Saturday, October 15, 2022

BYOVD


Uff! Oops!"...Microsoft is acutely aware of the BYOVD threat and has been working on defenses to stop these attacks, mainly by creating mechanisms to stop Windows from loading signed-but-vulnerable drivers. The most common mechanism for driver blocking uses a combination of what's called memory integrity and HVCI, short for Hypervisor-Protected Code Integrity. A separate mechanism for preventing bad drivers from being written to disk is known as ASR, or Attack Surface Reduction.


Unfortunately, neither approach seems to have worked as well as intended..."

How a Microsoft blunder opened millions of PCs to potent malware attacks - Ars Technica

arstechnica.com › 2022/10 › how-a-micr...
15 hours ago · The malware technique—known as BYOVD, short for "bring your own vulnerable driver"—makes it easy for an attacker with administrative control to ...

How a Microsoft blunder opened millions of PCs to potent malware attacks - Minmin Tv Cp

minmin-tv-cp.com › how-a-microsoft-bl...
11 hours ago · The malware technique—known as BYOVD, short for “bring your own vulnerable driver”—makes it easy for an attacker with administrative control to ...

How a Microsoft blunder opened millions of PCs to potent malware attacks - Security | DSLReports Forums

www.dslreports.com › Forums › Security
The malware technique—known as BYOVD, short for "bring your own vulnerable driver"—makes it easy for an attacker with administrative control to bypass Windows ...

How a Microsoft blunder opened millions of PCs to potent malware attacks - Koolplaz

koolplaz.com › Technology
13 hours ago · The technical malware—known as BYOVD, short for “bring your own vulnerable driver”—makes it easy for an attacker with administrative control to ...

How a Microsoft blunder opened millions of PCs to potent malware attacks - ChroniclesLive

chronicleslive.com › how-a-microsoft-bl...
14 hours ago · The malware technique—known as BYOVD, short for “bring your own vulnerable driver”—makes it easy for an attacker with administrative control to ...

How a Microsoft blunder opened millions of PCs to potent malware attacks - BEAMSTART

beamstart.com › news › how-a-microsoft...
23 hours ago · News Summary: Microsoft said Windows automatically blocked dangerous drivers. It didn't. - Ars Technica (United States)


arstechnica.com

How a Microsoft blunder opened millions of PCs to potent malware attacks

by Dan Goodin - Oct 14, 2022 4:26 pm UTC 
Dan Goodin / Dan is the Security Editor at Ars Technica, which he joined in 2012 after working for The Register, the Associated Press, Bloomberg News, and other publications.
5 - 6 minutes

Microsoft said Windows automatically blocked dangerous drivers. It didn'

"For almost two years, Microsoft officials botched a key Windows defense, an unexplained lapse that left customers open to a malware infection technique that has been especially effective in recent months.

Microsoft officials have steadfastly asserted that Windows Update will automatically add new software drivers to a blocklist designed to thwart a well-known trick in the malware infection playbook. The malware technique—known as BYOVD, short for "bring your own vulnerable driver"—makes it easy for an attacker with administrative control to bypass Windows kernel protections. Rather than writing an exploit from scratch, the attacker simply installs any one of dozens of third-party drivers with known vulnerabilities. Then the attacker exploits those vulnerabilities to gain instant access to some of the most fortified regions of Windows.

It turns out, however, that Windows was not properly downloading and applying updates to the driver blocklist, leaving users vulnerable to new BYOVD attacks.

As attacks surge, Microsoft countermeasures languish

Drivers typically allow computers to work with printers, cameras, or other peripheral devices—or to do other things such as provide analytics about the functioning of computer hardware. For many drivers to work, they need a direct pipeline into the kernel, the core of an operating system where the most sensitive code resides. For this reason, Microsoft heavily fortifies the kernel and requires all drivers to be digitally signed with a certificate that verifies they have been inspected and come from a trusted source.

Even then, however, legitimate drivers sometimes contain memory corruption vulnerabilities or other serious flaws that, when exploited, allow hackers to funnel their malicious code directly into the kernel. Even after a developer patches the vulnerability, the old, buggy drivers remain excellent candidates for BYOVD attacks because they’re already signed. By adding this kind of driver to the execution flow of a malware attack, hackers can save weeks of development and testing time.

