EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

11.27.10

Windows Kernel Vulnerability for Thanksgiving, Insecurity Used for Surveillance Again

Posted in Microsoft, Security, Windows at 5:56 am by Dr. Roy Schestowitz

Oppression and proprietary software are a pair

Guard with machine gun

Summary: Another major security problem in Windows, new destinations for Stuxnet, and new excuses for tracking one’s Web trails

IT IS not uncommon for Microsoft to leave systems administrators rather restless over the holidays, most typically over Christmas. Users too are left paranoid. This holiday season (US in particular) was no exception as a new Windows kernel vulnerability bypasses UAC, says Slashdot, citing Sophos:

“A new vulnerability in the Windows kernel was disclosed Wednesday that could allow malware to attain administrative privileges by bypassing User Account Control (UAC). Combined with the unpatched Internet Explorer vulnerability in the wild this could be a very bad omen for Windows users.”

From the original source rather than Slashdot‘s summary:

A new zero-day exploit in Microsoft Windows was disclosed today. The exploit allows an application to elevate privilege to “system,” and in Vista and Windows 7 also bypass User Account Control (UAC). The flaw was posted briefly on a programming education site and has since been removed.

According to another report, Stuxnet is still out there and now it is sold on the black market.

According to a report from Sky News, the Stuxnet worm has already been traded on the black market. The report does not clarify whether this refers to the source code or to binary samples. British security specialists now fear that terrorists could use the worm to attack critical infrastructure. The report quotes an IT security consultant to the UK government as claiming, “You could shut down power stations, you could shut down the transport network across the United Kingdom”.

We wrote about Stuxnet many times before and it is interesting because some say it was engineered in order to spy on or to sabotage nuclear facilities in so-called ‘rogue’ nations. See for example:

  1. Ralph Langner Says Windows Malware Possibly Designed to Derail Iran’s Nuclear Programme
  2. Windows Viruses Can be Politically Motivated Sometimes
  3. Who Needs Windows Back Doors When It’s So Insecure?
  4. Windows Insecurity Becomes a Political Issue
  5. Windows, Stuxnet, and Public Stoning
  6. Stuxnet Grows Beyond Siemens-Windows Infections
  7. Has BP Already Abandoned Windows?
  8. Reports: Apple to Charge for (Security) Updates
  9. Windows Viruses Can be Politically Motivated Sometimes
  10. New Flaw in Windows Facilitates More DDOS Attacks
  11. Siemens is Bad for Industry, Partly Due to Microsoft
  12. Microsoft Security Issues in The British Press, Vista and Vista 7 No Panacea
  13. Microsoft’s Negligence in Patching (Worst Amongst All Companies) to Blame for Stuxnet
  14. Microsoft Software: a Darwin Test for Incompetence
  15. Bad September for Microsoft Security, Symantec Buyout Rumours
  16. Microsoft Claims Credit for Failing in Security
  17. Many Windows Servers Being Abandoned; Minnesota Goes the Opposite Direction by Giving Microsoft Its Data
  18. Windows Users Still Under Attack From Stuxnet, Halo, and Zeus
  19. Security Propaganda From Microsoft: Villains Become Heroes
  20. Security Problems in iOS and Windows
  21. Eye on Security: BBC Propaganda, Rootkits, and Stuxnet in Iran’s Nuclear Facilities
  22. Eye on Security: ClamAV Says Windows is a Virus, Microsoft Compromises Mac OS X, and Stuxnet Runs Wild

A few days ago we mentioned MSBBC articles which clearly neglected to mention Windows in stories that were about Windows-exclusive problems.

“ANOTHER Windows only story from the #BBC not mentioning Windows,” wrote Gordon, “they send people to jail for not paying for this s**t,” he added” (the MSBBC is funded by British taxpayers).

Gordon is right because Windows malware is the central issue discussed in the article (although it avoids mentioning Microsoft or Windows). For example:

He was caught installing password-capturing software by computer staff examining network problems.

This is a form of surveillance by a criminal. But we previously explained how surveillance uses security as a pretext (sometimes targeted marketing is the preferred excuse) and this includes security problems in software. On that issue, Gordon shares another MSBBC article . It talks about “virus alert system” (not mentioning Windows of course) and Gordon says one “gotta love the ISPs who spy on their customers connections #TalkTalk… this excuse is “malware protection” [still Windows of course]“:

Talk Talk is launching trials of a controversial anti-malware system following intervention by the Information Commissioner (ICO).

