EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

11.27.10

Windows Kernel Vulnerability for Thanksgiving, Insecurity Used for Surveillance Again

Posted in Microsoft, Security, Windows at 5:56 am by Dr. Roy Schestowitz

Oppression and proprietary software are a pair

Guard with machine gun

Summary: Another major security problem in Windows, new destinations for Stuxnet, and new excuses for tracking one’s Web trails

IT IS not uncommon for Microsoft to leave systems administrators rather restless over the holidays, most typically over Christmas. Users too are left paranoid. This holiday season (US in particular) was no exception as a new Windows kernel vulnerability bypasses UAC, says Slashdot, citing Sophos:

“A new vulnerability in the Windows kernel was disclosed Wednesday that could allow malware to attain administrative privileges by bypassing User Account Control (UAC). Combined with the unpatched Internet Explorer vulnerability in the wild this could be a very bad omen for Windows users.”

From the original source rather than Slashdot‘s summary:

A new zero-day exploit in Microsoft Windows was disclosed today. The exploit allows an application to elevate privilege to “system,” and in Vista and Windows 7 also bypass User Account Control (UAC). The flaw was posted briefly on a programming education site and has since been removed.

According to another report, Stuxnet is still out there and now it is sold on the black market.

According to a report from Sky News, the Stuxnet worm has already been traded on the black market. The report does not clarify whether this refers to the source code or to binary samples. British security specialists now fear that terrorists could use the worm to attack critical infrastructure. The report quotes an IT security consultant to the UK government as claiming, “You could shut down power stations, you could shut down the transport network across the United Kingdom”.

We wrote about Stuxnet many times before and it is interesting because some say it was engineered in order to spy on or to sabotage nuclear facilities in so-called ‘rogue’ nations. See for example:

  1. Ralph Langner Says Windows Malware Possibly Designed to Derail Iran’s Nuclear Programme
  2. Windows Viruses Can be Politically Motivated Sometimes
  3. Who Needs Windows Back Doors When It’s So Insecure?
  4. Windows Insecurity Becomes a Political Issue
  5. Windows, Stuxnet, and Public Stoning
  6. Stuxnet Grows Beyond Siemens-Windows Infections
  7. Has BP Already Abandoned Windows?
  8. Reports: Apple to Charge for (Security) Updates
  9. Windows Viruses Can be Politically Motivated Sometimes
  10. New Flaw in Windows Facilitates More DDOS Attacks
  11. Siemens is Bad for Industry, Partly Due to Microsoft
  12. Microsoft Security Issues in The British Press, Vista and Vista 7 No Panacea
  13. Microsoft’s Negligence in Patching (Worst Amongst All Companies) to Blame for Stuxnet
  14. Microsoft Software: a Darwin Test for Incompetence
  15. Bad September for Microsoft Security, Symantec Buyout Rumours
  16. Microsoft Claims Credit for Failing in Security
  17. Many Windows Servers Being Abandoned; Minnesota Goes the Opposite Direction by Giving Microsoft Its Data
  18. Windows Users Still Under Attack From Stuxnet, Halo, and Zeus
  19. Security Propaganda From Microsoft: Villains Become Heroes
  20. Security Problems in iOS and Windows
  21. Eye on Security: BBC Propaganda, Rootkits, and Stuxnet in Iran’s Nuclear Facilities
  22. Eye on Security: ClamAV Says Windows is a Virus, Microsoft Compromises Mac OS X, and Stuxnet Runs Wild

A few days ago we mentioned MSBBC articles which clearly neglected to mention Windows in stories that were about Windows-exclusive problems.

“ANOTHER Windows only story from the #BBC not mentioning Windows,” wrote Gordon, “they send people to jail for not paying for this s**t,” he added” (the MSBBC is funded by British taxpayers).

Gordon is right because Windows malware is the central issue discussed in the article (although it avoids mentioning Microsoft or Windows). For example:

He was caught installing password-capturing software by computer staff examining network problems.

