Eye on Security: Vista 7 is 'Secure', They Promised
- Dr. Roy Schestowitz
- 2010-11-30 21:34:07 UTC
- Modified: 2010-11-30 21:34:07 UTC
Summary: Vista 7 -- just like Vista and its processors -- is still Swiss cheese based on the latest news
●
Breaking That Other OS
Yet another means of exploiting that other OS has been demonstrated by Sophos. An ordinary user can gain complete control of the system whether it is XP, Vista, “7ââ¬Â³ etc. simply by running some code that tweaks a key in the registry. A workaround is to create a new key to block users from changing keys in the registry… Duh… How’s that for backwards compatibility?
This is another demonstration that M$ has created a monster running on nearly every PC on the planet that invites compromise. Now, hundreds of millions of users will have to do some dance with updates or tweak the registry themselves to do something that M$ neglected to do many years ago.
●
'Nightmare' kernel bug lets attackers evade Windows UAC security
Microsoft is investigating reports of an unpatched vulnerability in the Windows kernel that could be used by attackers to sidestep an important operating system security measure.
One security firm dubbed the bug a potential "nightmare," but Microsoft downplayed the threat by reminding users that hackers would need a second exploit to launch remote attacks.
●
Newly discovered Windows kernel flaw bypasses UAC
Last week an exploit for a Windows kernel flaw was published by an unknown source. Presumably as a joke, details of the flaw, along with proof-of-concept code, were published on Code Project. Code Project is a programmer peer support community, containing many tutorials and useful snippets of code to assist developers. Malware developers are not the usual target audience for posts made to the site, and so perhaps unsurprisingly, the article has been removed (though is mirrored here).
The flaw is a privilege escalation vulnerability. Anyone who can run code on a Windows system can elevate her privileges to the highest level, and accordingly install back doors, compromise sensitive data, and so on. The flaw lies in a critical Windows driver called win32k.sys. The driver inappropriately handles certain data stored in the registry—data that is stored on a per-user basis, and hence accessible to any unprivileged program. The proof-of-concept code uses this flaw to elevate the privileges of the user running the demo code; it could just as well be used to install a back door or other malware.
Recent Techrights' Posts
- Estimated or Educated Guess at Number of Desktops and Laptops With GNU/Linux: 112,500,000
- What is 4.5% of 2.5 billion? It is about 112,500,000
- New Record High for Android in Mozambique
- Next week Microsoft will have to admit (but hide) that Windows revenue sank again, possibly at the rate of over 10% per year
- Old Does Not Mean Bad and Older is Not Always Worse
- The quality of the sound is still the same as it was 30 years ago
-
- [Meme] Russia Having a Field Day Seeing How Microsoft Bricks Its own Computer Systems
- Russia didn't even have to do a thing
- Why We Need to Make Time for More Videos
- Videos are neither out of style nor have fallen out of grace/fashion
- GNU/Linux+ChromeOS in Africa: Reaching Record Levels for This Year and Soon 4% on Desktops/Laptops
- So says statCounter this month
- Links 27/07/2024: Russia's Central Bank Raises Key Interest Rate to 18%, Many More Journalists Laid Off
- Links for the day
- Gemini Links 27/07/2024: Donut Stop and Wayland Concerns
- Links for the day
- linuxsecurity.com Classified as 100% Slop (LLM Spam)
- How long can they carry on like this?
- Links 27/07/2024: Quicket Scooped up by Ticketmaster, Microsoft Uses Windows' Global Outage as Excuse to Loosen Antitrust Enforcement
- Links for the day
- European Governments Shift Towards Mandating Free Software in the Public Sector
- Dutch government officials, however, let Microsoft moles decide on policy [...] Microsoft isn't about technology but about bribery
- Over at Tux Machines...
- GNU/Linux news for the past day
- IRC Proceedings: Friday, July 26, 2024
- IRC logs for Friday, July 26, 2024
- Our Static Site Generator Has Just Turned 2, It'll Turn 1 in Techrights in Two Months' Time
- Our Static Site Generator (SSG), which is written from the ground up in Perl, had an anniversary this past week
- Slashdot is Acting as a Spamming Service for Microsoft, Apparently in Service of Embrace, Extend, Extinguish (E.E.E.)
- Renting out the "trusted brand" to Microsoft
- Links 26/07/2024: Hamburgerization of Sushi and GNU/Linux Primer
- Links for the day
- Links 26/07/2024: Tesco Cutbacks and Fake Patent Courts
- Links for the day
- Links 26/07/2024: Grimy Residue of the 'AI' Bubble and Tensions Around Alaska
- Links for the day
- Gemini Links 26/07/2024: More Computers and Tilde Hosting
- Links for the day
- Links 26/07/2024: "AI" Hype Debunked and Elon Musk's "X" Already Spreads Political Disinformation
- Links for the day
- A Week After a Worldwide Windows Outage Microsoft is 'Bricking' Windows All On Its Own, Cannot Blame Others Anymore
- A look back at a week of lousy press coverage, Microsoft deceit, and lessons to be learned
- "Why you boss is insatiably horny for firing you and replacing you with software."
- Ask McDonalds how this "AI" nonsense with IBM worked out for them
- No Olympics
- We really need to focus on real news
- Nobody Holds the GNOME Foundation Accountable (Not Even IRS), It's Governed by Lawyers, Not Geeks, and Headed by a Shaman Crank
- GNOME is a deeply oppressive institutions that eats its own
- [Meme] The 'Modern' Web and 'Linux' Foundation Reinforcing Monopolies and Cementing centralisation
- They don't care about the users and issuing a few bytes with random characters costs them next to nothing. It gives them control over billions of human beings.
- 'Boiling the Frog' or How Online Certificate Status Protocol (OCSP) is Being Abandoned at Short Notice by Let's Encrypt
- This isn't a lack of foresight but planned obsolescence
- When the LLM Bubble Implodes Completely Microsoft Will be 'Finished'
- Excuses like, "it's not ready yet" or "we'll fix it" won't pass muster
- "An escalator can never break: it can only become stairs"
- The lesson of this story is, if you do evil things, bad things will come your way. So don't do evil things.
- When Wikileaks Was Still Primarily a Wiki
- less than 14 years ago the international media based its war journalism on what Wikileaks had published
- The Free Software Foundation Speaks Out Against Microsoft
- the problem is bigger than Microsoft and in the long run - seeing Microsoft's demise - we'll need to emphasise Software Freedom
- IRC Proceedings: Thursday, July 25, 2024
- IRC logs for Thursday, July 25, 2024
- Over at Tux Machines...
- GNU/Linux news for the past day
- Links 26/07/2024: E-mail on OpenBSD and Emacs Fun
- Links for the day
- Links 25/07/2024: Talks of Increased Pension Age and Biden Explains Dropping Out
- Links for the day
- Links 25/07/2024: Paul Watson, Kernel Bug, and Taskwarrior
- Links for the day
- [Meme] Microsoft's "Dinobabies" Not Amused
- a slur that comes from Microsoft's friends at IBM
- Flashback: Microsoft Enslaves Black People (Modern Slavery) for Profit, or Even for Losses (Still Sinking in Debt Due to LLMs' Failure)
- "Paid Kenyan Workers Less Than $2 Per Hour"
- From Lion to Lamb: Microsoft Fell From 100% to 13% in Somalia (Lowest Since 2017)
- If even one media outlet told you in 2010 that Microsoft would fall from 100% (of Web requests) to about 1 in 8 Web requests, you'd probably struggle to believe it
- Microsoft Windows Became Rare in Antarctica
- Antarctica's Web stats still near 0% for Windows
- Links 25/07/2024: YouTube's Financial Problem (Even After Mass Layoffs), Journalists Bemoan Bogus YouTube Takedown Demands
- Links for the day
- Gemini Now 70 Capsules Short of 4,000 and Let's Encrypt Sinks Below 100 (Capsules) as Self-Signed Leaps to 91%
- The "gopher with encryption" protocol is getting more widely used and more independent from GAFAM
- Over at Tux Machines...
- GNU/Linux news for the past day
- IRC Proceedings: Wednesday, July 24, 2024
- IRC logs for Wednesday, July 24, 2024
- Techrights Statement on YouTube
- YouTube is a dying platform
- [Video] Julian Assange on the Right to Know
- Publishing facts is spun as "espionage" by the US government and "treason" by the Russian government, to give two notable examples
- Links 25/07/2024: Tesla's 45% Profit Drop, Humble Games Employees All Laid Off
- Links for the day
- Gemini Links 25/07/2024: Losing Grip and collapseOS
- Links for the day