EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

11.27.10

Windows Kernel Vulnerability for Thanksgiving, Insecurity Used for Surveillance Again

Posted in Microsoft, Security, Windows at 5:56 am by Dr. Roy Schestowitz

Oppression and proprietary software are a pair

Guard with machine gun

Summary: Another major security problem in Windows, new destinations for Stuxnet, and new excuses for tracking one’s Web trails

IT IS not uncommon for Microsoft to leave systems administrators rather restless over the holidays, most typically over Christmas. Users too are left paranoid. This holiday season (US in particular) was no exception as a new Windows kernel vulnerability bypasses UAC, says Slashdot, citing Sophos:

“A new vulnerability in the Windows kernel was disclosed Wednesday that could allow malware to attain administrative privileges by bypassing User Account Control (UAC). Combined with the unpatched Internet Explorer vulnerability in the wild this could be a very bad omen for Windows users.”

From the original source rather than Slashdot‘s summary:

A new zero-day exploit in Microsoft Windows was disclosed today. The exploit allows an application to elevate privilege to “system,” and in Vista and Windows 7 also bypass User Account Control (UAC). The flaw was posted briefly on a programming education site and has since been removed.

According to another report, Stuxnet is still out there and now it is sold on the black market.

According to a report from Sky News, the Stuxnet worm has already been traded on the black market. The report does not clarify whether this refers to the source code or to binary samples. British security specialists now fear that terrorists could use the worm to attack critical infrastructure. The report quotes an IT security consultant to the UK government as claiming, “You could shut down power stations, you could shut down the transport network across the United Kingdom”.

We wrote about Stuxnet many times before and it is interesting because some say it was engineered in order to spy on or to sabotage nuclear facilities in so-called ‘rogue’ nations. See for example:

  1. Ralph Langner Says Windows Malware Possibly Designed to Derail Iran’s Nuclear Programme
  2. Windows Viruses Can be Politically Motivated Sometimes
  3. Who Needs Windows Back Doors When It’s So Insecure?
  4. Windows Insecurity Becomes a Political Issue
  5. Windows, Stuxnet, and Public Stoning
  6. Stuxnet Grows Beyond Siemens-Windows Infections
  7. Has BP Already Abandoned Windows?
  8. Reports: Apple to Charge for (Security) Updates
  9. Windows Viruses Can be Politically Motivated Sometimes
  10. New Flaw in Windows Facilitates More DDOS Attacks
  11. Siemens is Bad for Industry, Partly Due to Microsoft
  12. Microsoft Security Issues in The British Press, Vista and Vista 7 No Panacea
  13. Microsoft’s Negligence in Patching (Worst Amongst All Companies) to Blame for Stuxnet
  14. Microsoft Software: a Darwin Test for Incompetence
  15. Bad September for Microsoft Security, Symantec Buyout Rumours
  16. Microsoft Claims Credit for Failing in Security
  17. Many Windows Servers Being Abandoned; Minnesota Goes the Opposite Direction by Giving Microsoft Its Data
  18. Windows Users Still Under Attack From Stuxnet, Halo, and Zeus
  19. Security Propaganda From Microsoft: Villains Become Heroes
  20. Security Problems in iOS and Windows
  21. Eye on Security: BBC Propaganda, Rootkits, and Stuxnet in Iran’s Nuclear Facilities
  22. Eye on Security: ClamAV Says Windows is a Virus, Microsoft Compromises Mac OS X, and Stuxnet Runs Wild

A few days ago we mentioned MSBBC articles which clearly neglected to mention Windows in stories that were about Windows-exclusive problems.

“ANOTHER Windows only story from the #BBC not mentioning Windows,” wrote Gordon, “they send people to jail for not paying for this s**t,” he added” (the MSBBC is funded by British taxpayers).

Gordon is right because Windows malware is the central issue discussed in the article (although it avoids mentioning Microsoft or Windows). For example:

He was caught installing password-capturing software by computer staff examining network problems.

This is a form of surveillance by a criminal. But we previously explained how surveillance uses security as a pretext (sometimes targeted marketing is the preferred excuse) and this includes security problems in software. On that issue, Gordon shares another MSBBC article . It talks about “virus alert system” (not mentioning Windows of course) and Gordon says one “gotta love the ISPs who spy on their customers connections #TalkTalk… this excuse is “malware protection” [still Windows of course]“:

Talk Talk is launching trials of a controversial anti-malware system following intervention by the Information Commissioner (ICO).

The Virus Alert system keeps an eye on the websites customers visit to stop them accidentally going to places riddled with viruses.

More here in The Inquirer:

BROADBAND PROVIDER Talk Talk has announced it will continue rolling out a traffic monitoring system that it claims will protect its customers.

The opt-in Virus Alerts Service (VAS) was recently likened to the now banned traffic snuffling operation Phorm by the UK Information Commissioner’s Office. It claims to track URLs visited by Talk Talk customers and warn them if a website harbours malware.

