EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

11.27.10

Windows Kernel Vulnerability for Thanksgiving, Insecurity Used for Surveillance Again

Posted in Microsoft, Security, Windows at 5:56 am by Dr. Roy Schestowitz

Oppression and proprietary software are a pair

Guard with machine gun

Summary: Another major security problem in Windows, new destinations for Stuxnet, and new excuses for tracking one’s Web trails

IT IS not uncommon for Microsoft to leave systems administrators rather restless over the holidays, most typically over Christmas. Users too are left paranoid. This holiday season (US in particular) was no exception as a new Windows kernel vulnerability bypasses UAC, says Slashdot, citing Sophos:

“A new vulnerability in the Windows kernel was disclosed Wednesday that could allow malware to attain administrative privileges by bypassing User Account Control (UAC). Combined with the unpatched Internet Explorer vulnerability in the wild this could be a very bad omen for Windows users.”

From the original source rather than Slashdot‘s summary:

A new zero-day exploit in Microsoft Windows was disclosed today. The exploit allows an application to elevate privilege to “system,” and in Vista and Windows 7 also bypass User Account Control (UAC). The flaw was posted briefly on a programming education site and has since been removed.

According to another report, Stuxnet is still out there and now it is sold on the black market.

According to a report from Sky News, the Stuxnet worm has already been traded on the black market. The report does not clarify whether this refers to the source code or to binary samples. British security specialists now fear that terrorists could use the worm to attack critical infrastructure. The report quotes an IT security consultant to the UK government as claiming, “You could shut down power stations, you could shut down the transport network across the United Kingdom”.

We wrote about Stuxnet many times before and it is interesting because some say it was engineered in order to spy on or to sabotage nuclear facilities in so-called ‘rogue’ nations. See for example:

  1. Ralph Langner Says Windows Malware Possibly Designed to Derail Iran’s Nuclear Programme
  2. Windows Viruses Can be Politically Motivated Sometimes
  3. Who Needs Windows Back Doors When It’s So Insecure?
  4. Windows Insecurity Becomes a Political Issue
  5. Windows, Stuxnet, and Public Stoning
  6. Stuxnet Grows Beyond Siemens-Windows Infections
  7. Has BP Already Abandoned Windows?
  8. Reports: Apple to Charge for (Security) Updates
  9. Windows Viruses Can be Politically Motivated Sometimes
  10. New Flaw in Windows Facilitates More DDOS Attacks
  11. Siemens is Bad for Industry, Partly Due to Microsoft
  12. Microsoft Security Issues in The British Press, Vista and Vista 7 No Panacea
  13. Microsoft’s Negligence in Patching (Worst Amongst All Companies) to Blame for Stuxnet
  14. Microsoft Software: a Darwin Test for Incompetence
  15. Bad September for Microsoft Security, Symantec Buyout Rumours
  16. Microsoft Claims Credit for Failing in Security
  17. Many Windows Servers Being Abandoned; Minnesota Goes the Opposite Direction by Giving Microsoft Its Data
  18. Windows Users Still Under Attack From Stuxnet, Halo, and Zeus
  19. Security Propaganda From Microsoft: Villains Become Heroes
  20. Security Problems in iOS and Windows
  21. Eye on Security: BBC Propaganda, Rootkits, and Stuxnet in Iran’s Nuclear Facilities
  22. Eye on Security: ClamAV Says Windows is a Virus, Microsoft Compromises Mac OS X, and Stuxnet Runs Wild

A few days ago we mentioned MSBBC articles which clearly neglected to mention Windows in stories that were about Windows-exclusive problems.

“ANOTHER Windows only story from the #BBC not mentioning Windows,” wrote Gordon, “they send people to jail for not paying for this s**t,” he added” (the MSBBC is funded by British taxpayers).

Gordon is right because Windows malware is the central issue discussed in the article (although it avoids mentioning Microsoft or Windows). For example:

He was caught installing password-capturing software by computer staff examining network problems.

This is a form of surveillance by a criminal. But we previously explained how surveillance uses security as a pretext (sometimes targeted marketing is the preferred excuse) and this includes security problems in software. On that issue, Gordon shares another MSBBC article . It talks about “virus alert system” (not mentioning Windows of course) and Gordon says one “gotta love the ISPs who spy on their customers connections #TalkTalk… this excuse is “malware protection” [still Windows of course]“:

Talk Talk is launching trials of a controversial anti-malware system following intervention by the Information Commissioner (ICO).

The Virus Alert system keeps an eye on the websites customers visit to stop them accidentally going to places riddled with viruses.

More here in The Inquirer:

BROADBAND PROVIDER Talk Talk has announced it will continue rolling out a traffic monitoring system that it claims will protect its customers.

The opt-in Virus Alerts Service (VAS) was recently likened to the now banned traffic snuffling operation Phorm by the UK Information Commissioner’s Office. It claims to track URLs visited by Talk Talk customers and warn them if a website harbours malware.

