Eye on Security: Vista 7 is 'Secure', They Promised
- Dr. Roy Schestowitz
- 2010-11-30 21:34:07 UTC
- Modified: 2010-11-30 21:34:07 UTC
Summary: Vista 7 -- just like Vista and its processors -- is still Swiss cheese based on the latest news
●
Breaking That Other OS
Yet another means of exploiting that other OS has been demonstrated by Sophos. An ordinary user can gain complete control of the system whether it is XP, Vista, “7ââ¬Â³ etc. simply by running some code that tweaks a key in the registry. A workaround is to create a new key to block users from changing keys in the registry… Duh… How’s that for backwards compatibility?
This is another demonstration that M$ has created a monster running on nearly every PC on the planet that invites compromise. Now, hundreds of millions of users will have to do some dance with updates or tweak the registry themselves to do something that M$ neglected to do many years ago.
●
'Nightmare' kernel bug lets attackers evade Windows UAC security
Microsoft is investigating reports of an unpatched vulnerability in the Windows kernel that could be used by attackers to sidestep an important operating system security measure.
One security firm dubbed the bug a potential "nightmare," but Microsoft downplayed the threat by reminding users that hackers would need a second exploit to launch remote attacks.
●
Newly discovered Windows kernel flaw bypasses UAC
Last week an exploit for a Windows kernel flaw was published by an unknown source. Presumably as a joke, details of the flaw, along with proof-of-concept code, were published on Code Project. Code Project is a programmer peer support community, containing many tutorials and useful snippets of code to assist developers. Malware developers are not the usual target audience for posts made to the site, and so perhaps unsurprisingly, the article has been removed (though is mirrored here).
The flaw is a privilege escalation vulnerability. Anyone who can run code on a Windows system can elevate her privileges to the highest level, and accordingly install back doors, compromise sensitive data, and so on. The flaw lies in a critical Windows driver called win32k.sys. The driver inappropriately handles certain data stored in the registry—data that is stored on a per-user basis, and hence accessible to any unprivileged program. The proof-of-concept code uses this flaw to elevate the privileges of the user running the demo code; it could just as well be used to install a back door or other malware.
Recent Techrights' Posts
- 'Dark Patterns' or a Trap at the European Patent Office (EPO)
- insincere if not malicious E-mail from the EPO's dictators
- There's an Abundance of Articles About the New Release of Kali Linux, But This One is a Fake
- It can add nothing except casual misinformation (fed back into the model to reinforce lies)
- IBM's Leadership Ruining Lives of People Who Thought Working for IBM Would be OK
- Nobody gets fire-lined for buying IBM?
- The United States' Authorities Ought to Become Enforcers of the General Public License (GPL) for National Security's Sake
- US federal agencies ought to pursue availability of code and GPL compliance (copyleft), not bans
- The Problem of Microsoft Security Problems is Microsoft (the Solution is to Quit Microsoft) and "Salt Typhoon" Coverage Must Name CALEA Back Doors
- Name the holes, not those who exploit them.
- A "Year of Efficiency"
- No, we don't mean layoffs
-
- Microsoft: "Upgrade" to Vista 11 Today, We'll Brick Your Audio and You Cannot Prevent This
- Windows Update is obligatory, so...
- The Unspeakable National Security Threat: Plasticwares as the New Industrial Standard
- Made to last or made to be as cheap as possible? Meritocracy or industrial rat races are everywhere now.
- Microsoft's All-Time Lows in Macao and Hong Kong
- Microsoft is having a hard time in China, not only for political reasons
- [Meme] "It Was Like a Nuclear Winter"
- This won't happen again, will it?
- If You Know That Hey Hi (AI) is Hype, Then Stop Participating in It
- bogus narrative of "Hey Hi (AI) arms race" and "era/age of Hey Hi" and "Hey Hi Revolution"
- Bangladesh (Population Close to 200 Million) Sees Highest GNU/Linux Adoption Levels Ever
- Microsoft barely has a grip on this country. It used to.
- Over at Tux Machines...
- GNU/Linux news for the past day
- IRC Proceedings: Thursday, December 19, 2024
- IRC logs for Thursday, December 19, 2024
- Gemini Links 19/12/2024: Fast Year Passes and Advent of Code Ongoing
- Links for the day
- Twitter is Going to Fall Out of Top 100 Domains as Clownflare (DNS MitM) Sees It
- evidence of Twitter's (X's) collapse
- [Meme] Making Choices at the EPO
- Decisions, decisions...
- Large and Significant Error Correction in South America?
- Windows now has less than half what Android achieved in terms of "market share"
- Links 19/12/2024: Astronaut Record and Observer Absorbed
- Links for the day
- Links 19/12/2024: Seven Dirty Words and Isle Release v0.0.3 (Alpha)
- Links for the day
- Links 19/12/2024: Nurses Besieged by "Apps", More Harms of Social Control Media Illuminated
- Links for the day
- 15 Countries Where Yandex is Already Seen to be Bigger Than Microsoft (in Search)
- Georgia, Syrian Arab Republic, Cyprus, Moldova, Ukraine, Armenia, Azerbaijan, Kyrgyz Republic, Uzbekistan, Kazakhstan, Turkmenistan, Tajikistan, Belarus, Turkey, and Russia
- Links 19/12/2024: Magnitude 7.3 Earthquake and Privacy Camp
- Links for the day
- Gemini Links 19/12/2024: Port Of Miami Explosion, TurboQOA, Gnus
- Links for the day
- Fake Articles About 'Linux'
- Dated yesterday
- Over at Tux Machines...
- GNU/Linux news for the past day
- IRC Proceedings: Wednesday, December 18, 2024
- IRC logs for Wednesday, December 18, 2024
- FSF Has Made It Halfway to Its Target (Funding Goal) a Week Before Christmas Day
- $400,000 definitely seems reachable now, especially if they extend the "deadline"
- [Meme] The Master Churnalist
- Speaking of press releases being passed off as "journalism"
- Spamnil's TFiR: Still Pretending Press Releases Are 'Articles' (TFiR 'Originals' as Plagiarism or Fluff)
- Same as last year
- Links 18/12/2024: Zakir Hussain Dies, TuneIn Layoffs
- Links for the day
- Links 18/12/2024: Karate Love and Advent of Code
- Links for the day
- Windows (or Microsoft) Has Become the "One Percent" (Market Share) in Chad
- How long before it falls below 1%?
- Arvind Krishna, IBM's CEO, Will Eventually Suck Up to Donald Trump Like His Predecessor Did or the Watson Family Did With Adolf Hitler
- Literally Hitler
- Being a Geek Need Not Mean Being Sedentary
- "In the past 18 months," Berkholz writes, "I’ve lost 75 pounds and gone from completely sedentary to fit, while minimizing the effort to do so (but needing a whole lot of persistence and grit)."
- GAFAM Kissing the Ring of the Mafia Don
- "resistance" to dictatorship and defenders of democracy?
- Slop Spaghetti From the Chef, Second Time Today
- Fresh slop ready out the oven!
- IBM - Like Microsoft - Lies About the Number of People It's Laying Off (Several Tens of Thousands, Not Counting R.T.O. "Silent" Layoffs and Contractors/Perma-Temps)
- How many waves of silent layoffs have we seen so far at IBM this year?
- Links 18/12/2024: EU Launches Probe Into TikTok (At Last!)
- Links for the day
- Links 18/12/2024: Doha/Qatar Trafficking, Bloat Comfort Zone, and Advent of Code 2024
- Links for the day
- Saving What's Left of Decent and Independent Journalism on the Web
- We increasingly (over time) try to make local copies (hosted on our server) of important documents; it's hard to rely on third parties
- [Meme] Microsoft's Latest Marketing Pitch
- "Stop Being Poor; buy a new PC with TPMs"
- In South Africa, a Very Large Nation, Web Developers Can Already Ignore Microsoft Browsers (Edge Measured Below 3% in 55 Nations)
- The dumb assumption you must naively test with Microsoft browsers is no longer applicable in a lot of places
- Open Source Initiative (OSI) is the Voice of Bill Gates and Satya Nadella
- Not hard to see what they've done with the money
- Microsoft Boasts That Its (Microsoft-Sponsored) "Open Source AI" Propaganda Got Cited in Media (That's Just What the Money Did)
- This is a grotesque openwashing campaign
- In Many Places Around the World, Perhaps as Expected, Yandex is Nearly Bigger Than Microsoft (Like in Several African Countries)
- Microsoft may soon fall to "third place" in search
- Keeping Productive This Christmas
- We've (pre)paid for hosting till almost January 2026 and fully back on the saddle
- IBM and Canonical Leave Money on the Table Because Microsoft Pays Them Not to Compete and Instead Market Windows, WSL, Microsoft 'Clown Computing', and TPMs
- Where are the regulators?
- Other Editors Who Agree "Hey Hi" (AI) is Just Hype But Won't Say So Publicly as It Might Upset Key Sponsors
- Some media would gladly participate in a scam to make money
- Brian Fagioli's Latest "Linux" Article Appears to be Fake
- Another form of plagiarism/ripoff using bots?
- IBM (and Red Hat) is a Patent Troll, Still Leveraging Software Patents to Extract Money Out of Other Companies by Suing Them
- Basically, when it comes to patents, IBM is demonstrably part of the problem, not the solution
- Over at Tux Machines...
- GNU/Linux news for the past day
- IRC Proceedings: Tuesday, December 17, 2024
- IRC logs for Tuesday, December 17, 2024