BYOVD has been a fact of life for at least a decade . . .

Entire blog posts have been devoted to enumerating the growing instances of BYOVD attacks, with this post from security firm Eclypsium and this one from ESET among the most notable.

 

Microsoft is acutely aware of the BYOVD threat and has been working on defenses to stop these attacks, mainly by creating mechanisms to stop Windows from loading signed-but-vulnerable drivers. The most common mechanism for driver blocking uses a combination of what's called memory integrity and HVCI, short for Hypervisor-Protected Code Integrity. A separate mechanism for preventing bad drivers from being written to disk is known as ASR, or Attack Surface Reduction. . .

Stay safe

For now, people should make sure they have driver blocking turned on with the latest blocklist installed using either Microsoft's instructions or Dormann's PowerShell script. People should also await further updates from Microsoft about if and when driver blocklists will automatically be updated through the Windows Update mechanism.

In the longer term, Microsoft's leadership will hopefully recognize the ways that its company culture is becoming increasingly insular and defensive. Had it not been for Dormann and other researchers, like Kevin Beaumont and Brian in Pittsburgh, reporting the problems they were having with driver blocklist updates, Microsoft still might not understand what had gone wrong.

In many cases, these critics know Microsoft products better than executives like Weston. Instead of portraying the critics as uninformed complainers, Microsoft should publicly embrace them—and provide more actionable guidance they and others can use to make the Internet safer.

Another approach


The Microsoft instructions linked above work, but they’re written for admins who may need to test the blocklist before actually enforcing it. This flexibility is great for people responsible for ensuring they don't cripple big fleets of devices; for average users, it creates unnecessary complexity that may cause them to give up.

To address this, Dormann has created and published a script that normal (i.e., non-enterprise) users will likely find easier to use than Microsoft’s convoluted method. Dormann’s script runs in PowerShell, the command-line shell that's built into Windows. As with any PowerShell script you find on the Internet, be mindful of running this on any computer you care about. It worked for us, but we can't vouch for its effectiveness on every system."

READ MORE ^ 

VIDEOS 

at No comments:

Friday, October 14, 2022

From the City of Mesa / Engineering Public Relations Department (3 Contacts)

 What's this? What's the co$t in million$$$$$$? Environmental impacts? Details?

Virtual Public Meeting to Discuss Val Vista Drive Improvements

 

October 12, 2022 at 9:10 am

"The City of Mesa plans to reconstruct Val Vista Drive from the U.S. 60 to Pueblo Avenue and the intersection of Val Vista Drive and Southern Avenue. These improvements will provide three through lanes on Val Vista Drive from U.S. 60 to Enid Avenue. Improvements include pavement reconstruction, raised center medians, bike lanes, drainage structures and facilities, landscaping and traffic signal modifications. 

✓ Construction will also move overhead electric to underground in one location, and gas facilities and include replacement of curb, gutter, sidewalk, and ADA-compliant ramps and driveways in various locations. Design is underway with construction anticipated to begin in Fall 2023.

We invite you to join us for a short presentation followed by a question and answer session:

Date: Tuesday, Oct. 18
Time: 6 p.m. to 7 p.m.
Register online at www.mesaaz.gov/engineering

If you have any questions regarding this project, please contact Curt Albright, Michele Arrollado, or Dory Kalish with the City of Mesa Engineering Public Relations Department at 480-644-3800.

Si usted tiene preguntas de este proyecto, favor de llamar a Maggie Smith, con la Ciudad de Mesa al 480-644-5672.

at No comments:

Mocap - recording the movements of a real person or object so they can be turned into computer animated graphics.