The problem here is proprietary software and also this illusion of needing government help (with Phorm that’s harboured by it) to simply navigate through some Web pages.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New


  1. Links 21/4/2015: Project Photon, Ubuntu Touch Buzz

    Links for the day



  2. Embrace, Extend, Extinguish: How Microsoft Plans to Get Rid of Linux/Android

    Microsoft's sheer abuse against Android is laying bare for everyone to see now that Microsoft has paralysed Google's legal department with potential antitrust action in Europe



  3. Yahoo's Current CEO (Mayer, Formerly of Google) is Trying to End Yahoo! Status as Microsoft Proxy

    There are signs of relinquishing Microsoft's control over Yahoo! after Marissa Mayer worked to end the company's suicidal/abusive relationship with Steve Ballmer's Microsoft



  4. Repeating Microsoft's Lies Without Any Journalistic Assessment

    Poor fact-checking by relatively large media/news sites results in Microsoft's patently false claims being repeated uncritically



  5. Links 19/4/2015: New KaOS (2015.04), Manjaro Linux 0.8.13 Pre1

    Links for the day



  6. Links 18/4/2015: ExTiX 15.2, RaspArch

    Links for the day



  7. Microsoft Tired of Pretending to be Nice to Free/Open Source Software (FOSS), Microsoft 'Open' Technologies Dumped

    Microsoft dumps its proxy (misleadingly named 'Open Tech') and other attacks on Free software persist from the inside, often through so-called 'experts' whose agenda is to sell proprietary software



  8. More Translations of French Article About the EPO

    German and Dutch translations of the Le Monde article are now available



  9. Links 17/4/2015: Wipro and the Netherlands Want FOSS

    Links for the day



  10. Microsoft's Multi-Dimensional Assault on Android/Linux: Extortion, Lobbying of Regulators, and Bribes

    Microsoft's vicious war on Linux (and Android in its current incarnation) takes more sophisticated -- albeit illegal (as per the RICO Act) -- forms



  11. Microsoft's Plot to Associate Windows with 'Open Source' is Proving Effective, Despite Being Just a Big Lie

    A look at the latest headlines which can lead to a false perception that Microsoft is now in bed with 'Open Source'



  12. Microsoft Windows Remotely Crashed, Remotely Hijacked, But Still No Logo and No Branding for the Bugs

    Windows maintains its reputation as a back doors haven, but the media is still not highlighting the severity of this issue, instead focusing on accidental bugs in Free software, even very old (and already fixed) bugs



  13. Black Duck's Latest Self-Promotional Propaganda (for Proprietary Software) Still Fools Journalists

    Under the traditionally misleading title "Future of Open Source" Black Duck expresses its desire for proprietary software sales, salivating over fearful managers who may get bamboozled into buying the patents-'protected' Black Duck 'product'



  14. Links 16/4/2015: Opera for 32-bit GNU/Linux, New Chromebook Site

    Links for the day



  15. Links 15/4/2015: Plasma 5.3 Beta, Docker's New Funding

    Links for the day



  16. Microsoft is Still Googlebombing the Term Open Source and Fooling Politicians Who Now Think Microsoft is Open Source

    Microsoft's attempt to assimilate (to confuse) bears some fruit and the Microsoft-linked media plays a considerable role in it



  17. Back Doors/Bug Doors in All Versions of Microsoft Windows Need a Name, a Logo, and Branding Too

    All versions of Microsoft Windows are found to have been insecure since 1997, but the bug responsible for this is not named as candidate for back door access, let alone named (with logo and marketing) like far less severe bugs in Free/libre software such as OpenSSL



  18. OnePlus (or OnePlus Customers) Should Wipe CyanogenMod From Existing Devices and Install Something Else

    A call for OnePlus to reconsider any future updates from Microsoft's Trojan horse, Cyanogen



  19. Links 14/4/2015: 3DR Dronecode, Z1/Z2 Tizen

    Links for the day



  20. Links 13/4/2015: Linux 4.0 Released; A Look at Antergos 2015.04.12

    Links for the day



  21. EFF Uses Alice v. CLS Bank Case to Pressure USPTO to Halt Software Patenting

    A look at recent patent policies and actions from the EFF, as well as increasing secrecy at the USPTO



  22. No, Panasonic Did Not Open-Source Anything (Another Example of Openwashing for PR)

    A dissection of media deception (or media being bamboozled) regarding the act of promising not to sue using patents, which in no way relates to Free/Open Source software



  23. Yes, Software Patents Are Dying, But Media Continues to Be Dominated by Those Denying it For a Salary

    The debate about software patents in this post-Alice era parallels the Net neutrality debate, where voices of people with vested interests contribute to confusion and meddle with largely-accepted views/consensus



  24. Links 12/4/2015: Linux 4.0 Imminent, Semplice 7 Reviewed

    Links for the day



  25. GNU/Linux is Crushing Windows, So Microsoft Leaps Ahead to X+2 Vapourware (Two Versions Ahead Into the Future)

    Microsoft continues to pile up bogus claims and empty promises in an effort to stall migrations to GNU/Linux



  26. The ITC's and US Media's Surprisingly Soft Treatment of Patent Bully Apple

    Despite Apple's history of initiating patent aggression against its competition (mostly Android-backing companies), the US corporate media treats Apple like a victim



  27. Microsoft Continues to Attack (and Tax) Linux Using Software Patents

    Microsoft stabs Linux in the back while it continues to insist that it 'loves' Linux



  28. European Unitary Patent Decision Due 5th of May

    The meta-industry of patent protectionism is debating and pushing forth the Unitary Patent Court, with or without endorsement from the European public



  29. Microsoft is Still Googlebombing 'Open Source'

    Microsoft's massive campaign of deception, obfuscation and misuse of the "Open Source" brand is still on, even a week after it was cleverly started by Condé Nast



  30. Links 11/4/2015: elementary OS Freya, Mageia 5 on the Way

    Links for the day


CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts