EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

11.27.10

Windows Kernel Vulnerability for Thanksgiving, Insecurity Used for Surveillance Again

Posted in Microsoft, Security, Windows at 5:56 am by Dr. Roy Schestowitz

Oppression and proprietary software are a pair

Guard with machine gun

Summary: Another major security problem in Windows, new destinations for Stuxnet, and new excuses for tracking one’s Web trails

IT IS not uncommon for Microsoft to leave systems administrators rather restless over the holidays, most typically over Christmas. Users too are left paranoid. This holiday season (US in particular) was no exception as a new Windows kernel vulnerability bypasses UAC, says Slashdot, citing Sophos:

“A new vulnerability in the Windows kernel was disclosed Wednesday that could allow malware to attain administrative privileges by bypassing User Account Control (UAC). Combined with the unpatched Internet Explorer vulnerability in the wild this could be a very bad omen for Windows users.”

From the original source rather than Slashdot‘s summary:

A new zero-day exploit in Microsoft Windows was disclosed today. The exploit allows an application to elevate privilege to “system,” and in Vista and Windows 7 also bypass User Account Control (UAC). The flaw was posted briefly on a programming education site and has since been removed.

According to another report, Stuxnet is still out there and now it is sold on the black market.

According to a report from Sky News, the Stuxnet worm has already been traded on the black market. The report does not clarify whether this refers to the source code or to binary samples. British security specialists now fear that terrorists could use the worm to attack critical infrastructure. The report quotes an IT security consultant to the UK government as claiming, “You could shut down power stations, you could shut down the transport network across the United Kingdom”.

We wrote about Stuxnet many times before and it is interesting because some say it was engineered in order to spy on or to sabotage nuclear facilities in so-called ‘rogue’ nations. See for example:

  1. Ralph Langner Says Windows Malware Possibly Designed to Derail Iran’s Nuclear Programme
  2. Windows Viruses Can be Politically Motivated Sometimes
  3. Who Needs Windows Back Doors When It’s So Insecure?
  4. Windows Insecurity Becomes a Political Issue
  5. Windows, Stuxnet, and Public Stoning
  6. Stuxnet Grows Beyond Siemens-Windows Infections
  7. Has BP Already Abandoned Windows?
  8. Reports: Apple to Charge for (Security) Updates
  9. Windows Viruses Can be Politically Motivated Sometimes
  10. New Flaw in Windows Facilitates More DDOS Attacks
  11. Siemens is Bad for Industry, Partly Due to Microsoft
  12. Microsoft Security Issues in The British Press, Vista and Vista 7 No Panacea
  13. Microsoft’s Negligence in Patching (Worst Amongst All Companies) to Blame for Stuxnet
  14. Microsoft Software: a Darwin Test for Incompetence
  15. Bad September for Microsoft Security, Symantec Buyout Rumours
  16. Microsoft Claims Credit for Failing in Security
  17. Many Windows Servers Being Abandoned; Minnesota Goes the Opposite Direction by Giving Microsoft Its Data
  18. Windows Users Still Under Attack From Stuxnet, Halo, and Zeus
  19. Security Propaganda From Microsoft: Villains Become Heroes
  20. Security Problems in iOS and Windows
  21. Eye on Security: BBC Propaganda, Rootkits, and Stuxnet in Iran’s Nuclear Facilities
  22. Eye on Security: ClamAV Says Windows is a Virus, Microsoft Compromises Mac OS X, and Stuxnet Runs Wild

A few days ago we mentioned MSBBC articles which clearly neglected to mention Windows in stories that were about Windows-exclusive problems.

“ANOTHER Windows only story from the #BBC not mentioning Windows,” wrote Gordon, “they send people to jail for not paying for this s**t,” he added” (the MSBBC is funded by British taxpayers).

Gordon is right because Windows malware is the central issue discussed in the article (although it avoids mentioning Microsoft or Windows). For example:

He was caught installing password-capturing software by computer staff examining network problems.

This is a form of surveillance by a criminal. But we previously explained how surveillance uses security as a pretext (sometimes targeted marketing is the preferred excuse) and this includes security problems in software. On that issue, Gordon shares another MSBBC article . It talks about “virus alert system” (not mentioning Windows of course) and Gordon says one “gotta love the ISPs who spy on their customers connections #TalkTalk… this excuse is “malware protection” [still Windows of course]“:

Talk Talk is launching trials of a controversial anti-malware system following intervention by the Information Commissioner (ICO).

The Virus Alert system keeps an eye on the websites customers visit to stop them accidentally going to places riddled with viruses.

More here in The Inquirer:

BROADBAND PROVIDER Talk Talk has announced it will continue rolling out a traffic monitoring system that it claims will protect its customers.

The opt-in Virus Alerts Service (VAS) was recently likened to the now banned traffic snuffling operation Phorm by the UK Information Commissioner’s Office. It claims to track URLs visited by Talk Talk customers and warn them if a website harbours malware.