 

Meta's VR legs video wasn't what it seemed

The animated Mark Zuckerberg shown jumping on screen apparently used motion capture.
Mariella Moon
M. Moon|10.14.22
@mariella_moon
A still from the Meta Horizon Worlds VR demo where they were showing off avatars with legs. One avatar has their leg in the air after apparently kicking Mark Zuckerberg's avatar and he's lifted off the ground as a result.
Meta

When Meta announced that its Horizon Worlds avatars were getting legs in the near future, we got to see VR Mark Zuckerberg jump up and down to show them off. Apparently, though, what we saw wasn't a real demonstration of how Meta was able generate their full-body virtual reality avatars. According to UploadVR editor, Ian Hamilton, the event used animations that were created using motion capture:

The process, which is called mocap for short, is widely used in cinema and games and entails recording the movements of a real person or object so they can be turned into computer animated graphics. 

During the event, Meta said that "legs have been one of the most requested features on [its] roadmap, and it’s been a significant area of [the company's] focus." Indeed, the addition of legs to Horizon's legless avatar would be a noteworthy achievement due to the technological constraints of the VR devices we have access to today. VR headsets as we know the weren't made to track legs. As Meta CTO and Reality Labs team leader Andrew Bosworth had explained to CNN Business earlier this year: "Tracking your own legs accurately is super hard and basically not workable just from a physics standpoint with existing headsets." Meta's solution to that problem involves the use of an artificial intelligence model to predict where the user's legs are supposed to be. 

We'll have to wait a bit more to see these AI-powered VR legs in action, though, because Meta's full-body avatars that don't rely on mocaps won't be coming out until 2023.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission. All prices are correct at the time of publishing.
at No comments:

From The Onion

 

NEWS IN BRIEF

Report Finds Russian Hackers Gained Access To Millions Of Metaverse Legs



Alerts

MENLO PARK, CA—Warning that the criminals who breached the system had already done significant, irreversible damage, a damning new cybersecurity report released Friday found that Russian hackers had gained access to millions of Metaverse legs. “As of today, foreign agents employed by the Russian government have uncovered a security flaw in the backend of the Metaverse servers and exploited the deficiency to exert control over the legs, knees, and feet of various digital avatars,” said the report’s author, Dr. David Kline, adding that bad actors now had the ability to force users to perform countless actions, including sit, stand, jump, dance, run, or even do the splits. “At this time, Mark Zuckerberg has yet to address, and in some cases fully denied, the fact that the lower halves of many users are repeatedly doing squats, performing roundhouse kicks, or sprinting at high speeds across the Metaverse. If we don’t act soon, there’s no telling how many avatars they could manipulate to pirouette, heel kick, or do the moonwalk. Needless to say, this does not bode well for the 2024 election.” At press time, Zuckerberg came under fire after Russian hackers gained control of his neck and made his head spin wildly around in circles for the duration of a Metaverse keynote.

at No comments:

What's this...

 

AUTHOR: TOM TOMORROW

Tom Tomorrow (Dan Perkins) is the creator of This Modern World, a weekly cartoon of political and social satire which has been a mainstay of the alternative press for more than two and a half decades. His work has also appeared in publications including The New York Times, the New Yorker, Esquire, Spin, Mother Jones, US News and World Report, the Economist, and many others. He is a two-time recipient of the Robert F. Kennedy Journalism Award, the 2013 recipient of the prestigious Herblock Prize for editorial cartooning, and a 2015 finalist for the Pulitzer Prize.
at No comments:

About THIS MODERN WORLD

 


Contact: tomtomorrow (at) gmail.com.

Tom Tomorrow is the creator of the weekly political cartoon, This Modern World, which can be found on sites including Daily KosThe Nib and The Nation, as well as many alternative weeklies across the nation (support your local altweekly!). His work has appeared in publications including The New York Times, The New Yorker, Spin, Mother Jones, Esquire, The Economist, The Nation, U.S. News and World Report, and The American Prospect.

From 1999-2001, he worked on a series of animated web cartoons which can be viewed here.

In 2009, he created the cover art for the Pearl Jam album Backspacer.

In 2015 he held a record breaking Kickstarter, raising $310,357 to publish a massive, two volume compilation celebrating the 25th anniversary of the strip.

