Razer ponders how to fix installer that grants admin powers if you plug in a mouse • The Register

In a letter Razer is believed to be working on an updated installer after it was discovered that you can gain administrator privileges in Windows by plugging in one of the gaming manufacturer’s mice or keyboards.

In fact, inserting any USB device that claims to be a Razer mouse or keyboard will result in a situation that can be used.

Like documented at the end of last week by a Twitter user named j0nh4t, if you plug in a machine with a Windows 10 or 11 device identified as a Razer mouse or keyboard, Microsoft’s operating system will automatically download and run the Razer installer for Synapse software, which can be used to configure the peripheral.

During the interactive installation process, which runs at the SYSTEM level, you can create a Powershell terminal from an Explorer window that works with these high-level privileges. This way you can access a local machine administrator if you can log in in any way and include a gadget – useful at least for penetration testing. It is also possible to tell the installer to use a user-controlled folder to store an executable file that runs on each boot that can be hijacked by a fraudster.

The bug finder said they were unlucky enough to get Razer’s attention when they tried to report these flaws, and after posting zero-day operation for the Powershell hole on Twitter, the manufacturer contacted and offered a vulnerability reward. A new version of the installer to deal with these issues is being prepared for release, we were told.

We wonder how many Windows installers have the same problems. At the heart of the problem may be that Windows is running these interactive installers automatically at SYSTEM level, bypassing things like UAC.

In other words, the installers do nothing wrong on their own and work as expected – that is, the operating system automatically executes them with high privileges, without taking into account the registered local user. There may not be an easy fix except to run interactive installers with administrator rights automatically.

A Razer spokesman told us today: “We were informed of a situation in which our software, in a very specific use case, gives the user wider access to their machine during the installation process.

“We have investigated the issue, are currently making changes to the installation application to limit this use case, and will release an updated version soon. The use of our software (including the installation application) does not provide unauthorized third party access to the machine.”

The spokesman added that Razer was running a major bug program here.

A huge flood has been detected in the network

Cloudflare says it has absorbed the largest DDoS attack in its history – three times larger than anything it has ever seen.

The attackers are looking for financial business on Cloudflare’s CDN and fired an initial volley of 330 million requests per second from a botnet of compromised machines. This continued in a prolonged flood with 17.2 million claims per second.

“This 17.2 million RPS attack is the largest HTTP DDoS attack that Cloudflare has ever seen, and almost three times larger than any other reported HTTP DDoS attack,” said Omer Joachimik of the Cloudflare DDoS Protection Service.

“However, this specific botnet has been seen at least twice in the last few weeks. Last week alone, it was also targeted at another Cloudflare client, a hosting provider, with an HTTP DDoS attack that peaked at just under eight million RPS.”

Cloudflare estimates that the botnet used in the web tsunami was only 20,000 bots distributed in 125 countries. His denial-of-service daemon (dosd) noticed the attack early, he said, and mitigated the effects of the flow of HTTP requests.

Detailed delay and penetration of the organization in the census in the United States

Detailed report [PDF] in a cyber attack on the servers of the US Census Bureau last year was published by the Office of the Inspector General of the US Department of Commerce.

On January 11, 2020, a number of servers used by personnel to remotely inspect production, development, and laboratory networks were compromised by detractors using a publicly available exploit. The provider behind the software used for this remote access released a patch on December 17, 2019 for the critical vulnerability targeted by intruders, and this was not applied to the desk systems.

The bureau also did not pick up the intrusion immediately, did not keep enough logs, did not conduct a “lessons learned” session afterwards, and worked with servers that were no longer supported by their provider, the auditors said. Miraculously, we were told, only staff accounts were forged and the results of the 2020 census were intact.

“The operation was partially successful as the attacker changed the user account data in the systems to prepare for remote code execution,” the report said. “Attempts by the attacker to maintain access to the system by creating a backdoor on the affected servers were unsuccessful.”

The security guard has already determined a number of steps for the desk read such as a rubber cybersecurity fire — to be undertaken, including vulnerability scanning and procedures to alert IT personnel when appropriate fixes are made.

Pearson fined $ 1 million for failing to inform investors about security failure

Pearson will pay $ 1 million to settle lawsuits that have misled investors about the scale of network penetration in 2018.

According to the US financial observer, the SEC, which announced the agreement, “Pearson made misleading statements and omissions regarding the 2018 data breach, including the theft of student data and administrator login credentials in 13,000 school, district and university customer accounts. “.

“Pearson chose not to disclose this breach to investors until the media contacted him, and even then Pearson underestimated the nature and scope of the incident and exaggerated the company’s data protection.” said Christina Litman, Head of the SEC’s Cyber ​​Enforcement Division. “As public companies face the growing threat of cyber intrusions, they need to provide accurate information to investors about significant cyber incidents.”

The British publisher of education agreed to pay a fine of millions of dollars to the SEC and promised not to fuck like that again.

Prof. Princeton warns Apple about CSAM scanning – we’ve been there, don’t

The ongoing storm Apple’s plans to scan iCloud and Messenger uploads for child sexual abuse material intensified on Thursday when Princeton professor Jonathan Meyer and PhD student Anunnai Kulshreshta said they had already built such a system and then abandoned it.

Two years ago, they began researching a very similar Apple system, scanning for known images and generating signals. But after building a working prototype, they realized that the consequences of such a censorship system were enormous, as any file could be submitted by government officials to monitor and monitor people’s activities and interests.

“We were so concerned that we took a step we have never seen before in the computer science literature: we warned against our own system design, urging further research on how to mitigate serious shortcomings,” they wrote. “We planned to discuss the way forward at an academic conference this month.”

Proponents have accused Apple of betting on futures on Internet users, hoping that governments will not be able to use the system for malicious purposes. Apple has said it will not comply with the requirements to add images other than CSAM to the database. By the way, Apple was scanning iCloud Mail for CSAM from 2019

So, for that…

According to a report by Citizen Lab, this month you can already see the effect of Apple’s censorship in China, spreading beyond the Middle Kingdom. Apple complies with Beijing’s requirements and censors some of the content in China, saying it complies with the laws of the countries in which it operates. Citizen Lab found that the same censorship policies appeared elsewhere.

“We have found that part of Apple’s mainland China’s political censorship is taking place in both Hong Kong and Taiwan,” the team said in a statement. stated. “Much of this censorship goes beyond Apple’s legal obligations in Hong Kong, and we are not aware of the legal basis for political censorship of content in Taiwan.”

How soothing. ®