Bonum Certa Men Certa
Links 30/11/2010: Zeitgeist in KDE, New Gnome Shell Coverage, RHEL 6.0 Benchmarks | IRC Proceedings: November 31st, 2010

Eye on Security: Vista 7 is 'Secure', They Promised



Summary: Vista 7 -- just like Vista and its processors -- is still Swiss cheese based on the latest news

Breaking That Other OS

Yet another means of exploiting that other OS has been demonstrated by Sophos. An ordinary user can gain complete control of the system whether it is XP, Vista, “7″ etc. simply by running some code that tweaks a key in the registry. A workaround is to create a new key to block users from changing keys in the registry… Duh… How’s that for backwards compatibility?

This is another demonstration that M$ has created a monster running on nearly every PC on the planet that invites compromise. Now, hundreds of millions of users will have to do some dance with updates or tweak the registry themselves to do something that M$ neglected to do many years ago.


'Nightmare' kernel bug lets attackers evade Windows UAC security

Microsoft is investigating reports of an unpatched vulnerability in the Windows kernel that could be used by attackers to sidestep an important operating system security measure.

One security firm dubbed the bug a potential "nightmare," but Microsoft downplayed the threat by reminding users that hackers would need a second exploit to launch remote attacks.


Newly discovered Windows kernel flaw bypasses UAC

Last week an exploit for a Windows kernel flaw was published by an unknown source. Presumably as a joke, details of the flaw, along with proof-of-concept code, were published on Code Project. Code Project is a programmer peer support community, containing many tutorials and useful snippets of code to assist developers. Malware developers are not the usual target audience for posts made to the site, and so perhaps unsurprisingly, the article has been removed (though is mirrored here).

The flaw is a privilege escalation vulnerability. Anyone who can run code on a Windows system can elevate her privileges to the highest level, and accordingly install back doors, compromise sensitive data, and so on. The flaw lies in a critical Windows driver called win32k.sys. The driver inappropriately handles certain data stored in the registry—data that is stored on a per-user basis, and hence accessible to any unprivileged program. The proof-of-concept code uses this flaw to elevate the privileges of the user running the demo code; it could just as well be used to install a back door or other malware.
Links 30/11/2010: Zeitgeist in KDE, New Gnome Shell Coverage, RHEL 6.0 Benchmarks | IRC Proceedings: November 31st, 2010

Recent Techrights' Posts

Politicians Ought to Invite Dr. Richard Stallman and Prof. Eben Moglen to Speak About Policies, Licensing, Digital Sovereignty
Is there something in Europe other than RMS' talk this coming Monday (that we're not yet aware of)?
Good Explanation of Why IBM Has Chosen to Conceal Mass Layoffs (of 'Expensive' Staff) as "R.T.O." (Even For People Who Never Worked at the Office to Which They're Ordered to "Return")
Many remaining IBM (or Red Hat) workers in Europe are in "cheaper" places such as Brno
Microsoft's Serial Strangler and Matthew J. Garrett Join Forces in Trying to Gag Techrights (for Exposing Microsoft Corruption and Crimes Against Women)
Whose terrible idea was it?
Free University of Bozen-Bolzano Proud to Host Free Software Talk by Richard Stallman
ahead of Monday's talk
Slopwatch: Anti-Linux Machine-Generated FUD (LLM Slop) From GBHackers, CybersecurityNews, and Guardian Digital, Inc (Google News Promotes Slop Plagiarism, Misinformation)
Companies that lie try to drown out the signal with falsehoods
 
Links 22/02/2025: OpenAI Plans to Possibly Abandon Microsoft, Facebook Doubles Execs' Bonuses While Sacking Thousands
Links for the day
Gemini Links 22/02/2025: Weekend Chill and Programming Thoughts
Links for the day
Links 22/02/2025: Labour Department Investigates Microsoft Infosys Amid Mass Layoffs, Large Law Firms Caught Red Handed With LLM Slop (Defrauding Clients and Courts)
Links for the day
Gemini Links 22/02/2025: Analog Stuff, Sigil, and SSGs
Links for the day
Microsoft's Market Share in Cameroon Falls to New Lows
This means a lot of Android users (iOS is about 4 times smaller), but Android does not mean freedom
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, February 21, 2025
IRC logs for Friday, February 21, 2025
The Streisand Effect is Real
So don't be evil. Also, don't strangle women.
Links 21/02/2025: Linux Foundation Openwashing, Microsoft Copilot Goes Down
Links for the day
Links 21/02/2025: Doomscrolling and European Ham Radio Show
Links for the day
Links 21/02/2025: TikTok Layoffs, WebOS Software Patents in Bad Hands
Links for the day
Gemini Links 21/02/2025: Web Browsers, Mechanical Shortcuts, and Internet Hygiene
Links for the day
Richard Stallman 'Only' Founded the FSF
there's no reason to be upset at the FSF for keeping their founder in the Board
Techrights Disconnected From the United States Two Years Ago
Did people really need to wait for the US government to become this hostile towards the media before recognising the threat?
Before Trying Censorship by Extortion the Serial Strangler From Microsoft Literally Begged Us to Delete Pages
This is very clearly just a broad campaign of intimidation
Hype Watch: Weeks After Microsoft Disappointed Investors With "Hey Hi" It's Trying Some "Quantum" Hype (Adding Impractical Vapourware to Accompany This Hype and Even LLM Slop in 'News' Clothing)
Remember "metaverse"? What happened to media hype about "blockchain" and "IoT"?
Report About February Mass Layoffs at Microsoft (Third Wave of Microsoft Layoffs in 2025) Comes Back From the Dead
Yesterday we wrote about an article in CRN (reporting Microsoft layoffs) being removed without any reasons specified
Links 21/02/2025: Myanmar Scam Centre and Disruptions at USPTO
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, February 20, 2025
IRC logs for Thursday, February 20, 2025
gbhackers.com is Not Hackers, It's LLM Slop Outputs (Fake 'Articles') That Attack 'True Hackers'
A site called linuxsecurity.com keeps doing this and now we see the slopfarm gbhackers.com doing the same
Gemini Links 20/02/2025: Law of Warming and Cooling, Health, and Devlog
Links for the day
linuxsecurity.com Continues to Spread Lies or Machine-Generated FUD (Microsoft LLMs Likely the Source) About OpenSSH and Linux
this LLM problem is global
Links 20/02/2025: Microsoft Infosys Layoffs and IRS Layoffs (Good News for Rich Tax Evaders)
Links for the day
IBM Layoffs in Europe Already Happening or Underway (UK and Spain). They Try Not to Call These "Layoffs".
"CIO" in particular was repeatedly mentioned lately, as was Consulting
People Who Came From Microsoft Demanding Removal of Articles About Them, About Microsoft, and About Microsoft GitHub is "Generous" (According to Them)
Imagine choosing a law firm that borrows money in the same year just to avoid overdraft in the bank!
Possibly a Third Round of Mass Layoffs at Microsoft in 2025 ("Cloud Solution Architects, Customer Roles"), Report Removed or Censored
This is literally the top story for "microsoft layoffs" right now
Instead of 'DoS Protection' Cloudflare is Allegedly Conducting 'DoS Attacks' on Users of Browsers Other Than Firefox and GAFAM's DRM Sandboxes (Chrome, Safari and Others)
If you value the Web, you will avoid Cloudflare
Mixing Real With Fake in One 'Article' (by "Director of Content, Help Net Security")
From what we can gather, he got machines to generate some slop for him
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, February 19, 2025
IRC logs for Wednesday, February 19, 2025