He has published thirteen other anthologies of his work:

Greetings From This Modern World (1992) (introduction by Bill Griffith)
Tune in Tomorrow (1994)
The Wrath of Sparky (1996)
Penguin Soup for the Soul (1998) (introduction by Christopher Hitchens)
When Penguins Attack (2000) (introduction by Dave Eggers)
The Great Big Book of Tomorrow (2003)
Hell in a Handbasket (2006)
The Future’s So Bright I Can’t Bear to Look (2008)
Too Much Crazy (2010) (introduction by Michael Moore)
The World of Tomorrow (2012) (introduction by Eddie Vedder)
Crazy is the New Normal (2016)
— Il Pazzo Mondo a Atelle e Strisce (Italian, 2016)
Life in the Stupidverse (2020)

He is also the author of a book for children, The Very Silly Mayor (2009).

He received the Robert F. Kennedy Award for Excellence in Journalism in 1998 and in 2003, the Herblock Award in 2013, and was a Pulitzer Prize finalist in 2015. Other honors include:

1993: Media Alliance Meritorious Achievement Award
1995: Society of Professional Journalists James Madison Freedom of Information Award
2000: Association for Education in Journalism and Education, Professional Freedom and Responsibility Award
2001: James Aronson Award for Social Justice Journalism
2004: Association of Alternative Newsweeklies award for cartooning, 2nd Place
2006: Association of Alternative Newsweeklies award for cartooning, 3rd Place
2015: Association of Alternative Newsweeklies award for cartooning, 1st Place
2015: Society of Illustrators Silver Medal for Cartooning

Tom Tomorrow has given many campus talks and presentations, and will available for speaking engagements when such things are possible again.

* * *

“Panel for panel, no comic strip captures the toxic depravity of the Trump Administration quite like This Modern World. It can’t be easy to satirize self-parody, but Tom Tomorrow does so with a deadpan glee that’s simultaneously hilarious, insightful and tragic. #PulitzerWorthy” — Mark Hamill

“Turn off your TV! Shut down your computer! Tom Tomorrow has a laugh out loud gift for us. His latest book of cartoons, Life in the Stupidverse, is like a living, wriggling, ever expanding bag full of chittering, twittering Tribbles reproducing and multiplying itself. It’s wit, insight and — of all things — hope for the future of our democracy. Oh My!” — George Takei

“Tom Tomorrow makes me laugh about the world today — and if you’ve seen the world recently, you know what an actual miracle that is.” — John Scalzi

“As I crawl on hands and knees through the smoldering rubble of the MAGA Apocalypse, one of the only things that keeps me going is the prospect of a new Tom Tomorrow cartoon. As I weakly lift my iPad, hand shaking, and peruse the latest offering, I giggle through the sobs. Tom, you mad, sardonic genius, may you scribble on forever. “ — Derf Backderf

“We live in a time that is beyond satire for all but Tom Tomorrow, who has hit the vein yet again with his unrivaled wit and perspicacity.”
Ed Solomon, writer of Men in Black, co-writer of Bill and Ted Face the Music

“I’ve been a huge fan of Mr. Tomorrow’s work since I was a wee lad, and having meticulously studied his writing for many years, I’m afraid I’ve come up with a rather disturbing conclusion: some of our elected officials may not always have our best interests at heart.  I’m very sorry I had to be the one to tell you this.” —Weird Al Yankovic

“All hail Tom Tomorrow!” — Michael Moore.

“One of the most clever and incisive political cartoons in the country.”– The Los Angeles Times.

“The sharpest strip currently going.”– The New York Review of Books.

“The current political scene creates two impulses, to jump off a bridge or to laugh. Luckily, Tom Tomorrow gives us a chance to laugh.”– Ben Bagdikian.

“Like all good satirists, Tomorrow is an indiscriminately subversive individualist … (who) does a seriously funny job of taking on the derangements of consumer culture and the high pretensions of political lowlifes.”– Entertainment Weekly.

“Tom Tomorrow is the wry voice of American common sense, humor and decency.”– Kurt Vonnegut.

“The look of Roy Lichtenstein, the brutality of Lenny Bruce.”– Des Moines Register.

at No comments:
Subscribe to: Comments (Atom)