Suspected Chinese snoops weaponize unpatched Windows flaw to spy on European diplomats Cyber spies linked to the Chinese government exploited a Windows shortcut vulnerability disclosed in March – but that Microsoft hasn't fixed yet – to target European diplomats in an effort to steal defense and national security details. Security firm Arctic Wolf attributed the espionage campaign to UNC6384 (aka Mustang Panda, …
I would like to read one article from her about American cyber spies. Perhaps a good expose about how they were caught snooping on Angela Merkel, or something more up to date.
You see, when the article title is about spying on European diplomats and there is no mention of the USA doing the same, it makes me think Jessica Lyons is part of the CIA spying industrial complex.
I would like to read one article from her about American cyber spies
Oh dear... you seem to have misunderstand how reporters work in non-authoritarian countries.
She reports - this time what "Arctic Wolf Labs threat research team said."
If no-one is putting out similar articled about those Damn Yankees, then she cannot cannot report it.
Perhaps a good expose about how they were caught snooping on Angela Merkel, or something more up to date.
Exposé? It was revealed by Snowden, reported here 12 years ago.
https://www.theregister.com/2013/11/26/merkel_phone_tapped_by_5_countries/
makes me think Jessica Lyons is part of the CIA spying industrial complex.
No why would you get so upset of the many exposed (suspected) Chinese spying cases? Would you like there to be no reporting of the Chinese spies?
@VoiceOfLies
Is your remit to pass the same shit every time?
Can't be arsed to link to yet another story about the Chinese claiming other nations spying in them, you're clearly unable to think and remember for yourself.
It can't do otherwise, and it's not specific to Windows. Signing certifcates are valid for one year, if signed executables with expired certificates became untrusted it would be a nightmare. It's just lke document signatures, the signature has to be valid at the time the document was signed. The only other option would be certificates with a long life, which would have their own issues. Or use a blockchain.... <G>
Yet another fault dealing with those pesky .LNK files. I think they were invented because Unix (pre Linux) had soft links and the Gates crew came up with a seat-o-the-pants solution. They ended up being excellent ways for creatives to trick the unsuspecting into clicking/executing.
Your CAD software? Windows?
Something is only yours if you control it and the only CAD software that the user can control is really FreeCAD and OpenSCAD etc, which run natively on GNU/Linux.
If you have a windows partition and keep booting into it, you in fact have failed to escape your abuser.
Many people go and install GNU/Linux, but fail to escape their abusers, as the first thing they do is install proprietary software from microsoft and every other proprietary program (shaded from) under the sun.
"Oh it is easy to understand: MS don't give a shit about security."
That part I can understand. I'd fully expect IE, Edge, Outlook and whatever else MS come up with, to not only allow but actively encourage people to spread crud, and Exchange to merrily distribute it far and wide.
What I can't understand is real mail clients allowing such attachments, or admins of real mail servers allowing them to pass through their servers as attachments.
Yes, I've in the past had users complain that their "file didn't get through" to their recipient and inspection showed they'd sent a .LNK instead of the file. Yes, I'm one of those who bolts things down before putting them into production. Unfortunately 4x2 battens and baseball bats aren't allowed to be used in user education programmes these days :-(
>Unix (pre Linux) had soft links
What?
GNU's Not Unix implemented support for symbolic links long before Linux even existed; https://usenet.trashworldnews.com/?thread=779127
(If anyone has a copy of fileutils-1.0.tar.Z please send me one).
Meanwhile reviewing the source code of the proprietary Linux 0.01, it didn't implement symbolic links (only hard links it seems).
It seems that the kernel, Linux originally did not support symbolic links and those were only supported by a filesystem driver with the introduction of the ext2 filesystem in January 1993.
So correctly, that would be; I think they were implemented because Unix (pre GNU) had soft links
No, they have a very different purpose to softlinks.
They're to define the icon to be shown, launch arguments, and the working directory to be used on the Windows desktop.
Softlinks only provide an alias - commandline has no icons.
In the default case the icon is the first one in the target PE, there are no arguments and the working directory is the location of target PE.
The real power is that those can be changed as necessary.
There's a lot of applications which use this to run the same executable in different modes with different icons, and power users often pick icons from elsewhere.
There's even a few DLLs in Windows that contain lots of icons for this very purpose.
I am wondering why the Chinese would bother spying European diplomats. I heard a lot of security claims all pointing to Chinese, I also remember those claims were pointing to Russian in the old days, now they all shifted towards to the Chinese. countries like Canada, UK, and even smaller ones. what is the logic spying on those weak nations. I kind of buying stories that the Chinese spy the United States. and to be frankly, I would assume that the 5 eyes have been doing the same to the Chinese. since no news value for that kind of reporting. most of journalists want bother to dig that information.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
