Exploit gets around Windows' app security safeguards

Reuters/Mike Segar

For years, business-focused versions of Windows have had an AppLockerfeature that lets you blacklist or whitelist apps. It's undoubtedly helpful for companies eager to keep malware (or just risky software) off their network. However, researcher Casey Smith has discovered a vulnerability in Windows that gets around this barrier. If you tell Regsvr32 to point to a remotely hosted file (such as a script), you can make a system run whichever app you want -- just what hackers and virus writers are looking for. It's stealthy, too, as it doesn't require administrator access or give itself away through registry changes.

There isn't a known patch for the flaw yet, but we've asked Microsoft for comment and will let you know if it has something to say. In the meantime, there is a stopgap. Eric Rand suggests telling Windows Firewall to block Regsvr32, which prevents it from accessing online files. While that's not very convenient if you have a whole office's worth of PCs to protect, it beats the alternative.

AdBlock replacing ads with anti-censorship messages

Ai Weiwei, Edward Snowden and Pussy Riot to remind you of threats against privacy.

We've seen Malaysia ban access to Medium and Russia do the same for Wikipedia, so if you thought Amnesty International would sit on the sidelines for World Day Against Cyber Censorship this year, you're sorely mistaken. On March 12th, the human rights organization is teaming with AdBlock to replace online ads with messages from artist Ai Weiwei, Edward Snowden and Russian punk rockers Pussy Riot -- themselves all victims of overzealous government censorship.

They'll look like the image embedded below, via Mashable. AdBlock CEO Gabriel Cubbage says that the idea is to get its users involved in thinking about online privacy and that come Sunday the spots where AI's banners were will be empty once again. Cubbage urges AdBlock's users to "take a moment to consider that in an increasingly information-driven world, when your right to digital privacy is threatened, so is your right to free expression."

Beyond the aforementioned high-profile censorship targets, AI says that AdBlock will also populate ad spaces with messages from North Korean cyber censorship casualties. It isn't the first time the organization has taken a stance against those who'd rather online privacy not exist, but perhaps it's the most prescient. The outfit says that just last year alone it documented arrests in 16 countries over what people said or did online.

And really, the timing couldn't be better considering the feds' ongoing warwith Apple over unlocking San Bernardino shooter Syed Rizwan Farook's iPhone 5c, and our government's PR campaign to devalue encryption at seemingly all costs.