Tuesday Fun With Microsoft

Windows, the software of perpetual patching. This installment is fairly large.

Microsoft Fixes Internet Explorer, Windows Flaws in October Patch Tuesday

Microsoft fixed 23 vulnerabilities across eight security bulletins as part of its October Patch Tuesday release.

October’s Patch Tuesday release resolved issues in Internet Explorer versions 6 through 9, all versions of Microsoft Windows from XP through 7, .NET and Silverlight, Microsoft Forefront Unified Access Gateway and Host Integration Server, Microsoft said Oct. 11. Two of the patches are rated “critical,” and six are rated “important,” Microsoft said.

See also:
Microsoft Security Bulletin MS11-082 – Important
Microsoft Security Bulletin MS11-081 – Critical
Microsoft Security Bulletin MS11-080 – Important
Microsoft Security Bulletin MS11-079 – Important
Microsoft Security Bulletin MS11-078 – Critical
Microsoft Security Bulletin MS11-077 – Important
Microsoft Security Bulletin MS11-076 – Important
Microsoft Security Bulletin MS11-075 – Important
Microsoft’s October 2011 Patch Tuesday fixes 23 flaws, releases SIRv11
MS wipes out 23 flaws in October’s Patch Tuesday
Patch Internet Explorer Now
23 vulnerabilities squashed by Microsoft’s Patch Tuesday effort
Microsoft Update

So, get busy and happy patching!

/until the next time Microsoft releases patches to make its software suck less . . .

Advertisements

Super Bot

This sure looks like a nasty piece of work.

Massive botnet ‘indestructible,’ say researchers

A new and improved botnet that has infected more than four million PCs is “practically indestructible,” security researchers say.

“TDL-4,” the name for both the bot Trojan that infects machines and the ensuing collection of compromised computers, is “the most sophisticated threat today,” said Kaspersky Labs researcher Sergey Golovanov in a detailed analysis Monday.

“[TDL-4] is practically indestructible,” Golovanov said.

. . .

TDL-4 infects the MBR, or master boot record, of the PC with a rootkit — malware that hides by subverting the operating system. The master boot record is the first sector — sector 0 — of the hard drive, where code is stored to bootstrap the operating system after the computer’s BIOS does its start-up checks.

Because TDL-4 installs its rootkit on the MBR, it is invisible to both the operating system and more, importantly, security software designed to sniff out malicious code.

But that’s not TDL-4’s secret weapon.

What makes the botnet indestructible is the combination of its advanced encryption and the use of a public peer-to-peer (P2P) network for the instructions issued to the malware by command-and-control (C&C) servers.

See also:
TDL4 – Top Bot
Sophisticated TDL-4 Botnet Has 4.5 Million Infected Zombies
‘Indestructible’ rootkit enslaves 4.5m PCs in 3 months
TDL-4 creates 4.5 million PC ‘indestructible’ botnet
Security Researchers Discover the Mother of All Botnets
TDL-4: The ‘indestructible’ botnet?
There’s a Botnet Called TDL-4 That’s Virtually Indestructable
‘Indestructible’ Botnet Enslaves 4.5 Million PCs
‘Indestructible’ Zombie PC Botnet Borrows Exploit From Israeli, U.S. Cyberweapon
Have cybercriminals created the perfect botnet — undetectable and indestructible?

If you ever needed a reason and reminder to keep your operating system, anti-virus, and anti-spywware software patched and up to date, this would be a good one.

/remember, if you’re not part of the solution, you’re potentially part of the problem

Aid And Comfort To The Enemy

Let’s see, China launches cyberattacks and conducts internet espionage against the United States 24/7/365 and our U.S. Department of Homeland Security is warning China about their vulnerabilities? WTF?

China’s Infrastructure Vulnerable to Cyber Attack

Software widely used in China to help run weapons systems, utilities and chemical plants has bugs that hackers could exploit to damage public infrastructure, according to the Department of Homeland Security.

The department issued an advisory on Thursday warning of vulnerabilities in software applications from Beijing-based Sunway ForceControl Technology Co that hackers could exploit to launch attacks on critical infrastructure.

See also:
SCADA Vulnerabilities Patched in Two Industrial Control Software from China
Chinese Weapon Systems Vulnerable To SCADA Hack
US warns China software risk to public infrastructure
US Warns of Problems in Chinese SCADA Software
Software bugs discovered in Chinese-made applications
China’s weapons systems have exploitable software bugs
Department Of Homeland Security Cites China Vulnerability
Exclusive: China software bug makes infrastructure vulnerable
US reveals Stuxnet-style vuln in Chinese SCADA ‘ware
Critical vulnerability in industrial control software

China is not our friend, why are we feeding the hand that bites us? Why aren’t we keeping these discovered Chinese vulnerabilities to ourselves in case we might actually need to use them in the event of escalated hostilities with China?

/and just when did the DHS become the CDHS, Chinese Department of Homeland Security, protecting the homeland of a hostile country?

Life, Liberty, And The Pursuit Of Free Internet Porn

Are you kidding me, internet access is a basic human right? Of course, as long as you have a basic human right to internet access, it follows that you also have a basic human right to a computer, modem, internet service, and hey, you’re going to need a place to plug in and the electricity to make it all work. Can’t afford all that? No problem, it’s a basic human right, demand it all free from your government and, if they can’t or won’t provide it, drag them before the U.N. Human Rights Council for human rights violations!

UN report: Internet access is a basic human right

Access to the Internet, especially during times of political unrest, is a basic human right, says a report released by the United Nations today.

“Facilitating access to the Internet for all individuals, with as little restriction to online content as possible, should be a priority for all States,” says the report, published on May 16 by Frank La Rue, a “special rapporteur” for the UN’s Human Rights Council.

. . .

The report urges states to avoid or amend any laws that “permit users to be disconnected from Internet access.”

. . .

The UN report defines Internet access to include both free information flow as well as access to infrastructure, “such as cables, modems, computers and software, to access the Internet in the first place.”

Read the report:

Report of the Special Rapporteur on the
promotion and protection of the right to freedom
of opinion and expression, Frank La Rue

See also:
Internet should remain as open as possible – UN expert on freedom of expression
United Nations report: Internet access is a human right
UN Declares Internet Access As A Human Right
UN Report: Internet access a human right
United Nations Declares Internet Access a Basic Human Right
United Nations Claims Internet Blackouts Violate Human Rights
UN: Disconnecting File-Sharers Breaches Human Rights
Filesharing laws ‘breach human rights’
United Nations High Commissioner for Human Rights (OHCHR)

And make no mistake, when the report mentions “with as little restriction to online content as possible’, that’s a direct shot at copyright holders and any governmental efforts to protect copyright or otherwise filter internet content. You see, no matter how prurient, vile, subversive, inflammatory, inaccurate, untruthful, or proprietary it is, information and intellectual property just want to be free! It’s a basic human right, damn it!

/so remember boys and girls, if you don’t have access to free internet porn, demand it, along with all the equipment and infrastructure needed to enjoy yourself, it’s your basic human right!

The New Laptop Is Here!

The laptop itself is awesome! Wrangling the software into submission is another awful matter entirely, Windows 7 64 bit does not play very nice with my familiar, well broken in, just the way I like it, optimized XP world.

/this is going to be a long, hard slog, loud, intense, and sustained swearing is expected to ensue, hopefully I’ll be able to physically restrain myself from striking or otherwise damaging expensive computer hardware

Do You Know Who Your Facebook Friends Are?

How creepy is this?

Army of fake social media friends to promote propaganda

It’s recently been revealed that the U.S. government contracted HBGary Federal for the development of software which could create multiple fake social media profiles to manipulate and sway public opinion on controversial issues by promoting propaganda. It could also be used as surveillance to find public opinions with points of view the powers-that-be didn’t like. It could then potentially have their “fake” people run smear campaigns against those “real” people. As disturbing as this is, it’s not really new for U.S. intelligence or private intelligence firms to do the dirty work behind closed doors.

See also:
Persona Management Software
Gaming Social Networks for Influence and Propaganda
U.S. Gov‘t Software Creates ’Fake People’ to Spread Message via Social Networking
US Gov. Software Creates ‘Fake People’ on Social Networks to Promote Propaganda
So, Why Does the Air Force Want Hundreds of Fake Online Identities on Social Media? [Update]
Revealed: Air Force ordered software to manage army of fake virtual people
More HBGary Federal Fallout: The Government Wants To Buy Software To Fake Online Grassroots Social Media Campaigns
Why Is the Military Creating an Army of Fake People on the Internet?
HBGary :: Detect. Diagnose. Respond
hbgaryfederal.com is offline

Well, at least now we know where all the “supposed” support for the malignant travesty that is Obamacare is coming from, fake people with fake opinions.

/seriously, do you trust the Obama administration and Democrats in general with software like this?

New Year, More Patches

Same as it ever was, what fun would Tuesdays be without Microsoft issuing software patches?

Microsoft Fixes Windows Security Vulnerabilities in Light Patch Tuesday

Microsoft issued two security bulletins to fix three Windows vulnerabilities, getting Patch Tuesday off to a slow start in 2011.

Only one of the bulletins is rated “critical.” That bulletin, MS11-002, covers two vulnerabilities affecting Microsoft Data Access Components. The first of the bugs exists in the way MDAC (Microsoft Data Access Components) validates third-party API usage. The second is due to the way MDAC validates memory allocation. According to Microsoft, both vulnerabilities could be exploited via a specially crafted Web page to allow an attacker to remotely execute code.

See also:
Microsoft Security Bulletin Summary for January 2011
It’s Microsoft Patch Tuesday: January 2011
Microsoft Patches 3 Windows Vulnerabilities
Microsoft patches critical Windows drive-by bug
Patch Tuesday: Microsoft plugs ‘drive-by download’ security holes
Microsoft’s January Patch Tuesday: 3 fixes but 5 holes unpatched
Two bulletins from Microsoft on its first Patch Tuesday of 2011 but Internet Explorer zero-day remains uncovered
Microsoft ‘Patch Tuesday’ Doesn’t Address Problem
Microsoft Patch Tuesday Update – 11th January 2011
Microsoft Patch Tuesday Hits One Critical Bug
Windows Update

And, once again, Microsoft patches some holes but leaves others uncovered.

/so, I guess we’ll be doing this again in the near future