Bonum Certa Men Certa

Eye on Security: Vista 7 is 'Secure', They Promised



Summary: Vista 7 -- just like Vista and its processors -- is still Swiss cheese based on the latest news

Breaking That Other OS

Yet another means of exploiting that other OS has been demonstrated by Sophos. An ordinary user can gain complete control of the system whether it is XP, Vista, “7″ etc. simply by running some code that tweaks a key in the registry. A workaround is to create a new key to block users from changing keys in the registry… Duh… How’s that for backwards compatibility?

This is another demonstration that M$ has created a monster running on nearly every PC on the planet that invites compromise. Now, hundreds of millions of users will have to do some dance with updates or tweak the registry themselves to do something that M$ neglected to do many years ago.


'Nightmare' kernel bug lets attackers evade Windows UAC security

Microsoft is investigating reports of an unpatched vulnerability in the Windows kernel that could be used by attackers to sidestep an important operating system security measure.

One security firm dubbed the bug a potential "nightmare," but Microsoft downplayed the threat by reminding users that hackers would need a second exploit to launch remote attacks.


Newly discovered Windows kernel flaw bypasses UAC

Last week an exploit for a Windows kernel flaw was published by an unknown source. Presumably as a joke, details of the flaw, along with proof-of-concept code, were published on Code Project. Code Project is a programmer peer support community, containing many tutorials and useful snippets of code to assist developers. Malware developers are not the usual target audience for posts made to the site, and so perhaps unsurprisingly, the article has been removed (though is mirrored here).

The flaw is a privilege escalation vulnerability. Anyone who can run code on a Windows system can elevate her privileges to the highest level, and accordingly install back doors, compromise sensitive data, and so on. The flaw lies in a critical Windows driver called win32k.sys. The driver inappropriately handles certain data stored in the registry—data that is stored on a per-user basis, and hence accessible to any unprivileged program. The proof-of-concept code uses this flaw to elevate the privileges of the user running the demo code; it could just as well be used to install a back door or other malware.

Recent Techrights' Posts

Macho Patent Office
At the EPO there's always room for women in top roles
Gemini Links 12/02/2025: "Bream Gives Me Hiccups", Making Chinese Tea, and More
Links for the day
This is Why Codeberg Issues an Apology Today
This response was clear and relatively swift
Destruction and Distortion of Information, Including Facts About Linux (Bonus: This is Destroying the Planet)
All that LLMs have going for them is hype, and moreover media that intentionally misrepresents them and their supposed capabilities
Google Seems to Have Just Killed All Instances of Invidious
YouTube is rapidly becoming just "another Neflix"
 
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, February 12, 2025
IRC logs for Wednesday, February 12, 2025
Links 12/02/2025: Crytek Layoffs, Security Holes, and Giving Ukraine to Russia
Links for the day
Relaying GAFAM Talking Points and Lies Using GAFAM LLMs, or Slop Pasted in by Brittany Day
linuxsecurity.com is relaying slop, i.e. misinformation
Photos From This Evening's Talk by Dr. Richard Stallman in Torino, Maybe a Video Soon
The talk that Dr. Richard Stallman gave today (a few hours ago) was recorded and streamed
IlSoftware.it Covers Richard Stallman's Visit to Give Talks in Italy
The publication is in Italian, the talk was in English
EPO Staff Representatives Confront the President Who Says 'F--king' in Front of Female Workers Over Measurable Discrimination Against Female Colleagues
Central Staff Committee versus Lukashenko's sponsor
The Register Studies (to Affirm) Reports of IBM Layoffs "at the Finance and Operations business unit"
something about that specific unit
Links 12/02/2025: SSL FUD, DEI Phase-out, Felonies Committed by MElon (Data Breaches)
Links for the day
Italian Media Covers Richard Stallman's English Talk Ahead of Tonight's Public Appearance
article in La Stampa
Microsoft Skype in a Freefall: About 20% Decrease in Site Traffic in 3 Months (Amid Microsoft Phasing Out Credits)
Microsoft axing more services/features may mean that now they scrape the bottom of the barrel and Skype will simply die, discontinuing service (like ICQ) in a matter of years
Gemini Links 12/02/2025: Depression, Gabbro, WikiTok, and More
Links for the day
Links 12/02/2025: Health, Security, and Monopolies
Links for the day
Gemini Protocol is Increasingly Important to the Net
Gemini Protocol will turn 6 this summer
Former EPO Manager Warns That the Illegal 'Court' for "Unitary Patents" Enables “Law Shopping”
Daniel X. Thomas opposed the very existence of the UPC, which any honest person could recognise was both illegal and unconstitutional
Like GAFAM, the EPO is Passing the Financial Pains to Staff
the EPO is operating illegally at this point
Morale at Microsoft Ruined by the Company Labelling Thousands of Workers 'Low Performers', Sacking Them on the Spot and Denying Them Basic Benefits
people laid off as "low performers" go to social control media to bemoan the label
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, February 11, 2025
IRC logs for Tuesday, February 11, 2025
Links 11/02/2025: Current state of the Internet and Smallnet Information Services (SIS)
Links for the day
Conservative Estimate: Over 10,000 IBM Workers to Be Laid Off in the Next Two Waves
The morale is low and layoffs are expected soon, with mass layoffs likely happening next month and then again later
Links 11/02/2025: Trade Wars and "Crisis for American Universities"
Links for the day
Parasitic LLM Slop Sites Destroy the Ability to Find "Linux" News in Google News
Remember that Google News laid off lots of its workers
Richard Stallman's English Talk in Italy Less Than 24 Hours Away (Torino) and Then Another Talk in Italy Scheduled (University of Bozen-Bolzano)
He's active and he travels a lot in spite of his medical condition
IBM Layoff Rumours, Large-Scale Implementations Weeks Ahead (in March 2025)
There are some people corroborating
Links 11/02/2025: Nutritional Poverty, Closure of USAID, More Fictional 'Valuations' Around Buzzwords
Links for the day
Perl Programming Leftovers
recently in perl.org
Microsoft in Africa: From 98% to Less Than 10% in Just 16 Years
Microsoft being on less than 1 in 10 Web-connected devices in Africa is a very big deal
Almost as If MElon Reads Techrights
The joke we started appears to be spreading
Microsoft Blasted for Adding Insult to Injury: Workers Laid Off Without Prior Notice, Without Severance Payment and Basic Coverage (Like Health), Then Stigmatised as Bad Performers So They Cannot Find a Job Elsewhere
Such stereotypes end entire careers
Gemini Links 11/02/2025: NeoVim and Deploying Other People's Code
Links for the day
BetaNews is Still Publishing LLM Slop/SPAM About "Linux"
Assuming it is indeed LLM slop, it seems clear BetaNews has no intention of improving or is simply unable/unwilling to improve
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, February 10, 2025
IRC logs for Monday, February 10, 2025