Eye on Security: Vista 7 is 'Secure', They Promised
- Dr. Roy Schestowitz
- 2010-11-30 21:34:07 UTC
- Modified: 2010-11-30 21:34:07 UTC
Summary: Vista 7 -- just like Vista and its processors -- is still Swiss cheese based on the latest news
●
Breaking That Other OS
Yet another means of exploiting that other OS has been demonstrated by Sophos. An ordinary user can gain complete control of the system whether it is XP, Vista, “7ââ¬Â³ etc. simply by running some code that tweaks a key in the registry. A workaround is to create a new key to block users from changing keys in the registry… Duh… How’s that for backwards compatibility?
This is another demonstration that M$ has created a monster running on nearly every PC on the planet that invites compromise. Now, hundreds of millions of users will have to do some dance with updates or tweak the registry themselves to do something that M$ neglected to do many years ago.
●
'Nightmare' kernel bug lets attackers evade Windows UAC security
Microsoft is investigating reports of an unpatched vulnerability in the Windows kernel that could be used by attackers to sidestep an important operating system security measure.
One security firm dubbed the bug a potential "nightmare," but Microsoft downplayed the threat by reminding users that hackers would need a second exploit to launch remote attacks.
●
Newly discovered Windows kernel flaw bypasses UAC
Last week an exploit for a Windows kernel flaw was published by an unknown source. Presumably as a joke, details of the flaw, along with proof-of-concept code, were published on Code Project. Code Project is a programmer peer support community, containing many tutorials and useful snippets of code to assist developers. Malware developers are not the usual target audience for posts made to the site, and so perhaps unsurprisingly, the article has been removed (though is mirrored here).
The flaw is a privilege escalation vulnerability. Anyone who can run code on a Windows system can elevate her privileges to the highest level, and accordingly install back doors, compromise sensitive data, and so on. The flaw lies in a critical Windows driver called win32k.sys. The driver inappropriately handles certain data stored in the registry—data that is stored on a per-user basis, and hence accessible to any unprivileged program. The proof-of-concept code uses this flaw to elevate the privileges of the user running the demo code; it could just as well be used to install a back door or other malware.
Recent Techrights' Posts
- Macho Patent Office
- At the EPO there's always room for women in top roles
- Gemini Links 12/02/2025: "Bream Gives Me Hiccups", Making Chinese Tea, and More
- Links for the day
- This is Why Codeberg Issues an Apology Today
- This response was clear and relatively swift
- Destruction and Distortion of Information, Including Facts About Linux (Bonus: This is Destroying the Planet)
- All that LLMs have going for them is hype, and moreover media that intentionally misrepresents them and their supposed capabilities
- Google Seems to Have Just Killed All Instances of Invidious
- YouTube is rapidly becoming just "another Neflix"
-
- Over at Tux Machines...
- GNU/Linux news for the past day
- IRC Proceedings: Wednesday, February 12, 2025
- IRC logs for Wednesday, February 12, 2025
- Links 12/02/2025: Crytek Layoffs, Security Holes, and Giving Ukraine to Russia
- Links for the day
- Relaying GAFAM Talking Points and Lies Using GAFAM LLMs, or Slop Pasted in by Brittany Day
- linuxsecurity.com is relaying slop, i.e. misinformation
- Photos From This Evening's Talk by Dr. Richard Stallman in Torino, Maybe a Video Soon
- The talk that Dr. Richard Stallman gave today (a few hours ago) was recorded and streamed
- IlSoftware.it Covers Richard Stallman's Visit to Give Talks in Italy
- The publication is in Italian, the talk was in English
- EPO Staff Representatives Confront the President Who Says 'F--king' in Front of Female Workers Over Measurable Discrimination Against Female Colleagues
- Central Staff Committee versus Lukashenko's sponsor
- The Register Studies (to Affirm) Reports of IBM Layoffs "at the Finance and Operations business unit"
- something about that specific unit
- Links 12/02/2025: SSL FUD, DEI Phase-out, Felonies Committed by MElon (Data Breaches)
- Links for the day
- Italian Media Covers Richard Stallman's English Talk Ahead of Tonight's Public Appearance
- article in La Stampa
- Microsoft Skype in a Freefall: About 20% Decrease in Site Traffic in 3 Months (Amid Microsoft Phasing Out Credits)
- Microsoft axing more services/features may mean that now they scrape the bottom of the barrel and Skype will simply die, discontinuing service (like ICQ) in a matter of years
- Gemini Links 12/02/2025: Depression, Gabbro, WikiTok, and More
- Links for the day
- Links 12/02/2025: Health, Security, and Monopolies
- Links for the day
- Gemini Protocol is Increasingly Important to the Net
- Gemini Protocol will turn 6 this summer
- Former EPO Manager Warns That the Illegal 'Court' for "Unitary Patents" Enables “Law Shopping”
- Daniel X. Thomas opposed the very existence of the UPC, which any honest person could recognise was both illegal and unconstitutional
- Like GAFAM, the EPO is Passing the Financial Pains to Staff
- the EPO is operating illegally at this point
- Morale at Microsoft Ruined by the Company Labelling Thousands of Workers 'Low Performers', Sacking Them on the Spot and Denying Them Basic Benefits
- people laid off as "low performers" go to social control media to bemoan the label
- Over at Tux Machines...
- GNU/Linux news for the past day
- IRC Proceedings: Tuesday, February 11, 2025
- IRC logs for Tuesday, February 11, 2025
- Links 11/02/2025: Current state of the Internet and Smallnet Information Services (SIS)
- Links for the day
- Conservative Estimate: Over 10,000 IBM Workers to Be Laid Off in the Next Two Waves
- The morale is low and layoffs are expected soon, with mass layoffs likely happening next month and then again later
- Links 11/02/2025: Trade Wars and "Crisis for American Universities"
- Links for the day
- Parasitic LLM Slop Sites Destroy the Ability to Find "Linux" News in Google News
- Remember that Google News laid off lots of its workers
- Richard Stallman's English Talk in Italy Less Than 24 Hours Away (Torino) and Then Another Talk in Italy Scheduled (University of Bozen-Bolzano)
- He's active and he travels a lot in spite of his medical condition
- IBM Layoff Rumours, Large-Scale Implementations Weeks Ahead (in March 2025)
- There are some people corroborating
- Links 11/02/2025: Nutritional Poverty, Closure of USAID, More Fictional 'Valuations' Around Buzzwords
- Links for the day
- Perl Programming Leftovers
- recently in perl.org
- Microsoft in Africa: From 98% to Less Than 10% in Just 16 Years
- Microsoft being on less than 1 in 10 Web-connected devices in Africa is a very big deal
- Almost as If MElon Reads Techrights
- The joke we started appears to be spreading
- Microsoft Blasted for Adding Insult to Injury: Workers Laid Off Without Prior Notice, Without Severance Payment and Basic Coverage (Like Health), Then Stigmatised as Bad Performers So They Cannot Find a Job Elsewhere
- Such stereotypes end entire careers
- Gemini Links 11/02/2025: NeoVim and Deploying Other People's Code
- Links for the day
- BetaNews is Still Publishing LLM Slop/SPAM About "Linux"
- Assuming it is indeed LLM slop, it seems clear BetaNews has no intention of improving or is simply unable/unwilling to improve
- Over at Tux Machines...
- GNU/Linux news for the past day
- IRC Proceedings: Monday, February 10, 2025
- IRC logs for Monday, February 10, 2025