[net-gold] INTERNET: BROWSERS: INTERNET EXPLORER: France, Germany Say Stop Using Internet Explorer 6
- From: "David P. Dillard" <jwne@xxxxxxxxxx>
- To: Net-Gold <Net-Gold@xxxxxxxxxxxxxxx>, Temple University Net-Gold Archive <net-gold@xxxxxxxxxxxxxxxxxxx>, Temple Gold Discussion Group <TEMPLE-GOLD@xxxxxxxxxxxxxxxxxxx>, Net-Gold <net-gold@xxxxxxxxxxxxxxxx>, Sean Grigsby <myarchives1@xxxxxxxxxxxxxxx>, Educator Gold <Educator-Gold@xxxxxxxxxxxxxxx>, Educator Gold <Educator-Gold@xxxxxxxxxxxxxxxx>, K12AdminLIFE <K12AdminLIFE@xxxxxxxxxxxxxxx>, Net-Platinum <net-platinum@xxxxxxxxxxxxxxx>, NetGold <netgold@xxxxxxxxxxxxxxx>, "Net-Gold @ Nabble" <ml-node+3172864-337556105@xxxxxxxxxxxxx>, K-12ADMINLIFE <K12ADMIN@xxxxxxxxxxxxxxxxxxx>, MediaMentor <mediamentor@xxxxxxxxxxxxxxx>, Digital Divide Diversity MLS <mls-digitaldivide@xxxxxxxxxxxxxxx>, net-gold@xxxxxxxxxxxxx
- Date: Tue, 19 Jan 2010 08:08:52 -0500 (EST)
.
INTERNET: BROWSERS: INTERNET EXPLORER:
France, Germany Say Stop Using Internet Explorer 6
France, Germany Say Stop Using Internet Explorer 6
By Thomas Claburn
Information Week
January 19, 2010 06:00 AM
<http://www.informationweek.com/news/security/
vulnerabilities/showArticle.jhtml?articleID=222301351>
A shorter URL for the above link:
<http://tinyurl.com/yd5yxga>
December's "Operation Aurora" cyber attack from China, which Google
disclosed last week, has prompted French and German information security
organizations to recommend against the use of Internet Explorer 6, at
least until a patch is released to address the vulnerability.
The attack, which resulted in the loss of intellectual property belonging
to Google and perhaps to other companies, leveraged an Internet Explorer
vulnerability.
Mike Reavy, Microsoft's director of security response, said on Thursday
that the Internet Explorer flaw was "one of several attack mechanisms that
were used."
The warning comes at a bad time for Microsoft, which has been hoping that
Windows 7 adoption will reverse Internet Explorer's ongoing loss of market
share. According to NetApplications, Internet Explorer's global market
share declined 11 out of 12 months in 2009.
France's CERTA and Germany's BSI each cite Internet Explorer 6, 7, and 8
in their warnings and also advise that users disable JavaScript, a
recommendation sometimes put forth by US-CERT after significant browser
vulnerabilities are revealed. Disabling JavaScript can hinder the
operation of many Web sites, or render them inaccessible.
Microsoft Recommends Upgrade To IE 8 While Germany, France Issue Warning
1/19/2010 4:15 AM ET
RTT News
<http://www.rttnews.com/ArticleView.aspx?Id=1182740&SMap=1>
(RTTNews) - Amid growing concerns regarding Internet security after
revelations of hacker attacks on Google, Inc. (GOOG: News ) and other U.S.
companies, Microsoft Corp.'s (MSFT: News ) investigation center for
security vulnerabilities, Monday, said that it continues to recommend
customers to upgrade to Internet Explorer 8 to benefit from its improved
security protection.
The recommendation of the Microsoft Security Response Center, or MSRC,
came in the wake of German and French security agencies' January 15th
statements, in which they recommended users to switch to an alternative
browser from Microsoft Internet Explorer due to its critical yet unknown
vulnerability.
Germany's Federal Office for Information Security, known by its German
initials, BSI, promotes IT security in Germany and provides IT security
services to the federal government.
According to the BSI, Internet Explorer's vulnerability allows attackers
to inject malicious code via a specially crafted Web page into a Windows
computer to infiltrate and set up. The hacker attack on Google and other
U.S. companies that came to light last week has probably exploited this
vulnerability, the BSI said.
The German agency also stated that Internet Explorer 6, 7, and 8 on
Windows systems XP, Vista and Windows 7 are the affected versions.
January 18, 2010 7:31 PM
Don't Kill the Messenger: Blaming IE for Attacks is Dangerous
By Tony Bradley
PC World
<http://www.pcworld.com/businesscenter/article/187119/
dont_kill_the_messenger_blaming_ie_for_attacks_is_dangerous.html>
A shorter URL for the above link:
<http://tinyurl.com/yzlbj62>
In the wake of the attacks in China it has been determined that a zero-day
flaw in Microsoft's Internet Explorer Web browser is one of the primary
exploits used to compromise target systems. Germany, and now France, feel
the solution is easy--stop using Internet Explorer. This simplistic
approach is shortsighted and may create a false sense of security.
Blaming Internet Explorer
The attacks against Google, and an array of other private corporations,
political activists, and international journalists, which have led Google
to consider shutting down operations in China completely, did use Internet
Explorer as an attack vector.
McAfee CTO George Kurtz explains on his blog "In our investigation we
discovered that one of the malware samples involved in this broad attack
exploits a new, not publicly known vulnerability in Microsoft Internet
Explorer."
It is worth noting that Kurtz used the phrase "one of the malware
samples", implying that there are others and that additional attack
vectors may be involved. There is a fair chance that Internet Explorer is
not alone in enabling the attacks.
I asked Kurtz about initial speculation that the Adobe Reader zero day
exploit patched by Adobe last week was involved. He responded "We have
heard the rumors but have not confirmed nor analyzed any malware specific
to these attacks that used Adobe Reader. I can only comment on the malware
we have examined and there certainly could be other pieces of malware that
have not yet been discovered. Additionally, it is common for an attacker
to leverage one point of access as a pivot point, and attack other
internal systems with different exploits specific to that operating system
or application."
False Sense of Security
<snip>
Are Microsoft's Support Policies Burning Businesses?
Or Vice Versa?
01.18.10
by Larry Seltzer
PCMAG
<http://www.pcmag.com/article2/0,2817,2358177,00.asp>
I've written it many times before: Nobody is more generous with support
lifecycles than Microsoft. Operating system security updates are provided
for about 10 years. Are Linux or Mac OS versions from 10 years ago still
being updated? The answer is and has been "no," and for a long time.
Combine this with a couple of side policies of Microsoft's: The company
doesn't issue new browsers with OS service packs, but Microsoft continues
to support the browser that comes with the operating system for about 10
years. The technical term for this is "Nearly Unlimited Technical Support"
or NUTS.
And it's not just browsers. Because Windows 2000 is still supported, so is
Outlook Express 5.5 (possibly 5.01 as well, I can't quite confirm it).
Consider this in light of the recent Aurora incident, in which one of, and
perhaps the main attack vector, was a 0-day vulnerability in Internet
Explorer. Virtually every version of IE is vulnerable, but as a practical
matter only Windows XP users are threatened, and probably only those
running IE6. This isn't a coincidence; users are protected against the
basic vulnerability in Vista, Windows 7 and IE8 because of
defense-in-depth measures added by Microsoft long after the release of
Windows XP.
And yet Windows XP with Internet Explorer 6 will continue as a supported
platform until April 8, 2014.
If Microsoft were only dealing with consumers I think their policies would
be different, but this is all about business. 10 years appears to be as
often as Microsoft is willing to tell business customers "you must
upgrade." This is just too deferential to business policies which aren't
all that defensible.
January 18th, 2010
Google sits pretty while Microsoft does damage control
Posted by Garett Rogers @ 11:33 pm
ZDNET
<http://blogs.zdnet.com/Google/?p=1693>
While Google is almost being looked at as a hero in this whole China
ordeal, Microsoft has been trying to do some damage control by telling
people that if they switch from the browser, they are actually putting
themselves at more risk. This specific problem only exists in IE6, but
even legacy browsers are causing the browser landscape to change.
This is a PR nightmare for Microsoft, and its only going to get worse if
and when more exploits like this make their way into headlines.
------------------------------------------
The complete articles may be read at the URLs provided for each.
WEBBIB0910
Sincerely,
David Dillard
Temple University
(215) 204 - 4584
jwne@xxxxxxxxxx
<http://daviddillard.businesscard2.com>
Net-Gold
<http://groups.yahoo.com/group/net-gold>
Index: <http://tinyurl.com/myxb4w>
<http://listserv.temple.edu/archives/net-gold.html>
<http://groups.google.com/group/net-gold?hl=en>
General Internet & Print Resources
<http://guides.temple.edu/general-internet>
COUNTRIES
<http://guides.temple.edu/general-country-info>
EMPLOYMENT
<http://guides.temple.edu/EMPLOYMENT>
TOURISM
<http://guides.temple.edu/tourism>
DISABILITIES
http://guides.temple.edu/DISABILITIES
INDOOR GARDENING
<http://tech.groups.yahoo.com/group/IndoorGardeningUrban/>
Educator-Gold
<http://groups.yahoo.com/group/Educator-Gold/>
K12ADMINLIFE
<http://groups.yahoo.com/group/K12AdminLIFE/>
RUSSELL CONWELL CENTER SUBJECT GUIDE
http://guides.temple.edu/Russell-Conwell-Center
THE COLLEGE LEARNING CENTER
<http://tinyurl.com/yae7w79>
Nina Dillard's Photographs on Net-Gold
http://tinyurl.com/36qd2o
and also http://gallery.me.com/neemers1
Net-Gold Membership Required to View Photos on Net-Gold
Twitter: davidpdillard
Bushell, R. & Sheldon, P. (eds),
Wellness and Tourism: Mind, Body, Spirit,
Place, New York: Cognizant Communication Books.
Wellness Tourism: Bibliographic and Webliographic Essay
David P. Dillard
<http://tinyurl.com/p63whl>
<http://tinyurl.com/ou53aw>
INDOOR GARDENING
Improve Your Chances for Indoor Gardening Success
http://tech.groups.yahoo.com/group/IndoorGardeningUrban/
http://groups.google.com/group/indoor-gardening-and-urban-gardening
SPORT-MED
https://www.jiscmail.ac.uk/lists/sport-med.html
http://groups.google.com/group/sport-med
http://groups.yahoo.com/group/sports-med/
http://listserv.temple.edu/archives/sport-med.html
Health Diet Fitness Recreation Sports Tourism
http://health.groups.yahoo.com/group/healthrecsport/
http://groups.google.com/group/healthrecsport
http://listserv.temple.edu/archives/health-recreation-sports-tourism.html
Please Ignore All Links to JIGLU
in search results for Net-Gold and related lists.
The Net-Gold relationship with JIGLU has
been terminated by JIGLU and these are dead links.
http://groups.yahoo.com/group/Net-Gold/message/30664
http://health.groups.yahoo.com/group/healthrecsport/message/145
.
Other related posts:
- » [net-gold] INTERNET: BROWSERS: INTERNET EXPLORER: France, Germany Say Stop Using Internet Explorer 6 - David P. Dillard
