Back in March Microsoft issued its second generation of patch which was intended to close a privilege escalation vulnerability used to spread the Stuxnet malware closing a portion of the vulnerability that remained after the original patch in 2010. In a bulletin today Microsoft has announced yet another iteration of the patch (archived) to close this bug as the March patch still maintained sufficient attack surface for this vulnerability to continue being exploited. Microsoft also released a tool for logging attempts to exploit this vulnerability as well as a warning that installing any new language packs after applying this patch will negate any protective effects this patch is purported to have. Windows versions including the new "Windows 10" are effected by this continuing vulnerability.
Category Archives: News
Implant ID Chips in Citizens Suggests Finnish Politician
Pasi Mäenranta of the True Finns Party has suggested Finland begin implanting identification chips in citizens (archived) when they leave the country in order to prevent Finns from "abusing" the social welfare benefits offered by their Nordic system when they move to a more affordable foreign location. According to Pasi Mäenranta because "the people" happily let Google and Facebook track them with smartphones there's no way this could be considered an invasion of privacy by citizens. Should a system like this be implemented in Finland it remains to be seen whether emigration from Finland through avenues more traditionally associated with far poorer countries would increase, but such an outcome could be reasonably expected.
Zynga Continues Bleeding
A recent filing (archived) with the United States Securities and Exchange Commission show that one once hyped Facebook centric "game" maker Zynga is continuing to bleed both users and money. Zynga has lost more than 73 million United States dollars since the beginning of 2015. From 2012 through the close of 2014 Zynga has lost roughly 472 million United States dollars. Average monthly users of Zynga's products was reported to have fallen from 121 million in 2014's second quarter to 83 million the second quarter of this year, a decline of 32 percent. In spite of Zynga's hemorrhaging wallet and shrinking userbase shares still manage to trade on Nasdaq (archived) at $2.64 per share implying a market cap of $2,072,302,357 on a earnings per share of negative 19 cents.
Fiat Chrysler Taken to Court Over Security Vulnerability
The Post-Dispatch reports that a couple from Pacific, Missouri and a Belleville, Illinois man have filed suit against Fiat Chrysler (archived) over security vulnerabilities in their vehicular entertainment system which can adversely affect the safety of motor vehicles with the system installed. The suit was filed in the US District Court in East St Louis on Tuesday and it includes Harmon International Industries, the maker of the entertainment system as a co-defendant. The plaintiffs are aggrieved that the impact of the security vulnerability has diminished the value of their vehicles and further means they over paid for the initial purchase. If the plaintiffs win this case it may open up most current computer manufacturers to claims for diminishing the value of computing products purchased by customers for including Microsoft Windows and other irredeemably flawed components.
Tokyo Court Affirms Ancient Bitcoin Wisdom: Coins Gifted to Scammers are No Longer Yours
This week a Tokyo Court dismissed a lawsuit brought by a Kyoto resident who lost 458 Bitcoins in the Mt Gox scam. The Kyoto resident represented himself in court on a complaint he brought against Mt Gox's receiver as Mt Gox is in bankruptcy. The court in dismissing the suit determined Bitcoin is not subject to ownership claims due to its intangible nature and the third parties involved in the sort of claim the Kyoto resident wished to make. The alarm on Mt Gox's inevitable collapse had been sounded well in advance of popular recognition of Mt Gox's failure.
Brief Offers Insight into USG Theory of Internet Security
The most recent Audit of the Federal Bureau of Investigation’s Implementation of Its Next Generation Cyber Initiative by Office of the Inspector General of the U.S. Department of Justice, dated July 2015, (archived) features several thought-provoking insights into the inner workings of the USG and the headwinds faced by the bureaucratic beast. In no particular order :
1. The protection of the United States against "cyber-based attacks" and "high-technology crimes" is ranked as the third-highest priority behind counterterrorism and counterintelligence. Continue reading
US DoD May Surrender Substantial IPv4 Address Territory
There are reports coming in that the United States Department of Defense has surrendered or is in the process of surrendering the full IPv4 11/8 address block. If this surrender bears out it would mean 16,777,216 IPv4 addresses would be made available for use by people.
OS X Flaw in the Wild Abuses Error Logging Function to Edit sudoers
Malwarebytes reports (archived) that a vulnerability in Apple's latest version of OS X which was reported to exist last month on Stefan Esser's blog (archived) is now appearing on malware in the wild. The flaw came into being through a new feature introduced into the OS X dynamic linker dyld. The new feature allows the linker to log error output to any file on the system without the safety or sanity checks implemented in even "hobbyist" developed Unix systems. Malwarebytes only noticed the flaw being actively exploited because a particular piece of adware had edited the sudoers file on a testing environment while examining the malware. The severity of the flaw though is such that when triggered it can edit any file on the affected machine including executable system files. Esser originally reported this flaw on July 7th, 2015 and Apple has yet to release a patch. On the other hand Esser has published a source code patch on his own which lessens this flaw though it is hard to determine how this patch will interact with possible future updates from Apple.
UK's Cameron Threatens Online Porn Shutdown Unless Online ID Scheme Implemented
Last week United Kingdom prime minister David Cameron issued an ultimatum (archived) directed at internet porn sites demanding they voluntarily produce an "effective" regime for restricting access based on age or he would act legislatively to either force such a scheme or shut them down. Of course "effective" age filters would necessarily mean the creation of a larger online identity regime. The United Kingdom already forces Internet Service Providers to filter internet connections to block pornography unless service subscribers explicitly opt out of the filtering. Further the United Kingdom late last year restricted the kinds of sex acts which may be included in pornography produced in the United Kingdom for online Video on Demand consumption. Continue reading
New Per Block Transaction Highs Wedge Some Nodes: Patch Available
In the past several hours there have been at least two blocks with a sufficient number of transactions per block to leave bitcoin nodes relying on Berkeley Database for block handling to wedge when set to the post March 2013 limit of 40,000 database locks and objects. For a few hours doubling that amount to 80,000 sufficed until a still more complex block arrived. A patch has recently been published which should remedy this issue until such a time the universe undergoes heat death. The patch works by raising the maximums Berkeley Database is configured with in order to handle any number of transactions that can fit into a Bitcoin block. On some platforms like OpenBSD which aggressively allocate memory in advance for safety reasons Bitcoin's RAM usage is increased noticeably with this patch. If your system enforces low per-process memory limits you may have to edit you system's settings.