This is a form of surveillance by a criminal. But we previously explained how surveillance uses security as a pretext (sometimes targeted marketing is the preferred excuse) and this includes security problems in software. On that issue, Gordon shares another MSBBC article . It talks about “virus alert system” (not mentioning Windows of course) and Gordon says one “gotta love the ISPs who spy on their customers connections #TalkTalk… this excuse is “malware protection” [still Windows of course]“:

Talk Talk is launching trials of a controversial anti-malware system following intervention by the Information Commissioner (ICO).

The Virus Alert system keeps an eye on the websites customers visit to stop them accidentally going to places riddled with viruses.

More here in The Inquirer:

BROADBAND PROVIDER Talk Talk has announced it will continue rolling out a traffic monitoring system that it claims will protect its customers.

The opt-in Virus Alerts Service (VAS) was recently likened to the now banned traffic snuffling operation Phorm by the UK Information Commissioner’s Office. It claims to track URLs visited by Talk Talk customers and warn them if a website harbours malware.

The problem here is proprietary software and also this illusion of needing government help (with Phorm that’s harboured by it) to simply navigate through some Web pages.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New


  1. The Rule of Law and Justice Don't Exist Inside the EPO, Confirms the International Labour Organisation (ILO)

    Further analysis of the latest rulings from the ILO -- decisions that were long expected



  2. A Day in the Life of... Battistelli's Banana Republic

    This is part 5 of a fictional diary from the EPO



  3. Links 1/12/2016: Devuan Beta, R3 Liberates Code

    Links for the day



  4. Two ILO Decisions on EPO Cases Are Released, at Least One Judgment is Considered Good for Staff

    Years later (as justice is too slow, partly because of the EPO, being the principal culprit that clogs up the ILO's tribunal system) there is a couple of new judgments about EPO abuses against staff



  5. Dutch and French Politicians Complain About the European Patent Office, British Media Coverage Regular Now

    Pressure from the political systems, the scientific community and from the media is growing, as it becomes abundantly apparent that the EPO cannot go on like this



  6. Links 30/11/2016: Git 2.11, GOG Surprise Tomorrow

    Links for the day



  7. The UPC Scam Part IV: Bumps Along the Road for UPC, With or Without the UK and Brexit

    A sobering reality check regarding the UPC, no matter what Lucy Neville-Rolfe says under pressure from Battistelli and some selfish law firms that are based in London



  8. The UPC Scam Part III: The “Patent Mafia”

    Bigwigs like Lucy Neville-Rolfe and Benoît Battistelli, together with Team UPC and its tiny minority interests (self enrichment), are conspiring to hijack the laws of Europe, doing so across many national borders with unique and locally-steered patent policy in one fell swoop



  9. The UPC Scam Part II: The Patent Echo Chamber at Work, Prematurely Congratulating Itself in Its 'News' Sites





  10. The UPC Scam Part I: EPO-Bribed Media Outlets Lie to Brits (and to Europeans) About the UPC

    An introductory article in a multi-part series about UPC at times of Brexit and Lucy Neville-Rolfe's bizarre sellout to Battistelli



  11. European Public Service Union Asks EPO Administrative Council “to Re-establish the Rule of Law at the European Patent Office”

    The chinchillas of the Administrative Council are assertively asked to tackle the abusive management of the EPO, which gets condemned not only by CERN but also EPSU, which is working with the Dutch government to end lawlessness at the EPO



  12. Links 29/11/2016: Core Apps Hackfest, MuckRock Goes FOSS

    Links for the day



  13. ILOAT Decisions: Upcoming Publication of Two EPO Cases (Abuse Against Staff)

    Reminder about tomorrow's "exceptional public delivery" from the International Labour Organisation (ILO) and a request for additional information



  14. Mixing Politics and EPO: How Battistelli Defies the Very Basic Rules of the Office

    A reminder of the fact that Battistelli was entrenched in French politics even while he was serving at the EPO



