These days it s easy to feel adrift from the people in your life. At times, physical distance alongside social and political unrest seems like a never-ending rising tide. It can feel overwhelming. We have felt it here at EFF, but thankfully during our 30th Anniversary, EFF s purpose has never been more clear. EFF s members have shown that even through the worst of times, we will still come together to fight against police surveillance, defend the use of strong encryption, and protect our rights to free speech on the Internet (to name just a few of this year s biggest battles).
EFF members didn t skip a beat and proved the strength of their numbers this year. Last spring, the EFF membership team was tasked with planning the first-ever virtual Members Speakeasy. Despite being an organization whose entire purpose is to fight for digital rights, we had to climb a steep learning curve to throw a successful program in virtual space! Thankfully, our members showed that they are ready and
According to security researcher Rancho Han at Singular Security, the problem specifically exists in an old and barely known component in Windows kernel called user mode print driver (UMPD).
The driver consists of two main components: a printer graphics dynamic link library (DLL) that assists the graphics device interface in rendering a print job and sending the job to the print spooler; and a printer interface DLL that the spooler uses to notify the driver of print-related events, Han said in his Black Hat presentation.
The problem exists in the interaction between the UMPD and certain Windows kernel functions. According to Han, when a user initiates some kinds of print-related functions, the UMPD interacts with the graphics engine and receives what are known as callbacks from the kernel. The manner in which the interaction takes places gives attackers an opportunity to insert malicious code into the process, which is then executed at the Windows kernel level.
The awards are to the cyber-security field what the Oscars and the Razzie awards, combined, are to the movie industry.
Each year, cyber-security professionals are invited to nominate and then vote for both the best and worst in their industry. This includes selecting the best and most ingenious vulnerabilities discovered over the past twelve months, but also the worst vendor responses and epic fails that have ended up putting users at risk.
For the past decade, the Pwnie Awards ceremony has taken place during the Black Hat USA security conference, each August, in a Las Vegas hotel, where organizers usually hand out plastic pony dolls with pink hair to the winners of their categories.