The Virus Alert system keeps an eye on the websites customers visit to stop them accidentally going to places riddled with viruses.

More here in The Inquirer:

BROADBAND PROVIDER Talk Talk has announced it will continue rolling out a traffic monitoring system that it claims will protect its customers.

The opt-in Virus Alerts Service (VAS) was recently likened to the now banned traffic snuffling operation Phorm by the UK Information Commissioner’s Office. It claims to track URLs visited by Talk Talk customers and warn them if a website harbours malware.

The problem here is proprietary software and also this illusion of needing government help (with Phorm that’s harboured by it) to simply navigate through some Web pages.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New


  1. Patents Roundup: Metaswitch, GENBAND, Susman, Cisco, Konami, High 5 Games, HTC, and Nintendo

    A look at existing legal actions, the application of 35 U.S.C. § 101, and questionable patents that are being pursued on software (algorithms or "software infrastructure")



  2. In Maxon v Funai the High 'Patent Court' (CAFC) Reaffirms Disdain for Software Patents, Which Are Nowadays Harder to Get and Then Defend

    With the wealth of decisions from the Court of Appeals for the Federal Circuit (CAFC) wherein software patents get discarded (Funai being the latest example), the public needs to ask itself whether patent law firms are honest when they make claims about resurgence of software patents by 'pulling a Berkheimer' or coming up with terms like “Berkheimer Effect”



  3. Today's European Patent Office Works for Patent Extremists and for Team UPC Rather Than for Europe or for Innovation

    The International Association for the Protection of Intellectual Property (AIPPI) and other patent maximalists who have nothing to do with Europe, helped by a malicious and rather clueless politician called Benoît Battistelli, are turning the EPO into a patent-printing machine rather than an examination office as envisioned by the EPC (founders) and member states



  4. The EPO is Dying and Those Who Have Killed It Are Becoming Very Rich in the Process

    Following the footsteps of Ron Hovsepian at Novell, Battistelli at the EPO (along with Team Battistelli) may mean the end of the EPO as we know it (or the end altogether); one manager and a cabal of confidants make themselves obscenely rich by basically sacrificing the very organisation they were entrusted to serve



  5. Short: Just Keep Repeating the Lie (“Quality”) Until People Might Believe It

    Battistelli’s patent-printing bureau (EPO without quality control) keeps lying about the quality of patents by repeating the word “quality” a lot of times, including no less than twice in the summary alone



  6. Shelston IP Keeps Pressuring IP Australia to Allow Software Patents and Harm Software Development

    Shelston IP wants exactly the opposite of what's good for Australia; it just wants what's good for itself, yet it habitually pretends to speak for a productive industry (nothing could be further from the truth)



  7. Is Andy Ramer's Departure the End of Cantor Fitzgerald's Patent Trolls-Feeding Operations and Ambitions?

    The managing director of the 'IP' group at Cantor Fitzgerald is leaving, but it does not yet mean that patent trolls will be starved/deprived access to patents



  8. EPO Hoards Billions of Euros (Taken From the Public), Decreases Quality to Get More Money, Reduces Payments to Staff

    The EPO continues to collect money from everyone, distributes bogus/dubious patents that usher patent trolls into Europe (to cost European businesses billions in the long run), and staff of the EPO faces more cuts while EPO management swims in cash and perks



  9. Short: Calling Battistelli's Town (Where He Works) “Force for Innovation” to Justify the Funneling of EPO Funds to It

    How the EPO‘s management ‘explained’ (or sought to rationalise) to staff its opaque decision to send a multi-million, one-day ceremony to Battistelli’s own theatre only weeks before he leaves



  10. Short: EPO Bribes the Media and Then Brags About the Paid-for Outcome to Staff

    The EPO‘s systematic corruption of the media at the expense of EPO stakeholders — not to mention hiring of lawyers to bully media which exposes EPO corruption — in the EPO’s own words (amended by us)



  11. Short: EPO's “Working Party for Quality” is to Quality What the “Democratic People's Republic of Korea” is to Democracy

    To maintain the perception (illusion) that the EPO still cares about patent quality — and in order to disseminate this lie to EPO staff — a puff piece with the above heading/photograph was distributed to thousands of examiners in glossy paper form



  12. Short: This Spring's Message From the EPO's President (Corrected)

    A corrected preface from the Liar in Chief, the EPO's notoriously crooked and dishonest President



  13. Short: Highly Misleading and Unscientific Graphics From the EPO for an Illusion of Growth

    A look at the brainwash that EPO management is distributing to staff and what's wrong with it



  14. Short: EPO Explains to Examiners Why They Should and Apparently Can Grant Software Patents (in Spite of EPC)

    Whether it calls it "CII" or "ICT" or "Industry 4.0" or "4IR", the EPO's management continues to grant software patents and attempts to justify this to itself (and to staff)



  15. Links 21/4/2018: Linux 4.9.95, FFmpeg 4.0, OpenBSD Foundation 2018 Fundraising Campaign

    Links for the day



  16. As USPTO Director, Andrei Iancu Gives Three Months for Public Comments on 35 U.S.C. § 101 (Software Patenting Impacted)

    Weeks after starting his job as head of the US patent office, to our regret but not to our surprise, Iancu asks whether to limit examiners' ability to reject abstract patent applications citing 35 U.S.C. § 101 (relates to Alice and Mayo)



  17. In Keith Raniere v Microsoft Both Sides Are Evil But for Different Reasons

    Billing for patent lawyers reveals an abusive strategy from Microsoft, which responded to abusive patent litigation (something which Microsoft too has done for well over a decade)



  18. Links 20/4/2018: Atom 1.26, MySQL 8.0

    Links for the day



  19. Links 19/4/2018: Mesa 17.3.9 and 18.0.1, Trisquel 8.0 LTS Flidas, Elections for openSUSE Board

    Links for the day



  20. The Patent Microcosm, Patent Trolls and Their Pressure Groups Incite a USPTO Director Against the Patent Trial and Appeal Board (PTAB) and Section 101/Alice

    As one might expect, the patent extremists continue their witch-hunt and constant manipulation of USPTO officials, whom they hope to compel to become patent extremists themselves (otherwise those officials are defamed, typically until they're fired or decide to resign)



  21. Microsoft's Lobbying for FRAND Pays Off as Microsoft-Connected Patent Troll Conversant (Formerly MOSAID) Goes After Android OEMs in Europe

    The FRAND (or SEP) lobby seems to have caused a lot of monopolistic patent lawsuits; this mostly affects Linux-powered platforms such as Android, Tizen and webOS and there are new legal actions from Microsoft-connected patent trolls



  22. To Understand Why People Say That Lawyers are Liars Look No Further Than Misleading Promotion of Software Patents

    Some of the latest misleading claims from the patent microcosm, which is only interested in lots and lots of patents (its bread and butter is monopolies after all) irrespective of their merit, quality, and desirability



  23. When News About the EPO is Dominated by Sponsored 'Reports' and Press Releases Because Publishers Are Afraid of (or Bribed by) the EPO

    The lack of curiosity and genuine journalism in Europe may mean that serious abuses (if not corruption) will go unreported



  24. The Boards of Appeal at the European Patent Organisation (EPO) Complain That They Are Understaffed, Not Just Lacking the Independence They Depend on

    The Boards of Appeal have released a report and once again they openly complain that they're unable to do their job properly, i.e. patent quality cannot be assured



  25. Links 18/4/2018: New Fedora 27 ISOs, Nextcloud Wins German Government Contract

    Links for the day



  26. Guest Post: Responding to Your Recent Posting “The European Patent Office Will Never Hold Its Destroyers Accountable”

    In France, where Battistelli does not enjoy diplomatic immunity, he can be held accountable like his "padrone" recently was



  27. The EPO in 2018: Partnering With Saudi Arabia and Cambodia (With Zero European Patents)

    The EPO's status in the world has declined to the point where former French colonies and countries with zero European Patents are hailed as "success stories" for Battistelli



  28. For Samsung and Apple the Biggest Threat Has Become Patent Trolls and Aggressors in China and the Eastern District of Texas, Not Each Other

    The latest stories about two of the world's largest phone OEMs, both of which find themselves subjected to a heavy barrage of patent lawsuits and even embargoes; Samsung has meanwhile obtained an antisuit injunction against Huawei



  29. The EPO Continues to Lie About Patent Quality Whilst Openly Promoting Software Patents, Even Outside Europe

    EPO patent quality continues to sink while EPO management lies about it and software patents are openly being promoted/advocatedEPO patent quality continues to sink while EPO management lies about it (the article above is new) and software patents are openly being promoted/advocated



  30. SCOTUS on WesternGeco v Ion Geophysical Almost Done; Will Oil States Decision Affirm the PTAB's Quality Assurance (IPRs) Soon?

    Ahead of WesternGeco and Oil States, following oral proceedings, it's expected that the highest court in the United States will deliver more blows to patent maximalism


CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts