosed today. The exploit allows an application to elevate privilege to “system,” and in Vista and Windows 7 also bypass User Account Control (UAC). The flaw was posted briefly on a programming education site and has since been removed.

According to another report, Stuxnet is still out there and now it is sold on the black market.

According to a report from Sky News, the Stuxnet worm has already been traded on the black market. The report does not clarify whether this refers to the source code or to binary samples. British security specialists now fear that terrorists could use the worm to attack critical infrastructure. The report quotes an IT security consultant to the UK government as claiming, “You could shut down power stations, you could shut down the transport network across the United Kingdom”.

We wrote about Stuxnet many times before and it is interesting because some say it was engineered in order to spy on or to sabotage nuclear facilities in so-called ‘rogue’ nations. See for example:

  1. Ralph Langner Says Windows Malware Possibly Designed to Derail Iran’s Nuclear Programme
  2. Windows Viruses Can be Politically Motivated Sometimes
  3. Who Needs Windows Back Doors When It’s So Insecure?
  4. Windows Insecurity Becomes a Political Issue
  5. Windows, Stuxnet, and Public Stoning
  6. Stuxnet Grows Beyond Siemens-Windows Infections
  7. Has BP Already Abandoned Windows?
  8. Reports: Apple to Charge for (Security) Updates
  9. Windows Viruses Can be Politically Motivated Sometimes
  10. New Flaw in Windows Facilitates More DDOS Attacks
  11. Siemens is Bad for Industry, Partly Due to Microsoft
  12. Microsoft Security Issues in The British Press, Vista and Vista 7 No Panacea
  13. Microsoft’s Negligence in Patching (Worst Amongst All Companies) to Blame for Stuxnet
  14. Microsoft Software: a Darwin Test for Incompetence
  15. Bad September for Microsoft Security, Symantec Buyout Rumours
  16. Microsoft Claims Credit for Failing in Security
  17. Many Windows Servers Being Abandoned; Minnesota Goes the Opposite Direction by Giving Microsoft Its Data
  18. Windows Users Still Under Attack From Stuxnet, Halo, and Zeus
  19. Security Propaganda From Microsoft: Villains Become Heroes
  20. Security Problems in iOS and Windows
  21. Eye on Security: BBC Propaganda, Rootkits, and Stuxnet in Iran’s Nuclear Facilities
  22. Eye on Security: ClamAV Says Windows is a Virus, Microsoft Compromises Mac OS X, and Stuxnet Runs Wild

A few days ago we mentioned MSBBC articles which clearly neglected to mention Windows in stories that were about Windows-exclusive problems.

“ANOTHER Windows only story from the #BBC not mentioning Windows,” wrote Gordon, “they send people to jail for not paying for this s**t,” he added” (the MSBBC is funded by British taxpayers).

Gordon is right because Windows malware is the central issue discussed in the article (although it avoids mentioning Microsoft or Windows). For example:

He was caught installing password-capturing software by computer staff examining network problems.

This is a form of surveillance by a criminal. But we previously explained how surveillance uses security as a pretext (sometimes targeted marketing is the preferred excuse) and this includes security problems in software. On that issue, Gordon shares another MSBBC article . It talks about “virus alert system” (not mentioning Windows of course) and Gordon says one “gotta love the ISPs who spy on their customers connections #TalkTalk… this excuse is “malware protection” [still Windows of course]“:

Talk Talk is launching trials of a controversial anti-malware system following intervention by the Information Commissioner (ICO).

The Virus Alert system keeps an eye on the websites customers visit to stop them accidentally going to places riddled with viruses.

More here in The Inquirer:

BROADBAND PROVIDER Talk Talk has announced it will continue rolling out a traffic monitoring system that it claims will protect its customers.

The opt-in Virus Alerts Service (VAS) was recently likened to the now banned traffic snuffling operation Phorm by the UK Information Commissioner’s Office. It claims to track URLs visited by Talk Talk customers and warn them if a website harbours malware.

The problem here is proprietary software and also this illusion of needing government help (with Phorm that’s harboured by it) to simply navigate through some Web pages.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New

  1. IBM-backed Book on 'Open Innovation'

    OpenForum Europe (OFE), which helps IBM's turf wars in Europe, releases a new book filled with its talking point

  2. Nobel Laureate Joseph E. Stiglitz Criticises the Patent System

    More critical words about the patent system and the way it is harming lives

  3. Senator Schumer Should Focus on Software Patents, Leaving Patent Trolls (Side Effect) Aside

    Reform in the USPTO and the US courts should focus on patent scope and not patent holders

  4. Links 20/5/2013: Plenty of Linux News, Google/Android Announcements

    Links for the day

  5. IRC Proceedings: May 12th, 2013-May 18th, 2013

    IRC logs for May 12th, 2013 (and subsequent days until May 18th, 2013)

