elusive moonwalker
Guests
From Times Online
December 16, 2008
Internet Explorer users warned to change browser over security fears
Internet Explorer is the default browser on most computers
Nico Hines
div#related-article-links p a, div#related-article-links p a:visited {color:#06c;}Microsoft admitted today that a serious flaw in security has left all users of Internet Explorer, the default web browser for most people, vulnerable to attack from hackers.
The loophole allows criminals to commandeer victims’ computers by tricking them into visiting tainted websites that steal passwords. Computer users are advised to switch to an alternative internet browser, such as Firefox or Google Chrome, to be certain to avoid hackers who have so far corrupted an estimated 10,000 websites.
Microsoft said they are considering the release of an emergency update, which would close the flaw. The computing company claims that it has only detected attacks on Internet Explorer 7, the most common version of the programme, but warned that other versions are also potentially vulnerable. A spokesman today estimated that one in 500 internet users had been affected.
The hack was initially devised by Chinese criminals, who have been stealing computer game passwords that can be sold on the black market. However, Paul Ferguson, a security researcher for Trend Micro Inc, said the security breach is so severe that it could be “adopted by more financially motivated criminals for more serious mayhem - that’s a big fear right now.”
Specialists question 'fastest' broadband
As Virgin Media claims to be rolling out unprecedented service, experts raise doubts over reach and the extent of its top speed
Related Links
Since the security flaw was reported late last week, Microsoft said there has been a marked increase in new attacks attempting to make use of the vulnerability. These opportunistic hackers who exploit known security breaches are called “zero-day” attackers.
“Zero-day” threats occur as hackers race against software makers to attack the affected programmes, such as Explorer, before the known problems are repaired.
Microsoft said it is investigating the flaw and is considering fixing it through an emergency software patch outside of its normal monthly updates.
John Curran, a spokesman for Microsoft, said: “Right now it’s affecting about 0.2 per cent of users who may have come in touch with the vulnerability.
“It has the potential to move world wide rather quickly so it’s a significant issue and that’s why Microsoft is working diligently to get it resolved as quickly as possible.
“We are recommending four steps [below] which would protect you from the vulnerabilities we know today but there could be variations to the vulnerabilities.
“Obviously the chance for this to be exploited is there.”
The company is telling users to employ a series of complicated workarounds to minimise the threat. It has been suggested that increasing the internet security zone level to high and disabling Ole32db.dll in the access control list could help protect a computer.
Many security experts, though, have advised Internet Explorer users switch to another browser until an update is released. The next scheduled patch is not due until January 13, in the New Year, but it is not unusual for Microsoft to release an emergency patch.
Microsoft’s advice for Internet Explorer users
1. Keep your anti-virus up-to-date. Microsoft has circulated the definitions of these vulnerabilities to all the major anti-virus providers.
2. Reset Internet Explorer to run in protected mode. This is the default mode in Windows Vista but not XP or the earlier versions.
3. Set zone security to high.
4. Ensure Windows is updated. You can do this manually through Windows updater or set it to automatic updates.
More complex and comprehensive approaches are listed on the Microsoft website
December 16, 2008
Internet Explorer users warned to change browser over security fears
Internet Explorer is the default browser on most computers
Nico Hines
div#related-article-links p a, div#related-article-links p a:visited {color:#06c;}Microsoft admitted today that a serious flaw in security has left all users of Internet Explorer, the default web browser for most people, vulnerable to attack from hackers.
The loophole allows criminals to commandeer victims’ computers by tricking them into visiting tainted websites that steal passwords. Computer users are advised to switch to an alternative internet browser, such as Firefox or Google Chrome, to be certain to avoid hackers who have so far corrupted an estimated 10,000 websites.
Microsoft said they are considering the release of an emergency update, which would close the flaw. The computing company claims that it has only detected attacks on Internet Explorer 7, the most common version of the programme, but warned that other versions are also potentially vulnerable. A spokesman today estimated that one in 500 internet users had been affected.
The hack was initially devised by Chinese criminals, who have been stealing computer game passwords that can be sold on the black market. However, Paul Ferguson, a security researcher for Trend Micro Inc, said the security breach is so severe that it could be “adopted by more financially motivated criminals for more serious mayhem - that’s a big fear right now.”
As Virgin Media claims to be rolling out unprecedented service, experts raise doubts over reach and the extent of its top speed
Related Links
Since the security flaw was reported late last week, Microsoft said there has been a marked increase in new attacks attempting to make use of the vulnerability. These opportunistic hackers who exploit known security breaches are called “zero-day” attackers.
“Zero-day” threats occur as hackers race against software makers to attack the affected programmes, such as Explorer, before the known problems are repaired.
Microsoft said it is investigating the flaw and is considering fixing it through an emergency software patch outside of its normal monthly updates.
John Curran, a spokesman for Microsoft, said: “Right now it’s affecting about 0.2 per cent of users who may have come in touch with the vulnerability.
“It has the potential to move world wide rather quickly so it’s a significant issue and that’s why Microsoft is working diligently to get it resolved as quickly as possible.
“We are recommending four steps [below] which would protect you from the vulnerabilities we know today but there could be variations to the vulnerabilities.
“Obviously the chance for this to be exploited is there.”
The company is telling users to employ a series of complicated workarounds to minimise the threat. It has been suggested that increasing the internet security zone level to high and disabling Ole32db.dll in the access control list could help protect a computer.
Many security experts, though, have advised Internet Explorer users switch to another browser until an update is released. The next scheduled patch is not due until January 13, in the New Year, but it is not unusual for Microsoft to release an emergency patch.
Microsoft’s advice for Internet Explorer users
1. Keep your anti-virus up-to-date. Microsoft has circulated the definitions of these vulnerabilities to all the major anti-virus providers.
2. Reset Internet Explorer to run in protected mode. This is the default mode in Windows Vista but not XP or the earlier versions.
3. Set zone security to high.
4. Ensure Windows is updated. You can do this manually through Windows updater or set it to automatic updates.
More complex and comprehensive approaches are listed on the Microsoft website
and there should be a little box to check protected mode.
