EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

11.27.10

Windows Kernel Vulnerability for Thanksgiving, Insecurity Used for Surveillance Again

Posted in Microsoft, Security, Windows at 5:56 am by Dr. Roy Schestowitz

Oppression and proprietary software are a pair

Guard with machine gun

Summary: Another major security problem in Windows, new destinations for Stuxnet, and new excuses for tracking one’s Web trails

IT IS not uncommon for Microsoft to leave systems administrators rather restless over the holidays, most typically over Christmas. Users too are left paranoid. This holiday season (US in particular) was no exception as a new Windows kernel vulnerability bypasses UAC, says Slashdot, citing Sophos:

“A new vulnerability in the Windows kernel was disclosed Wednesday that could allow malware to attain administrative privileges by bypassing User Account Control (UAC). Combined with the unpatched Internet Explorer vulnerability in the wild this could be a very bad omen for Windows users.”

From the original source rather than Slashdot‘s summary:

A new zero-day exploit in Microsoft Windows was disclosed today. The exploit allows an application to elevate privilege to “system,” and in Vista and Windows 7 also bypass User Account Control (UAC). The flaw was posted briefly on a programming education site and has since been removed.

According to another report, Stuxnet is still out there and now it is sold on the black market.

According to a report from Sky News, the Stuxnet worm has already been traded on the black market. The report does not clarify whether this refers to the source code or to binary samples. British security specialists now fear that terrorists could use the worm to attack critical infrastructure. The report quotes an IT security consultant to the UK government as claiming, “You could shut down power stations, you could shut down the transport network across the United Kingdom”.

We wrote about Stuxnet many times before and it is interesting because some say it was engineered in order to spy on or to sabotage nuclear facilities in so-called ‘rogue’ nations. See for example:

  1. Ralph Langner Says Windows Malware Possibly Designed to Derail Iran’s Nuclear Programme
  2. Windows Viruses Can be Politically Motivated Sometimes
  3. Who Needs Windows Back Doors When It’s So Insecure?
  4. Windows Insecurity Becomes a Political Issue
  5. Windows, Stuxnet, and Public Stoning
  6. Stuxnet Grows Beyond Siemens-Windows Infections
  7. Has BP Already Abandoned Windows?
  8. Reports: Apple to Charge for (Security) Updates
  9. Windows Viruses Can be Politically Motivated Sometimes
  10. New Flaw in Windows Facilitates More DDOS Attacks
  11. Siemens is Bad for Industry, Partly Due to Microsoft
  12. Microsoft Security Issues in The British Press, Vista and Vista 7 No Panacea
  13. Microsoft’s Negligence in Patching (Worst Amongst All Companies) to Blame for Stuxnet
  14. Microsoft Software: a Darwin Test for Incompetence
  15. Bad September for Microsoft Security, Symantec Buyout Rumours
  16. Microsoft Claims Credit for Failing in Security
  17. Many Windows Servers Being Abandoned; Minnesota Goes the Opposite Direction by Giving Microsoft Its Data
  18. Windows Users Still Under Attack From Stuxnet, Halo, and Zeus
  19. Security Propaganda From Microsoft: Villains Become Heroes
  20. Security Problems in iOS and Windows
  21. Eye on Security: BBC Propaganda, Rootkits, and Stuxnet in Iran’s Nuclear Facilities
  22. Eye on Security: ClamAV Says Windows is a Virus, Microsoft Compromises Mac OS X, and Stuxnet Runs Wild

A few days ago we mentioned MSBBC articles which clearly neglected to mention Windows in stories that were about Windows-exclusive problems.

“ANOTHER Windows only story from the #BBC not mentioning Windows,” wrote Gordon, “they send people to jail for not paying for this s**t,” he added” (the MSBBC is funded by British taxpayers).

Gordon is right because Windows malware is the central issue discussed in the article (although it avoids mentioning Microsoft or Windows). For example:

He was caught installing password-capturing software by computer staff examining network problems.

This is a form of surveillance by a criminal. But we previously explained how surveillance uses security as a pretext (sometimes targeted marketing is the preferred excuse) and this includes security problems in software. On that issue, Gordon shares another MSBBC article . It talks about “virus alert system” (not mentioning Windows of course) and Gordon says one “gotta love the ISPs who spy on their customers connections #TalkTalk… this excuse is “malware protection” [still Windows of course]“:

Talk Talk is launching trials of a controversial anti-malware system following intervention by the Information Commissioner (ICO).

The Virus Alert system keeps an eye on the websites customers visit to stop them accidentally going to places riddled with viruses.

More here in The Inquirer:

BROADBAND PROVIDER Talk Talk has announced it will continue rolling out a traffic monitoring system that it claims will protect its customers.

The opt-in Virus Alerts Service (VAS) was recently likened to the now banned traffic snuffling operation Phorm by the UK Information Commissioner’s Office. It claims to track URLs visited by Talk Talk customers and warn them if a website harbours malware.

The problem here is proprietary software and also this illusion of needing government help (with Phorm that’s harboured by it) to simply navigate through some Web pages.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email
  • Google Bookmarks

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New


  1. Red Hat Betrayed the Free Software Community With Its Software Patents' Stockpiling Drive and Then a Sale to the Biggest Software Patents Lobbyist

    In 2020 Red Hat is little but a shadow of IBM, whose patent policy continues to threaten software freedom and whose lobbying for software patents (under the guise of "HEY HI") persists uninterrupted; this growing problem oughtn't be unspeakable



  2. Politically Correct Tech

    This new video entitled “Politically Correct Tech” covers a topic we’ve spoken a great deal about



  3. [Humour/Meme] High on Production, Stoned on Pseudoscience

    All-time high ‘production’ levels at the European Patent Office (EPO) do not mean what they want people to think and what they try hard to hide



  4. Missing From EPO Management: Actual Scientists

    Political figures and opportunists with connections occupy top positions at top European agencies; this assures self-destructive policies that diminish progress and cushion corruption



  5. All Software Should Come With a Cheat Mode

    Cheat modes are useful for developers because they enable debugging, and are sometimes called "Debug mode"



  6. Linus Torvalds Checks If It's Still Inclusive Enough to 'Bash' Bad Technology (of the Company Whose TPM Pusher Has Just Successfully Pushed to Remove Many Words)

    In the age of endless control of language (e.g. large corporations pushing for "inclusive" language whilst earning billions from bombing of 'inferior' countries) we see that it is still possible to condemn corporations on technical grounds (at least if you’re Linus Torvalds)



  7. Even Before Microsoft Paid ('Joined') the Linux Foundation Jim Zemlin Had a Preference for Microsofters

    Even years before the Linux Foundation was receiving money from Microsoft it had a tendency to hire Microsoft’s people for key positions (a lot of people no longer remember that, but it’s still in the public record; it was Jim Zemlin who approached if not chased Mr. Ramji to offer him the job and the colleagues saw no problem with that)



  8. IRC Proceedings: Saturday, July 11, 2020

    IRC logs for Saturday, July 11, 2020



  9. Links 12/7/2020: KDE Plasma 5.20 Preview and Elive 3.8.14 Beta

    Links for the day



  10. [Humour] The 'Orange One' Does Not Respect Judges Either

    More than two years after taking over the European Patent Office (EPO) António Campinos has done absolutely nothing to restore judicial independence of the Boards of Appeal of the EPO



  11. The Systemd Song

    Speak out about IBM's strategy before we're all using GNU/Linux distros 'barcoded' with systemd



  12. Monopoly (or Vendor Lock-in) is Not Modularity

    IBM cannot totally control the kernel, Linux; IBM's control over GNU/Linux may be worth even more than what it paid for Red Hat as that's the key to overpriced support contracts and the general direction of development (important trends such as file systems and various low-level stacks)



  13. The Internet Archive Doesn't Forget, Whereas the Internet and the Web Forget Very Fast

    World Wide Web history is grossly undervalued and preservation of such history (e.g. by the Wayback Machine) is taken for granted by far too many people; the robber barons of today benefit the most from erosion of collective memory as they get to rewrite the past to suit their present and future interests



  14. Environmentalism and Free Software Can be Viewed as Closely Connected and Help One Another

    Modest lifestyles are an overlapping pattern in the Free software community and green activists; there's room for alliances and collaboration, bettering society by reducing consumption and discouraging voyeurism



  15. Free (as in Freedom) Software + Social Control Media ≠ Free Speech

    Speaking through middlemen and private platforms is bad enough (that gives others unjust power over speech); to claim that because the underlying platform is free/libre software it therefore becomes a non-issue is also dishonest



  16. António Campinos: President or Quasi-Autocratic Corporate Puppet?

    The culture of oppression — and censorship of evidence of oppression — is what today’s EPO is all about; the EPO learned how to better avoid (or block) negative publicity without actually changing its ways; and due to unprecedented speech restrictions you won’t hear that from SUEPO



  17. The Media Continues to Ignore Corruption of António Campinos

    António Campinos has Croatian scandals on his lap; the obedient media, however, refuses to even talk about it (or uses COVID as an excuse to write nothing on the subject, as some journalists have told us)



  18. A Call for Patent Sanity

    The public's call for reform is motivated by improved understanding of today's debased patent system and how out-of-order (detached from its original mission statement) it has gotten; patent maximalism, if it does not completely unravel this whole system, severely discredits it



  19. Declassified US Army Field Manuals Explain Microsoft's Public Relations Strategy (Similar to Selling Imperialism to the Occupied)

    The misuse of public broadcast to brainwash the public is well understood and thoroughly exploited by both Microsoft and the Gates Foundation (which sells this ridiculous lie that the world’s richest people speak for and fight for the poorest, i.e. those impoverished by endless greed)



  20. IRC Proceedings: Friday, July 10, 2020

    IRC logs for Friday, July 10, 2020



  21. Links 11/7/2020: Slackel 7.3 Openbox, Kiwi TCMS 8.5, Librem 5 Dogwood Update 3

    Links for the day



  22. Education Without Free Software is Training or Indoctrination

    Kids need to decide for themselves what they want to do and what they wish to use when they grow up; schools need to provide general tools and the mental capacity to make good decisions (rather than make these decisions for the kids, sometimes at the behest of foreign monopolists)



  23. Links 10/7/2020: Wayland-Info, diffoscope 151 and Tor 0.4.4.2-alpha

    Links for the day



  24. European FRAND (Related to SEP) Proponent and Famed Programmer Comes to Realise That It's Actually a “Scam”

    Even people who have long promoted the practice of mandatory "licensing" (in effect patent tax one is unable to work around) are apparently changing their minds and their tune



  25. Not Even a Single Corporate Journalist Has Written Anything About These Very Important Bits of News (Updated)

    Constant propaganda from patent maximalists has long infested the media, which is sometimes controlled and even bribed to set the tone and the agenda; important developments are being tucked away and require very deep digging for ordinary citizens to find



  26. IRC Proceedings: Thursday, July 09, 2020

    IRC logs for Thursday, July 09, 2020



  27. Racism in Technology (and Who Typically Lectures Us About the Subject)

    Racism is a real problem; some approaches to tackling racism, however, can also be problematic and those who take the lead 'on behalf' of victims tend to be opportunistic and privileged few (piggybacking others' grievances to further advance their financial agenda)



  28. Links 10/7/2020: Debian 8 Long Term Support EOL, Mobian Project, Mesa 20.1.3

    Links for the day



  29. [Humour] COVID-19 is Very, Very Afraid of Human Beings Making More Monopolies Instead of Fighting Together

    The European Patent Office (EPO) to the rescue! Fighting a dangerous pandemic one profitable monopoly at a time!



  30. The News is Never 'Slow', It's Just Journalism That's Slowing Down (and Investigative Journalism Coming Under Attack)

    A mix of censorship and subtle mind control contribute to misinformed societies that shape their perception or misunderstanding of the world based on false measures of authority (where money can determine what is true and what is untrue); many topics remain completely untouched, leading to apathy in a vacuum; it's very much applicable to international organisations, which are presumed benign by virtue of being multi-national or supranational


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts