Bonum Certa Men Certa

Vista 7 Cracked Again

Window



Summary: Windows security still broken, judging by Pwn2Own

WINDOWS is not doing terribly well. The margins are low and Microsoft relies on bundling alone (which requires a hardware buying spree). Looking at the past week's news, there was one headline alone with "Vista" in it and just 5 clusters of headlines about "Windows 7", 1 of which was a whitepaper.



Vista 7 is hardly mentioned these days, except for occasional complaints or PR fluff. Microsoft continues to improperly count "sales" and we have already explained how Microsoft fakes these to achieve an illusion of success. In many ways, Vista 7 is just Vista, but it looks a little different (notably the new deskbar). "Well the initial impression is how much it looks like Vista," said Microsoft's booster Jack Schofield about Vista 7, "Which I think is…uh…the thing I’m not supposed to say."

In previous posts we showed that Vista 7 is considered worse when it come to security than its predecessor, Windows Vista. To name some posts on the subject:



According to IDG, "Hacker busts IE8 on Windows 7 in 2 minutes"

Two researchers yesterday won $10,000 each at the Pwn2Own hacking contest by bypassing important security measures of Windows 7.

Both Peter Vreugdenhil of the Netherlands and a German researcher who would only identify himself by the first name Nils found ways to disable DEP (data execution prevention) and ASLR (address space layout randomization), which are two of Windows 7's most vaunted anti-exploit features. Each contestant faced down the fully-patched 64-bit version of Windows 7 and came out a winner.


"Hacker Bypasses Windows 7 Anti-Exploit Features In IE 8 Hack," reports Dark Reading, a Web site which is focused on security issues.

A Dutch researcher won $10,000 in the Pwn2Own hacking contest this week for hacking Internet Explorer 8 on a Windows 7 machine -- bypassing built-in anti-exploit features in the operating system.


From Microsoft sites comes a bit of spin and it's worth noting that Apple's proprietary products got cracked too.

Miller used one of the flaws he found by dumb fuzzing yesterday to exploit Safari on a MacBook Pro, walking off with the notebook, $10,000 and a free trip to Las Vegas this summer to the DefCon hacking conference.


Here is an interview with Miller and a summary from The Inquirer that says: "Apple and Microsoft get trashed by hackers again"

Some months ago we wrote about Microsoft entering Telstra [1, 2], so the following new item is also worth mentioning.

Telstra Corporation director of security services, Andy Solterback, has responded to claims by Microsoft that it has largely fixed security problems.


It is now being claimed the Internet attacks which are mostly caused by Windows zombies hit Seattle the most.

Seattle is top, according to the report, for cyberattacks and potential infections and online behaviour that can lead to cybercrime, like online shops, online banks and wi-fi.


It is rather interesting that Windows zombies go right back where they came from.

Recent Techrights' Posts

There's Nothing "Funny" About Attacking Free Speech and Software Freedom
persistent focus on the principal issues is very important
GNU/Linux Adoption in Africa, a Passageway Towards Freedom From Neo-Colonialism
Digi(tal)-Colonialism and/or Techolonialism are a thing. Can Africa flee the trap?
 
Links 05/12/2023: Microsoft's Chatbot as Health Hazard
Links for the day
Professor Eben Moglen Explained How Software Patent Threats Had Changed Around 2014 (Alice Case) and What Would Happen Till 2025
clip aged reasonably well
CNN Contributes to Demolition of the Open Web
Reprinted with permission from Ryan Farmer
Eben Moglen on Encryption and Anonymity
The alternate net we need, and how we can build it ourselves
Yet More Microsofters Inside the Board of Mozilla (Which Has Just Outsourced Firefox Development to Microsoft's Proprietary Prison)
Do you want a browser controlled (and spied on) by such a company?
IRC Proceedings: Monday, December 04, 2023
IRC logs for Monday, December 04, 2023
GNU/Linux Now Exceeds 3.6% Market Share on Desktops/Laptops, According to statCounter
things have changed for Windows in China
Over at Tux Machines...
GNU/Linux news
Links 05/12/2023: Debt Brake in Germany and Layoffs at Condé Nast (Reddit, Wired, Ars Technica and More)
Links for the day
[Meme] Social Control Media Giants Shaping Debates on BSDs and GNU/Linux
listening to random people in Social Control Media
Reddit (Condé Nast), Which Has Another Round of Layoffs This Month, Incited People Against GNU/Linux Users (Divide and Rule, It's 2003 All Over Again!)
Does somebody (perhaps a third party) fan the flames?
Who Will Hold the Open Source Initiative (OSI) Accountable for Taking Bribes From Microsoft and Selling Out to Enable/Endorse Massive Copyright Infringement?
it does Microsoft advocacy
Using Gemini to Moan About Linux and Spread .NET
Toxic, acidic post in Gemini
Web Monopolist, Google, 'Pulls a Microsoft' by Hijacking/Overriding the Name of Competitor and Alternative to the Web
Gulag 'hijacking' 'Gemini'
Links 04/12/2023: Mass Layoffs at Spotify (Debt, Losses, Bubble) Once Again
Links for the day
ChatGPT Hype/Vapourware (and 'Bing') Has Failed, Google Maintains Dominance in Search
a growing mountain of debt and crises
[Meme] Every Real Paralegal Knows This
how copyright law works
Forging IRC Logs and Impersonating Professors: the Lengths to Which Anti-Free Software Militants Would Go
Impersonating people in IRC, too
IRC Proceedings: Sunday, December 03, 2023
IRC logs for Sunday, December 03, 2023
GNU/Linux Popularity Surging, So Why Did MakeUseOf Quit Covering It About 10 Days Ago?
It's particularly sad because some of the best articles about GNU/Linux came from that site, both technical articles and advocacy-centric pieces
Links 04/12/2023: COVID-19 Data Misused Again, Anti-Consumerism Activism
Links for the day
GNOME Foundation is in Reliable Hands (Executive Director)
Growing some good in one's garden
Links 03/12/2023: New 'Hey Hi' (AI) Vapouware and Palantir/NHS Collusion to Spy on Patients Comes Under Legal Challenge
Links for the day
'Confidential Computing'? More Like a Giant Back Door.
CacheWarp AMD CPU Attack Grants Root Access in Linux VMs
IRC Proceedings: Saturday, December 02, 2023
IRC logs for Saturday, December 02, 2023
Links 03/12/2023: CRISPR as Patented Minefield, Lots of Greenwashing Abound
Links for the day