Kaspersky Labs researcher Anton Ivanov says an advanced threat group was exploiting a Windows zero day vulnerability before Microsoft patched it last week.
Microsoft says the graphics device interface vulnerability (CVE-2016-3393) allowed attackers to gain remote code execution and elevation of privilege powers.
Ivanov's analysis reveals a hacking group dubbed FruityArmor was exploiting the vulnerability in chained attacks, using a True Type Font to trigger the bug.
[...] The attack saw browser sandboxes broken and higher privileges attained before a second payload executed with the newly-acquired higher access privileges.
Windows 10's efforts to push font processing into a special user mode that restricts privileges did not stop the exploit.
(Score: 4, Insightful) by janrinok on Sunday October 23 2016, @12:38PM
I can support your call for new editors - I've been doing this from the start and I am finding it very tiring at times. However, we can't have ACs as editors. We cannot give the necessary privs on the site to unnamed individuals, plus you have to be contactable on email and IRC.
The problem with this suggestion is that it does not give everyone a chance to submit - trolls and group-think types can suppress stories that they do not want to see. That is why every story has to go through 2 editors (not 1) to make sure that no single individual can affect the output on the front page.
Finally, you do realise that Arthur T Knackerbracket is only a bot? We have to use it when nobody can be bothered to make submissions. What you are expecting is that each editor is also responsible for making submissions and doing the editorial task. It might surprise you that we have lives and families and jobs, and that we do this job for pleasure. Nobody here gets paid a dime. If you don't like the quality of the stories the solution is in your hands. Likewise, if you don't like the quality of the editing, feel free to step up to the plate and let me have a break. I have posted 3000+ stories since I started as an editor, I will happily let someone else have a chance it they want it.
(Score: 0) by Anonymous Coward on Sunday October 23 2016, @01:55PM
Nope, AC editor is no good. Let's recruit more editors so editing can be more fun/interesting rather than being a chore.
An idea, though. If you find nothing decent is in the queue, but feel some fresh meat is in need of posting, why not consider a personal write-up/editorial of editor's choice? Like "meta" posts about SN itself, but widen the scope to any subject an editor fancies and thinks it might be of interest to others. Such post, marked as such ("op-ed", "a not so deep thought", whatever), if posted once in a while, may add an interesting color to this site. Besides, it seems a reasonable perk for editors.
(Score: 2) by janrinok on Sunday October 23 2016, @03:30PM
The op-ed idea has merit but might not be the whole solution. This weekend at least 12 of the approx 32 stories we need to fill the pages are from Arthur. There is nothing the 3 available eds could do to fill those slots if we have to write complete articles from scratch. The output from Arthur is far from ideal, but at least it does identify stories that are roughly in line with our aims and interests. And those editors are only available for a limited time each day - they have their own lives to live too.
We will probably make another bid for editors in the next few weeks. However, they each need individual training by an existing editor. While the job is not difficult and is interesting, getting to grips with the process is time consuming. But we accept that as simply being a part of the job. Although we might train 4 new editors, experience suggests that the likelihood of them all remaining as eds for longer than a couple of months is remote. If we can keep 1 we would be happy, and 2 would make life so much more easy for us. There is an expectation that each would make a contribution on an almost daily basis; this is quite a commitment to give and is even harder to achieve over weekends when people want to do other things.
There are only 4 regular active editors at present which isn't many for 24/7 operating. A few more help when they can depending on other commitments. Of course, you might think that the solution is to only fill part of the day but which part? I'm in Europe, and I'm not going to support a site that is targeted only at our US audience. The full SN team is spread worldwide, as is our community, and everyone wants the opportunity to take part in discussions 'live' rather than look at what was said by any one particular geographic region. With over 6000 members I would hope that a few will be up for the challenge.