  6. Microsoft Spin Regarding Skype Spying Does Not Withstand Scrutiny

    Microsoft's response to allegations that Skype is spying on all users is full of holes

  7. MPEG-LA Ruined the Licence of WebM, Made it Less Freedom-Respecting

    The Microsoft-, Nokia-, and Apple-backed patent troll appears to have ruined the freedom assured by Google's multimedia format, which was previously made free only after public pressure

  8. Microsoft-controlled Nokia is Lobbying to Enable Bans on Android Imports (Linux Phones as a Whole in Danger)

    Nokia is shown lobbying for embargoes while it is also suing -- with limited success -- Android handsets makers

  9. Courtroom and New Book Recognise That Software Patents Correspond to Mathematics and Mathematics Abused in Court

    Important observations about the nature of computer-implemented 'inventions', or software patents

  10. The Reality Distortion Field of Patent Lawyers Helps Impede Abolition of Software Patents

    How widespread coverage and talking points from the tiny minority which is patent lawyers have contributed to biased and at times utterly distorted reporting on the subject of software patents around the world

  11. Eugene Kaspersky Says Patents Harm Innovation

    Some more criticism of the patent system and software patents in particular, courtesy of Eugene Kaspersky

  12. UEFI Restricted Boot Good for Microsoft Agenda, Not for Security

    News and analysis of UEFI 'secure boot' (lockdown), including the new role played by the Microsoft-funded SUSE

  13. Anniversaries

    Sites that deal with patents and with FUD as well as their respective ages

  14. EFF, Newegg, and the Canadian Patent System All Take a Stance Against Software Patents

    Hostility towards the practice of patenting software is seen in a nonprofit organisation, a corporation, and a government branch responsible for patenting

  15. Microsoft's Fake 'Open Source' Front is "Pushing Software Patents" (Updated)

    Microsoft's front group which pretends to support Free/Open Source software (FOSS) is using a guest post to entertain the idea of software patents inside Free/Open Source software

  16. Links 17/5/2013: 0.9 Billion Android Activations, New Devices, Android Studio

    Links for the day

  17. Links 16/5/2013: Firefox 21 Out, Android 4.3 Foreseen

    Links for the day

  18. More Android FUD From Former Microsoft Staff in CBS

    New examples of anti-Android sentiments being spread by the Apple- and Microsoft-funded media conglomerate, CBS, which pays current and former Microsoft staff to act as "journalists"

  19. Where Fear of FOSS Comes From

    More Microsoft ties to some of the latest FUD about Free/Open Source software (FOSS)

  20. Microsoft Skype Messaging Surveillance Not the Main Issue, Audio Recording (Bugging) and Computer Hijacking Are

    Debates about the dangers of Skype focus on one of the least dangerous aspects of Skype

  21. Links 15/5/2013: Android 4.3, Antergos Debuts

    Links for the day

  22. Man From Microsoft Runs the Ubuntu Project Now

    How the leadership of Ubuntu has changed and how it may relate to some strategic decisions inside the project

  23. Has Microsoft Irreversibly Taken Over ZDNet (CBS) to Disseminate Its Lies?

    ZDNet promotes Microsoft in the editorial sections, not just in the ads, and it employs Microsoft people who habitually also censor commenters for expressing views that may upset the customers (advertisers like Microsoft)

  24. Microsoft is Attacking Boston Over Brand Ideology

    Another hypocritical attack of Microsoft against Google, this time in Boston

  25. Software Patents Reality Distortion Field

    How press coverage of software patents in the EU and New Zealand (NZ) varies depending on the source; allegations that the US press tries to dismiss end of software patents by twisting an outcome of a major trial

  26. Links 14/5/2013: Android Growth Explosion

    Links for the day

  27. Links 13/5/2013: New Linux/Open Source Documentary, Lots More About International Space Station

    Links for the day

  28. Prominent GNU/Linux/KDE Developer Jonathan Riddell Complains About UEFI Restricted Boot, Calling it "a giant Microsoft conspiracy to make installing Linux more faffy than it already is."

    UEFI abuses continue, but Microsoft PR, lies, and attempts to silence the media go a long way, ensuring evidence gets insufficient coverage

  29. Facebook and Microsoft Get Closer, Now Reaching Their Relationship's Peak as Facebook Declines

    Facebook starts leaning on Microsoft for help now that its users (products) no longer log in and give data (content) to consume advertisements (Facebook's real clients) as much as they used to

  30. Dr. Ravitch: Gates Foundation Underwrites Almost Every Organisation in its Quest to Control American Education

    More complaints about yet more rogue influence that is masqueraded as "public interest" or "for education" (whilst in fact having the opposite effect)

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts