Eye on Security: Vista 7 is 'Secure', They Promised
- Dr. Roy Schestowitz
- 2010-11-30 21:34:07 UTC
- Modified: 2010-11-30 21:34:07 UTC
Summary: Vista 7 -- just like Vista and its processors -- is still Swiss cheese based on the latest news
●
Breaking That Other OS
Yet another means of exploiting that other OS has been demonstrated by Sophos. An ordinary user can gain complete control of the system whether it is XP, Vista, “7ââ¬Â³ etc. simply by running some code that tweaks a key in the registry. A workaround is to create a new key to block users from changing keys in the registry… Duh… How’s that for backwards compatibility?
This is another demonstration that M$ has created a monster running on nearly every PC on the planet that invites compromise. Now, hundreds of millions of users will have to do some dance with updates or tweak the registry themselves to do something that M$ neglected to do many years ago.
●
'Nightmare' kernel bug lets attackers evade Windows UAC security
Microsoft is investigating reports of an unpatched vulnerability in the Windows kernel that could be used by attackers to sidestep an important operating system security measure.
One security firm dubbed the bug a potential "nightmare," but Microsoft downplayed the threat by reminding users that hackers would need a second exploit to launch remote attacks.
●
Newly discovered Windows kernel flaw bypasses UAC
Last week an exploit for a Windows kernel flaw was published by an unknown source. Presumably as a joke, details of the flaw, along with proof-of-concept code, were published on Code Project. Code Project is a programmer peer support community, containing many tutorials and useful snippets of code to assist developers. Malware developers are not the usual target audience for posts made to the site, and so perhaps unsurprisingly, the article has been removed (though is mirrored here).
The flaw is a privilege escalation vulnerability. Anyone who can run code on a Windows system can elevate her privileges to the highest level, and accordingly install back doors, compromise sensitive data, and so on. The flaw lies in a critical Windows driver called win32k.sys. The driver inappropriately handles certain data stored in the registry—data that is stored on a per-user basis, and hence accessible to any unprivileged program. The proof-of-concept code uses this flaw to elevate the privileges of the user running the demo code; it could just as well be used to install a back door or other malware.
Recent Techrights' Posts
- [Meme] Being Believed, Not Censored or Defamed
- Daniel Pocock, Zini, and John Sullivan (FSF)
- Taking Things Up a Notch
- we strive/aim towards 15-25 new pages per day, i.e. around 500 per month or 6,000 per year
-
- Improving Site Navigation for Easier Discovery and Catch-ups
- This site is run by code we wrote ourselves
- LibrePlanet 2024 Recordings
- Let's hope independent recordings by viewers can help recovery of "lost talks" (recordings)
- GNU/Linux Reaches 11% Market Share in the United States Of America - an All-Time High
- The United States Of America is where the operating system started (Boston) and where Linus Torvalds works (Portland)
- Links 11/05/2024: XBox Crisis, Spotify Exodus Continues
- Links for the day
- Gemini Links 11/05/2024: Why to Delete GitHub
- Links for the day
- In Europe, Bing Fell Every Month This Year, Lost a Considerable Share Since "Bing Chat" and All the Chatbot Hype
- Microsoft's Bing has had many layoffs lately
- Links 11/05/2024: Analysis of the Microsoft Crisis and Backdoor-Looking Bugs
- Links for the day
- Attacking the Messenger?
- Stack Overflow and LLM licencing
- Microsoft Fired Loads of Staff in Kenya, Which is Another Large Country Where GNU/Linux Has Grown a Lot
- Microsoft pays Kenyans only 2 dollars an hour for an IT/office job
- Knowing the True History of Debian, Owing to Irish Debian Developer Daniel Pocock (Currently Running to Become Member of the European Parliament)
- Irish-Australian and scapegoat of a highly dysfunctional 'Debian family'
- Attacking by Credentials
- Modest people do not demand fancy titles
- Microsoft Windows Used to Have 99% of the OS Market in Jordan, Now It's Just 13% (Less Than iOS)
- Based on the data of statCounter, GNU/Linux in Jordan climbed from 0.62% in May 2014 to nearly 5% right now
- More Nations Are Reaching and Exceeding 5% Market Share for GNU/Linux, Microsoft Wants to be Bailed Out Again
- Microsoft is once again reaching out to Biden for a bailout - a subject we'll cover in a video some time this weekend
- Over at Tux Machines...
- GNU/Linux news for the past day
- IRC Proceedings: Friday, May 10, 2024
- IRC logs for Friday, May 10, 2024
- [Meme] What Do You Call a Woman Who Does BDS on Free Software? Elana Hamasman.
- Here are some confused thoughts
- [Meme] Mission Aborted
- Mission Aborted: cancel RMS
- Gemini Links 10/05/2024: Love Is Infinite and Books vs Internet
- Links for the day
- Links 10/05/2024: Fears Over TSMC, Microsoft Loses Major Patent Case
- Links for the day
- Links 10/05/2024: Burner Phones in 6-Eyes Government, “Hatred and Demonization” on the Rise
- Links for the day
- Microsoft Layoffs and Closures Now Reported in Africa
- Microsoft Uninstalls Nigeria as it closes African Development Centre (ADC) in Lagos
- [Video] Richard Stallman, "I Saw You Playing Your Recorder in Paris" (Due to Proprietary Software Only)
- Corporate autocrats do not want counterparts or alternatives to even exist
- Five Years After the Extensive Campaign of Defamation Against Richard Stallman He's Still Giving Public Talks
- "Richard Stallman will give a talk, in French, Free Software and Freedom in a Digital Society at Centrale Supelec in Saclay, on May 15."
- Microsoft Is Rebranding Its 'Chatbot' Search for the Third Time Because It Fails to Gain Adoption
- it always means that something has failed - not that they'll openly admit it
- Richard Stallman Gives a Talk in Paris Next Week (in French) and It's About Freedom
- another talk, which he has only just announced
- Pace Up, Distractions Down
- We've made our curation process faster and more efficient
- In Algeria, GNU/Linux Estimated to Have Grown Tenfold in a Decade
- a sharp rise in GNU/Linux usage
- [Meme] Red Hat Diversity
- Red Hat: don't mention Haghighi
- Our Sister Site Turns 20 in Exactly One Month
- twentieth anniversary of the site
- Corporate Media Focuses on Who's Suing Red Hat, Not What It's Sued For
- The unfortunate thing is, anybody who has an opinion on this lawsuit will inevitably be framed as "pro-Trump" or "anti-Trump"
- Links 10/05/2024: Many More Microsoft Layoffs on the Way
- Links for the day
- Over at Tux Machines...
- GNU/Linux news for the past day
- IRC Proceedings: Thursday, May 09, 2024
- IRC logs for Thursday, May 09, 2024
- Microsoft OSI Uses Its Money to Hire PR Agencies That Spy and Spread Mindless Openwashing of GPL-Violating Microsoft Ploy
- `We're under attack. But the attackers smile at us and hire PR firms to spy, mislead etc.
- Gemini Links 10/05/2024: geminispace.info to Shut Down in 3 Weeks
- Links for the day
- In Nigeria, Africa's (by Far) Largest Population, Microsoft Bing is the 0%
- To Microsoft, Africa is just "someplace" to get intensive, hard-working human 'resources' (tech labour) at 2 dollars 'apiece' as in per person per hour
- Links 09/05/2024: Journalists in Detention, China Banning Songs or Anthems
- Links for the day
- Support for harassment and abuse victims
- Reprinted with permission from Daniel Pocock
- Gemini Links 09/05/2024: Being Sick Enough and End of “World of Ends“
- Links for the day
- Links 09/05/2024: 'Hey Hi' (AI) Bubble Implodes Some More, Microsoft Layoffs So Widespread It's Hard to Keep Track
- Links for the day
- Speaking of Enshittification and Freedom, We've Still Not Begun Tackling the UEFI 'Secure' Boot Mess (Preventing GNU/Linux From Even Booting!)
- Microsoft continues to fly under the radar and commit competition crimes with impunity
- Microsoft Has Just Confirmed Mass Layoffs in Nigeria, It Now Adds Insult to Injury With Price Hikes for Locals
- It's not like Microsoft paid them good salaries
- Software Enshittification or Freedom? It's not a hard choice!
- Reprinted from Alexandre Oliva
- Links 09/05/2024: More Microsoft Layoffs on the Way
- Links for the day
- Amid Microsoft Layoffs in Nigeria GNU/Linux Climbs Above 6% Market Share (Not Including ChromeOS)
- Hundreds are being laid off by Microsoft in Nigeria, based on yesterday's reports
- [Meme] Blame the Robots or the 'Hey Hi' (AI), It Always Works in Today's Media
- Companies do not have financial troubles! They have "efficiencies"...
- News Reports Say Many More Microsoft Layoffs on the Way, Rumours Say Red Hat Also Imminently a Target
- Microsoft is slipping out of control
- Links 09/05/2024: Diplomacy Efforts With China, AstraZeneca Stops Experimenting With COVID-19 Vaccines
- Links for the day
- Over at Tux Machines...
- GNU/Linux news for the past day
- IRC Proceedings: Wednesday, May 08, 2024
- IRC logs for Wednesday, May 08, 2024
- Gemini Links 09/05/2024: Registered Computer Professionals and TLS (The Long Slog)
- Links for the day