[infoshare] Fw: Accessible Devices Serious Security Flaw Found In Internet Explorer
- From: "Luis Guerra" <jerseypalisades@xxxxxxxxxxx>
- To: "InfoShare" <InfoShare@xxxxxxxxxxxxx>
- Date: Tue, 16 Dec 2008 12:17:42 -0500
This is something that we should at least be aware of.
BBC NEWS
Serious security flaw found in IE
Users of Microsoft's Internet Explorer are being urged by experts to switch
to a
rival until a serious security flaw has been fixed.
The flaw in Microsoft's Internet Explorer could allow criminals to take
control of
people's computers and steal their passwords, internet experts say.
Microsoft urged people to be vigilant while it investigated and prepared an
emergency
patch to resolve it.
Internet Explorer is used by the vast majority of the world's computer
users.
"Microsoft is continuing its investigation of public reports of attacks
against a
new vulnerability in Internet Explorer," said the firm in a security
advisory alert
about the flaw.
Microsoft says it has detected attacks against IE 7.0 but said the
"underlying vulnerability"
was present in all versions of the browser.
Other browsers, such as Firefox, Opera, Chrome, Safari, are not vulnerable
to the
flaw Microsoft has identified.
Browser bait
"In this case, hackers found the hole before Microsoft did," said Rick
Ferguson,
senior security advisor at Trend Micro. "This is never a good thing."
As many as 10,000 websites have been compromised since the vulnerability was
discovered,
he said.
"What we've seen from the exploit so far is it stealing game passwords, but
it's
inevitable that it will be adapted by criminals," he said. "It's just a
question
of modifying the payload the trojan installs."
Said Mr Ferguson: "If users can find an alternative browser, then that's
good mitigation
against the threat."
But Microsoft counselled against taking such action.
"I cannot recommend people switch due to this one flaw," said John Curran,
head of
Microsoft UK's Windows group.
He added: "We're trying to get this resolved as soon as possible.
"At present, this exploit only seems to affect 0.02% of internet sites,"
said Mr
Curran. "In terms of vulnerability, it only seems to be affecting IE7 users
at the
moment, but could well encompass other versions in time."
Richard Cox, chief information officer of anti-spam body The Spamhaus
Project and
an expert on privacy and cyber security, echoed Trend Micro's warning.
"It won't be long before someone reverse engineers this exploit for more
fraudulent
purposes. Trend Mico's advice [of switching to an alternative web browser]
is very
sensible," he said.
PC Pro magazine's security editor, Darien Graham-Smith, said that there was
a virtual
arms race going on, with hackers always on the look out for new
vulnerabilities.
"The message needs to get out that this malicious code can be planted on any
web
site, so simple careful browsing isn't enough."
"It's a shame Microsoft have not been able to fix this more quickly, but
letting
people know about this flaw was the right thing to do. If you keep flaws
like this
quiet, people are put at risk without knowing it."
"Every browser is susceptible to vulnerabilities from time to time. It's
fine to
say 'don't use Internet Explorer' for now, but other browsers may well find
themselves
in a similar situation," he added.
Do you use Microsoft's Internet Explorer? Have you been a victim of internet
crime?
Send your comments to the BBC using the form below:
In most cases a selection of your comments will be published, displaying
your name
and location unless you state otherwise in the box below.
Name
Your E-mail address
Town & Country
Phone number (optional):
Comments
Story from BBC NEWS:
http://news.bbc.co.uk/go/pr/fr/-/2/hi/technology/7784908.stm
Published: 2008/12/16 09:20:39 GMT
© BBC MMVIII
www.vipconduit.com
and
www.accessible-devices.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://mail.accessible-devices.com/pipermail/a-d_accessible-devices.com/attachments/20081216/0face0aa/attachment.html>
This is an Announce only list. Subscribers are not able to post to this
list.
To unsubscribe from the Accessible Devices list copy the line below. Paste
it in
the To: line of a blank message and send it.
a-d-unsubscribe@xxxxxxxxxxxxxxxxxxxxxx
Please feel free to pass this message on to a friend who might like to
subscribe.
To subscribe to Accessible Devices send a blank e mail to:
a-d-subscribe@xxxxxxxxxxxxxxxxxxxxxx
Just follow the directions in the confirmation message when it comes.
Please Note: Accessible Devices is not able to provide tech support for
software or products that we supply information about.
_______________________________________________
A-d mailing list
A-d@xxxxxxxxxxxxxxxxxxxxxx
http://mail.accessible-devices.com/mailman/listinfo/a-d_accessible-devices.com
Other related posts:
- » [infoshare] Fw: Accessible Devices Serious Security Flaw Found In Internet Explorer - Luis Guerra