The problem here is proprietary software and also this illusion of needing government help (with Phorm that’s harboured by it) to simply navigate through some Web pages.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New

  1. The Time for Freedom-Respecting Routers Has Come

    Hardware sales are affected by the latest NSA revelations (back doors and flawed encryption) and now there is a window of opportunity for Free software alternatives

  2. GNU/Linux-Powered and Freedom-Respecting Phones (OpenMoko is Sort of Back)

    Perhaps a phone which Richard Stallman can use is already in the making, depending on how phone networks behave and how hardware behaves (whether it permits purely Free/libre software shim)

  3. Forget Camera Gimmicks; Google Should Add Legitimate Encryption and Improve Privacy in Android

    A call for Android developers to take privacy more seriously and not turn users of Android devices into products

  4. Microsoft's Anti-Linux/Android Patent (FAT) Collapses in Europe, But Microsoft-backed Xamarin Tries to Interject Other Microsoft Patents Into Google Gear

    A new ruling in Germany threatens Microsoft's campaign of fear and racketeering against Android (and GNU/Linux), but Microsoft allies from the now-defunct Novell help patent-pushing efforts, threatening to add new bait to Android

  5. FreeBSD Lost Trust in Hardware Makers, Alleging NSA Tampering

    FreeBSD believes that the NSA tampered with hardware-level random number generators

  6. Xbox Live Shows Even Higher Degree of Microsoft/NSA Collusion

    Xbox Live caught in the latest NSA scandal and the high degree of collusion seems to be reinforced by Microsoft's reluctance to comment; other developments like Microsoft's attack on rivals using the "privacy" card

  7. Docker: Yet Another Software Deployment Endeavor



  8. IBM and Microsoft Crushed Patent Reform in the United States, Last Resort is SCOTUS Again

    Legislation in the US continues to be steered by large companies (or their lobbyists) with heaps of software patents; SCOTUS receives another opportunity to cross out software patents

  9. Microsoft Shows That Corruption Pays Off

    The company which aids crimes of the state is protected from having its crimes treated as such; just like big banks that receive bailouts rather than jail sentences, Microsoft receives document formats monopoly rather than embargo

  10. Links 10/12/2013: Games, Applications, and Instructionals

    Links for the day

  11. Links 9/12/2013: Screenshots

    Links for the day

  12. Ubuntu is Not Truly Focused on Desktops Anymore

    More signs that Ubuntu is deemphasising the desktop and treating users like a product/commodity, not entities whose interests should drive development

  13. Fedora 20 About a Week Away

    Fedora's latest release is just around the corner (released scheduled for December 17th)

  14. Mother Jones Shows That Gates Foundation is a Hypocritical Ploy

    Popular magazine Mother Jones is the latest among many magazines (those which have not been paid by Bill Gates yet) to tell readers the true story of the tax-evading, investment-driving, PR-pumping, Microsoft- and patents-boosting operation known as "Gates Foundation"

  15. EU Commissioner VP Joaquin Almunia Aware of Microsoft's Anti-Linux By-Proxy Patent Strategy (Nokia), Threatens Antitrust Action

    Formally, or at least publicly, European regulars say that they are aware of what Microsoft/Nokia is up to and they're not going to tolerate it

  16. 'Secure' Boot is Not Secure, Time to Abandon It

    The 'security' boasted by restricted boot is shown to be a sham; other booting systems ought to be promoted at UEFI's expense

  17. Benefits of Ubuntu's Derivatives: MATE, Cinnamon, and the Depth Desktop Environment

    The power of deviation as demonstrated by Linux Mint and Linux Deepin, two of the more widely used derivatives of Ubuntu

  18. Don't Rule Out Gentoo, Slackware, and Mandriva Just Yet

    How distributions which were largely forgotten some years ago are making a comeback and spawning new derivatives

  19. State-of-the-Art Gaming on GNU/Linux Not Only Possible But Becoming Default Option, Hardware Products

    GNU/Linux as the operating system of gaming consoles no longer a far-fetched dream; companies other than Valve explore these possibilities

  20. Links 8/12/2013: Applications and Instructionals

    Links for the day

  21. Drifting Away From Copyleft in Databases

    Databases which are Free/Open Source software (FOSS) are becoming less liberal/freedom-respecting while deceiving labels hide it

  22. Roman Catholic Church Joins Opposition to 'Trade' Agreements

    The Church which claims to have 1.2 billion members is expressing dissatisfaction and opposition to TPP and TAFTA/TTIP

  23. 'Unauthorised' Programming and What It Means to Software Freedom

    DRM and DMCA versus society, or how operation-restricting legal mechanisms are affecting coders, for whom not only software patents are now a creativity wall

  24. Assassinations by Drone Make the West Hypocritical on Syria

    Putting in context the cycle of violence which the West uses to justify indefinitely detaining the domestic population, assassinating parts of it, and spying on everyone (even domestically, using loopholes)

  25. Links 6/12/2013: KDE and GNOME News

    Links for the day

  26. Links 6/12/2013: NSA News

    Links for the day

  27. Microsoft Sued Over Collusion With the NSA, Microsoft Issues Orwellian Statements

    Microsoft is lying about privacy of its customers and the Free Software Foundation (FSF) responds

  28. To Oracle, 'Community' Means Paying Oracle Customers

    Oracle continues to extend only its own distribution of GNU/Linux (which is a ripoff of another), leaving everyone else out in the cold

  29. Patent Policy Change a Victory for Large Corporations, Real Reform Remains Elusive

    Patent extortion and litigation by proxy still permitted in the United States, even after the passage of a celebrated (by corporations) new bill

  30. A Western Assault on GNU/Linux Security and Privacy

    Governments (which are dominated by corporations) continue to make security hard as part of a campaign to spy on everyone under claims that it helps "national security" (control from above)

CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts