Microsoft: Bob Security Captures Headlines

April 9, 2021

Sleeper code. Yep, malware injected into thousands of servers could wake up and create some interesting challenges for the JEDI contractors with Microsoft T Shirts. Here’s my design suggestion for the security experts’ team:

Do you remember the tag line for Bob, a stellar graphical interface for Microsoft Windows? No. Let me highlight one of the zippier marketing statements:

Hard working, easy going software everyone will use.

Who knew that the “everyone” would include bad actors. Plus there are two other security related items to entice cyber professionals.

First, “Windows 10 Hacked Again at Pwn2Own, Chrome, Zoom Also Fall” includes this statement:

The first to demo a successful Windows 10 exploit on Wednesday and earn $40,000 was Palo Alto Networks’ Tao Yan who used a Race Condition bug to escalate to SYSTEM privileges from a normal user on a fully patched Windows 10 machine. Windows 10 was hacked a second time using an undocumented integer overflow weakness to escalate permissions up to NT Authority\SYSTEM by a researcher known as z3r09. This also brought them $40,000 after escalating privileges from a regular (non-privileged) user. Microsoft’s OS was hacked a third time during day one of Pwn2Own by Team Viettel, who escalated a regular user’s privileges to SYSTEM using another previously unknown integer overflow bug.

The statements suggest that either the OS is deliberately flawed in order to allow certain parties unfettered access to user computers or that Microsoft is focusing on moving Paint to the outstanding Microsoft online store.

Second, I spotted “Hackers Scraped Data from 500 Million LinkedIn Users about Two Thirds of the Platform’s Userbase and Posted It for Sale Online.” (Editor’s note: Data is plural, but let’s not get distracted, shall we?) The article reports:

The data includes account IDs, full names, email addresses, phone numbers, workplace information, genders, and links to other social media accounts.

Useful to some I assume.

Net net: I wonder if a Bob baseball cap is available in the Microsoft store?

I would wear one with pride during my upcoming National Cyber Crime Conference lecture.

Stephen E Arnold, April 9, 2021

Written by Stephen E. Arnold · Filed Under Microsoft, Security

Comments

3 Responses to “Microsoft: Bob Security Captures Headlines”

Researchers say Facebook's algorithms disproportionately show certain types of job ads to men and women; no evidence of gender skewing was found on LinkedIn (Jeff Horwitz/Wall Street Journal) - INFOSHRI on April 9th, 2021 5:47 pm

[…] WeLiveSecurity, Threatpost, CNN, Silicon Republic, Inc42 Media, KnowTechie, MSPoweruser, Neowin, Beyond Search, BGR India, International Business Times, Gizmodo, Social Media Today, and HotHardware.com […]
Amazon thanks workers for voting against unionizing, says less than 16% voted to join the union and counters the union's claims that Amazon won by intimidation (About Amazon) - INFOSHRI on April 9th, 2021 5:48 pm

[…] Threatpost, Fortune, Android Headlines, iPhone Hacks, Inc42 Media, KnowTechie, MSPoweruser, Beyond Search, 9to5Mac, MediaNama, The Economic Times, New York Post, Gizmodo, and […]
Google denies reports Pixel 5a 5G is cancelled, says it'll be available this year in the US and Japan and announced in line with last year's a-series phone (Abner Li) - INFOSHRI on April 9th, 2021 5:49 pm

[…] WeLiveSecurity, Threatpost, CNN, Silicon Republic, Inc42 Media, KnowTechie, MSPoweruser, Neowin, Beyond Search, BGR India, International Business Times, Gizmodo, and Social Media […]

Search the site
Subscribe to Beyond Search
Feature archive
News archive

Stephen E. Arnold monitors search, content processing, text mining and related topics from his high-tech nerve center in rural Kentucky. He tries to winnow the goose feathers from the giblets. He works with colleagues worldwide to make this Web log useful to those who want to go "beyond search". Contact him at sa [at] arnoldit.com. His Web site with additional information about search is arnoldit.com.