The problem here is proprietary software and also this illusion of needing government help (with Phorm that’s harboured by it) to simply navigate through some Web pages.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New


  1. Links 17/9/2014: CoreOS, ChromeOS, and systemd

    Links for the day



  2. Italy is Cracking Down on Microsoft's Monopoly Abuse While Gradually Moving to GNU/Linux

    Italy is not only moving to Free/Open Source software but also to GNU/Linux while at the same time barring Microsoft from forcibly tying Windows to new PCs



  3. OpenSUSE's 'Assurances' Are Classic MBA School Hogwash

    OpenSUSE is not part of any commitment, except for SUSE's; the impact of the Novell/SUSE acquisition casts uncertainty on the project's future



  4. Links 16/9/2014: Firefox OS Smartphones in Bangladesh, “Treasure Map” of the Internet

    Links for the day



  5. The United Kingdom Should Dump Microsoft For the Sake of National Security

    The UK has issues of Microsoft dependency and Windows viruses; its migration to Free software and GNU/Linux is not fast enough to guard its autonomy in the age of digital imperialism<



  6. CBS Hires Even More Microsoft Staff to Cover Microsoft Matters

    CBS continues to be infested with Microsoft staff past and present (this time Dave Johnson) and the bias in output is quite revealing



  7. Microsoft Has Just Killed Minecraft for GNU/Linux and the Possibility of Free/Open Source Releases

    Persson sells out to Microsoft and lets the abusive monopolist destroy the popular cross-platform game that a community has been built around



  8. Another Reason to Boycott Intel UEFI

    More anti-competitive aspects are revealed inside UEFI, which helps merginalise GNU/Linux



  9. Quick Mention: Novell and SUSE Passed to Microsoft's 'Partner of the Year', Microsoft Focus

    Novell is changing hands again, and falling into the hands of even more Microsoft-friendly actors



  10. Links 16/9/2014: Linux 3.17 RC5, KDE Frameworks 5.2.0

    Links for the day



  11. Željko Topić, Benoît Battistelli, and the European Patent Office (EPO): Part II

    Part II of our look into the EPO appointment of Željko Topić and other matters showing the dubious integrity of the EPO



  12. Links 14/9/2014: Android-based Watches Earn Optimism

    Links for the day



  13. Links 14/9/2014: Eucalyptus Devoured

    Links for the day



  14. Links 11/9/2014: Linux Toilet Project, Linux-Based Wheelchair Project

    Links for the day



  15. Links 10/9/2014: Brian Stevens in Google, Ubuntu 14.10 Expectations

    Links for the day



  16. Links 9/9/2014: Hating/Loving Linux, Android Aplenty

    Links for the day



  17. Links 8/9/2014: Linux 3.17 RC 4, Switzerland Welcoming Snowden

    Links for the day



  18. Suspicion of High-Level Corruption at the European Patent Office (EPO): Part I

    The European Patent Office (EPO) Vice-President has a background of corruption and his appointment to the EPO too is believed to be reliant on systemic corruption



  19. Links 6/9/2014: Core OS at DigitalOcean, Women in Xorg

    Links for the day



  20. Software Patents 'Quality' Debated in Courts, Microsoft's Biggest Patent Troll Still a Chronic Liar

    Intellectual Ventures, Microsoft's and Bill Gates' largest patent proxy, continues to spread lies about its motivations, claiming that patent assessment is among the goals when in fact only the courts and patent offices do this



  21. New Article Explains How Bill Gates Prevents Schools From Moving to GNU/Linux and Free Software

    A new article from Al Jazeera provides details about the role of so-called 'charities' of billionaires inside school systems



  22. Microsoft Sued for Large-scale Copyright Abuses

    Microsoft reveals its disregard for copyright law which it loves so much to wield as a weapon against its competition and clients



  23. Links 5/9/2014: New WordPress, Systemd Debate Continues

    Links for the day



  24. 'Embrace and Extend' at Microsoft: The New Generation

    Some of the latest examples of Microsoft's predatory acts against Free software and against competition in general, disguised as acts of friendliness



  25. Bill Gates' God Complex: Common Core a One-Man Campaign of Greed and Control

    The push for Common Core is overwhelmingly dominated by Bill Gates, who intimidates and even resorts to retribution against critics while bribing those who help him accomplish the goal of privatised (for his private profit) indoctrination in US schools



  26. Bill Gates Investments Harm the World, Not Improve the World, Based on New Exclusive Piece of Investigative Journalism at The Nation

    The Gates Foundation's profiteering efforts and lack of ethics outlined in a new report that many sites around the Web find fascinating and mostly irrefutable



  27. Links 3/9/2014: Android Gadgets, New Tails OS

    Links for the day



  28. Linus Torvalds DebConf Talk

    Torvalds' latest talk which got media attention earlier this month



  29. Microsoft Should Not be Considered Too Big to Jail

    Microsoft continues to use dumping as a strategy which revolves around starving the competition, not beating the competition



  30. Pro-Software Patents Voices Finally Acknowledge the Demise of Software Patents in the United States

    A milestone is reached as even the most zealous supporters of patents on algorithms (or computer-implemented inventions, or software patents) are admitting that the era of software patents may be over


CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts