Eye on Security: Vista 7 is 'Secure', They Promised
- Dr. Roy Schestowitz
- 2010-11-30 21:34:07 UTC
- Modified: 2010-11-30 21:34:07 UTC
Summary: Vista 7 -- just like Vista and its processors -- is still Swiss cheese based on the latest news
●
Breaking That Other OS
Yet another means of exploiting that other OS has been demonstrated by Sophos. An ordinary user can gain complete control of the system whether it is XP, Vista, “7ââ¬Â³ etc. simply by running some code that tweaks a key in the registry. A workaround is to create a new key to block users from changing keys in the registry… Duh… How’s that for backwards compatibility?
This is another demonstration that M$ has created a monster running on nearly every PC on the planet that invites compromise. Now, hundreds of millions of users will have to do some dance with updates or tweak the registry themselves to do something that M$ neglected to do many years ago.
●
'Nightmare' kernel bug lets attackers evade Windows UAC security
Microsoft is investigating reports of an unpatched vulnerability in the Windows kernel that could be used by attackers to sidestep an important operating system security measure.
One security firm dubbed the bug a potential "nightmare," but Microsoft downplayed the threat by reminding users that hackers would need a second exploit to launch remote attacks.
●
Newly discovered Windows kernel flaw bypasses UAC
Last week an exploit for a Windows kernel flaw was published by an unknown source. Presumably as a joke, details of the flaw, along with proof-of-concept code, were published on Code Project. Code Project is a programmer peer support community, containing many tutorials and useful snippets of code to assist developers. Malware developers are not the usual target audience for posts made to the site, and so perhaps unsurprisingly, the article has been removed (though is mirrored here).
The flaw is a privilege escalation vulnerability. Anyone who can run code on a Windows system can elevate her privileges to the highest level, and accordingly install back doors, compromise sensitive data, and so on. The flaw lies in a critical Windows driver called win32k.sys. The driver inappropriately handles certain data stored in the registry—data that is stored on a per-user basis, and hence accessible to any unprivileged program. The proof-of-concept code uses this flaw to elevate the privileges of the user running the demo code; it could just as well be used to install a back door or other malware.
Recent Techrights' Posts
- With 9 Mentions of Azure In Its Latest Blog Post, Canonical is Again Promoting Microsoft and Intel Vendor Lock-in, Surveillance, Back Doors, Considerable Power Waste, and Defects That Cannot be Fixed
- Microsoft did not even have to buy Canonical (for Canonical to act like it happened)
- Links 28/03/2024: GAFAM Replacing Full-Time Workers With Interns Now
- Links for the day
- Consent & Debian's illegitimate constitution
- Reprinted with permission from Daniel Pocock
- The Time Our Server Host Died in a Car Accident
- If Debian has internal problems, then they need to be illuminated and then tackled, at the very least in order to ensure we do not end up with "Deadian"
- China's New 'IT' Rules Are a Massive Headache for Microsoft
- On the issue of China we're neutral except when it comes to human rights issues
- Over at Tux Machines...
- GNU/Linux news for the past day
- IRC Proceedings: Wednesday, March 27, 2024
- IRC logs for Wednesday, March 27, 2024
- WeMakeFedora.org: harassment decision, victory for volunteers and Fedora Foundations
- Reprinted with permission from Daniel Pocock
- Links 27/03/2024: Terrorism Grows in Africa, Unemployment in Finland Rose Sharply in a Year, Chinese Aggression Escalates
- Links for the day
- Links 27/03/2024: Ericsson and Tencent Layoffs
- Links for the day
- Amid Online Reports of XBox Sales Collapsing, Mass Layoffs in More Teams, and Windows Making Things Worse (Admission of Losses, Rumours About XBox Canceled as a Hardware Unit)...
- Windows has loads of issues, also as a gaming platform
- Links 27/03/2024: BBC Resorts to CG Cruft, Akamai Blocking Blunders in Piracy Shield
- Links for the day
- Android Approaches 90% of the Operating Systems Market in Chad (Windows Down From 99.5% 15 Years Ago to Just 2.5% Right Now)
- Windows is down to about 2% on the Web-connected client side as measured by statCounter
- Sainsbury's: Let Them Eat Yoghurts (and Microsoft Downtimes When They Need Proper Food)
- a social control media 'scandal' this week
- IRC Proceedings: Tuesday, March 26, 2024
- IRC logs for Tuesday, March 26, 2024
- Over at Tux Machines...
- GNU/Linux news for the past day
- Windows/Client at Microsoft Falling Sharply (Well Over 10% Decline Every Quarter), So For His Next Trick the Ponzi in Chief Merges Units, Spices Everything Up With "AI"
- Hiding the steep decline of Windows/Client at Microsoft?
- Free technology in housing and construction
- Reprinted with permission from Daniel Pocock
- We Need Open Standards With Free Software Implementations, Not "Interoperability" Alone
- Sadly we're confronting misguided managers and a bunch of clowns trying to herd us all - sometimes without consent - into "clown computing"
- Microsoft's Collapse in the Web Server Space Continued This Month
- Microsoft is the "2%", just like Windows in some countries
- Links 26/03/2024: Inflation Problems, Strikes in Finland
- Links for the day
- Gemini Links 26/03/2024: Losing Children, Carbon Tax Discussed
- Links for the day
- Mark Shuttleworth resigns from Debian: volunteer suicide and Albania questions unanswered, mass resignations continue
- Reprinted with permission from Daniel Pocock
- Links 26/03/2024: 6,000 Layoffs at Dell, Microsoft “XBox is in Real Trouble as a Hardware Manufacturer”
- Links for the day
- Gemini Links 26/03/2024: Microsofters Still Trying to 'Extend' Gemini Protocol
- Links for the day
- Look What IBM's Red Hat is Turning CentOS Into
- For 17 years our site ran on CentOS. Thankfully we're done with that...
- The Julian Paul Assange Verdict: The High Court Has Granted Assange Leave to Appeal Extradition to the United States, Decision Adjourned to May 20th Pending Assurances
- The decision is out
- The Microsoft and Apple Antitrust Issues Have Some But Not Many Commonalities
- gist of the comparison to Microsoft
- ZDNet, Sponsored by Microsoft for Paid-for Propaganda (in 'Article' Clothing), Has Added Pop-Up or Overlay to All Pages, Saying "813 Partners Will Store and Access Information on Your Device"
- Avoiding ZDNet may become imperative given what it has turned into
- Julian Assange Verdict 3 Hours Away
- Their decision is due to be published at 1030 GMT
- People Who Cover Suicide Aren't Suicidal
- Assange didn't just "deteriorate". This deterioration was involuntary and very much imposed upon him.
- Overworking Kills
- The body usually (but not always) knows best
- Former Red Hat Chief (CEO), Who Decided to Leave the Company Earlier This Month, Talks About "Cloud Company Red Hat" to CNBC
- shows a lack of foresight and dependence on buzzwords
- IRC Proceedings: Monday, March 25, 2024
- IRC logs for Monday, March 25, 2024
- Over at Tux Machines...
- GNU/Linux news for the past day
- Discord Does Not Make Money, It's Spying on People and Selling Data/Control (38% is Allegedly Controlled by the Communist Party of China)
- a considerable share exists
- In At Least Two Nations Windows is Now Measured at 2% "Market Share" (Microsoft Really Does Not Want People to Notice That)
- Ignore the mindless "AI"-washing
- Internet Relay Chat (IRC) Still Has Hundreds of Thousands of Simultaneously-Online Unique Users
- The scale of IRC