  15. EPO DG1 Principal Director “Out of the Muppet Show”

    The ridicule of EPO management is a symptom of a poisonous work environment which now resembles an assembly line of bad patents, where employees are treated unfairly, severely, and in clear defiance of labour laws



  16. Learning From the Mistakes of the US Patent System (and More Latterly China) When Assessing Patent Maximalism

    The warning signs coming both from the East and from the West, demonstrating the pitfalls of a policy too permissive on patents and thus on litigation



  17. The International Labour Organisation Once Again Proves Useless for Labour of the EPO

    The International Labour Organisation (ILO) is once again failing too serve justice, instead just sending complaints elsewhere, in effect into a black hole



  18. CERN Slams the European Patent Office for Abuse of Employees

    The European Organisation for Nuclear Research known as CERN is openly condemning EPO management and the Administrative Council for violation of human/labour rights, not to mention the other abuses that are rampant under Battistelli's notorious regime



  19. Links 28/11/2016: X-Plane 11 Beta, Early Work For C++20, Microsoft Hole in RHEL

    Links for the day



  20. Patents Roundup: Patent Trolls, Patent Quality, and the Patent Trial and Appeal Board (“PTAB”)

    A week's roundup of patent news from the United States, where there's a mixture of good news, bad news, good reporting, and misleading (or selective) reporting



  21. Patent Attorney Mark Summerfield: EPO Administrative Council “Members Should be Ashamed.”

    A recent comment about Battistelli's misbehaviour and the Administrative Council's utter failure to get a grip on him



  22. EPO Caricature: Slowing Down Justice and Giving Luxury Cars as Gifts

    The latest cartoon making the rounds is about SLAPP and alleged bribery in Croatia (more on that soon)



  23. Director Lee's USPTO Managed to Drain the Swamp Filled by David Kappos and His Colleagues, But Trump Will Likely Dismiss Her Soon

    Just as the USPTO begins to get its act together and limit patent scope based on reasonably liberal SCOTUS Justices there are many reports suggesting that the Director of the USPTO will be driven out, courtesy of the Trump presidency that will also perturb SCTOUS



  24. Danger of Letting a Bunch of Patent Law Firms Attempt to Hijack the European Patent System With UPC

    Team UPC, a collective of self-serving patent lawyers who produce nothing of substance, hopes that some time tomorrow the UPC will miraculously be revived in Britain even though it's extremely unlikely



  25. Links 27/11/2016: Linux 4.8.11, Linux 4.4.35, and Distrowatch Rankings

    Links for the day



  26. Caught in a Lie Again: EPO Management Just Cannot Stop Lying, Even About People Whom It Gags Using Threats (to Cover Up Battistelli's Abuses)

    Benoît Battistelli's decision to dismiss staff representatives (in complete violation of what the Administrative Council demanded) is accompanied by yet more face-saving lies (clearly a sackable offense in a public institution which is functional and not a global laughing stock)



  27. Benoît Battistelli's Affinity for Tiny Countries Exploits the Ease of 'Buying' Their Votes

    The tyrannical boss of the EPO keeps his job by ensuring that small nations with a vote of equal weight to that of nations like France or Germany simply behave like "yes men" or at worst abstain from voting



  28. The Sad State of German Anti-Corruption Authorities and Investigative Journalism, as Demonstrated by the EPO

    A personal view on why the EPO manages to get away with so many abuses while the media and watchdogs like Transparency International (TI) play along by doing nothing at all about it



  29. China Creates a Patent Bubble That Contributes to Patent Inflation

    China's obsession with patent quantity rather than quality (a disease that has infected the current boss of the EPO) is a cause for concern, except perhaps to patent lawyers who in the short term enjoy the temporary inflation (before hyper-inflation and implosion)



  30. Links 26/11/2016: VLC 360, Wine 1.9.23

    Links for the day


CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts