Microsoft admits Internet Explorer at fault in Google China hacking

January 15, 2010
by

Microsoft admits Internet Explorer at fault in Google China hackingMicrosoft says an Internet Explorer flaw may be responsible for allowing hackers to attack Google in China. The attack had previously been thought to be down to a problem with Adobe Acrobat Reader.

The firm’s security response chief Mike Reavey said, “Based upon our investigations, we have determined that Internet Explorer was one of the vectors used in targeted and sophisticated attacks against Google and possibly other corporate networks.”

Internet Explorer was fingered as the culprit by security firm McAfee, which discovered the flaw. The firm believes all versions of the browser, running on all versions of Windows, could be at risk, though the hackers had only targeted Internet Explorer 6.

According to McAfee, the attacks weren’t just limited to Google. George Kurtz, the firm’s chief technology officer, said they were part of a scheme dubbed Operation Aurora and involved attempts to steal or even modify company data without detection:

“Operation Aurora looks to be a coordinated attack on many high profile companies targeting their intellectual property… this malware enabled the attackers to quietly suck the crown jewels out of many companies while people were off enjoying their December holidays.

The flaw can only be exploited if the victim visits an infected website, for example through a bogus link in an e-mail. For individuals, that means common sense should be security enough. With companies, which appear to be the main target, it’s a numbers game: with hundreds or thousands of employees, it only takes one to get fooled for the trouble to start.

Microsoft has given its standard response to the security flaw: it’s investigating the issue and if appropriate will release a patch either as part of the next monthly update or as an “out-of-cycle” update if needed.

The problem involves Internet Explorer allowing remote code execution when an invalid pointer reference is followed. As a (somewhat strained) metaphor, imagine a festival organizer erecting signs to the temporary site and then mistakenly leaving one of the signs up after the event. A driver who follows that sign would then wind up confused, drop their concentration and be at greater risk of being carjacked. The situation is worse in reality as common sense would eventually allow the driver to figure out what had happened with the sign, a luxury not available to computers.



Related Posts:

Posted in Security | 6 Comments » Read more from

6 Responses to “Microsoft admits Internet Explorer at fault in Google China hacking”

  1. DavidB:
    January 16th, 2010

    How many idiot companies are going to have to get hacked before they upgrade to a browser that’s up to date? Geez, IE6 still? Come on…no excuse.

  2. Mr. X:
    January 16th, 2010

    What I find more interesting is Microsoft taking a bullet here…this is a strange turn of events in this whole fiasco…

  3. Paul:
    January 17th, 2010

    “Microsoft admits Internet Explorer at fault in Google China hackingJanuary 15, 2010″

    I feel using the safe and quick Fierfox on a Linux OS adds to security.

  4. Siru Drawoh:
    January 17th, 2010

    When in doubt, Firefox.

  5. Philg:
    January 18th, 2010

    Somethings got to be done about China. I already block most of their ip addresses from my home and at work. Its a practice that needs to be implemented by all. If you dont do business overseas you dont need it.

  6. Mr. X:
    January 18th, 2010

    I do business with China. Its one of the last free market places in the world where wealth creation is actually encouraged and rewarded…

Leave a Reply:


Recent stories

Featured stories

Archives

Copyright © 2012 Blorge.com NS