Internet Explorer warning after role in China Google hack

Germany warned users Friday after a malicious code - implicated in recent attacks on Google - was published online, and now Certa, a French Government agency that oversees cyber threats, has warned against using all recent versions of the web browser.

Internet explorer Germany, France warn against it. If Google was not much of a threat for Microsoft and its latest defeat on Microsoft Word was not a big enough blow here comes the double blow for software giant. Yesterday Germany had said that it was unsafe to use Internet Explorer commonly called IE.

France has religiously followed Germany and has seconded that yes Internet Explorer was not safe at all.

There are reports that the Chinese hackers who were able to hack into some sensitive email accounts were able to hack because the people whose accounts were hacked were using IE. But this is just a rumor and it is yet to be established fully.

Now the company is in danger of losing users after Germany asked its people not to use Internet Explorer versions 6, 7 and 8.

Now, France has also expressed the same worries. It is backing the calls made by the German government. Recently, web users in Germany were urged to look for alternative to Microsoft's Internet Explorer (IE) to protect security.

Things have become so complicated that Certa, a government agency that assesses cyber threats, has also issued a warning. The agency doesn’t want users to use all versions of the web browser.

The warning has been issued following attacks on Google and other major companies email accounts. The California-based search engine giant has accused China of the attacks.

Accomplished techies have also pointed out to the fact that the attacks come from China. However, they don’t have any solid proof to back their statements. Company’s techies are working overnight to figure out the real problem. Officials at Microsoft disagree with the stand being taken by Germany and France. They say that they have enough security set up to block the attacks.

But their argument has fallen flat as government officials in Germany and France are not willing to listen to them. The fear for the company is that more countries will follow suit and people will be convinced not to use Internet Explorer. If it happens so then it will be a huge blow to both the giants.

"Microsoft is aware of public exploit code released that impacts customers using Internet Explorer 6 and of limited, targeted attacks attempting to use this vulnerability against Internet Explorer 6. As a result of the reports we released an update to Security Advisory 979352 to alert customers and provide actionable guidance and tools to help with protections against exploit of this IE vulnerability."

"Customers using Internet Explorer 8 are not affected by currently known attacks and exploits due to the improved security protections in IE8," it continued. "Microsoft teams are continuing to work around the clock on an update and we will take appropriate action to protect customers when the update has met the quality bar for broad distribution. That may include releasing an out-of-cycle security update. Obviously, it is unfortunate that our product is being used in the pursuit of criminal activity. We will continue to work with Google, industry leaders and the appropriate authorities to investigate this situation."

Mr Cluley said that because details of the exploit were now available online, hackers could soon change the code to target other versions of the browser.

He warned web users to be careful about clicking on links in unsolicited e-mails and advised all web users to upgrade their browser to the latest version, no matter which software they used.

Mr Cluley said that switching away from IE could create other problems, particularly for companies.

"Some web-based applications may not work at all if you're not using Internet Explorer."

Microsoft is currently working on a patch for the problem, but a spokesperson said it could not commit to a timeframe.

Microsoft will issue further updates via its 'Security Response Center Blog'.

Australian alerts

An alert from the Australian Government website suggests users try Microsoft's temporary fixes or consider an alternate browser.

But Paul Ducklin, Asia Pacific head of technology at Sophos, says "all browsers have vulnerabilities".

"Even though it's true that IE is exploited more than any other browser, you don't achieve security simply by switching."

"That's security through obscurity, which is merely false security."

"Good security means defence in depth, and in a well-defended network a single unpatched vulnerability in your browser shouldn't really be enough for the bad guys to get in."

Dr Mark Gregory, internet security expert at RMIT University, says any panic rush to another browser would not help protect users.

"Microsoft Internet Explorer is no worse than any other browser, they all have the same inherent flaws in them so a mass panic rush wouldn't do anything other than giving the hackers a new target," he said.

"Microsoft products are no more susceptible to hacking than other products, but because they are the largest they are often the target."

George Kurtz, worldwide chief technology officer of security firm McAfee, said on his blog last week that the Google attack was a fresh threat.

"All I can say is wow. The world has changed," Mr Kurtz said.

"Everyone’s threat model now needs to be adapted to the new reality of these advanced persistent threats."

"In addition to worrying about Eastern European cybercriminals trying to siphon off credit card databases, you have to focus on protecting all of your core intellectual property, private nonfinancial customer information and anything else of intangible value."

What can you do?

- Download an alternate browser: Mozilla Firefox, Apple Safari, or Google Chrome are the main alternatives.

- Upgrade from IE6: Internet Explorer 8 is technically still vulnerable, but Microsoft has not advised of any exploits in the wild.

- Upgrade your browser's security: Tips from US security agency CERT.

- Follow Government advice: Online alerts from Stay Smart Online.

Via - Trusted Reviews , BBC News ,



Post a Comment