No. 1 Story
HP job cuts loom for Australian employees
A number of Australian employees of Hewlett-Packard are facing the loss of their jobs as the global computer giant looks to slash its worldwide workforce by up to 30,000.
read moreRelated Articles
Internet, Explorer, vulnerability, panic, dont, panicThe Month of Apple Bugs may be over, but Kevin Finisterre hasn't given up...
A majority of a Windows users sample have indicated that the latest
critical vulnerability in...
Three major flaws in the Intel Centrino Wi-Fi device drivers have been described as...
Australian anti-spam vendor TotalBlock Pty Ltd has been threatened with a service shutdown by...
In what is turning out to be the most serious security year on record,...
More From
Internet Explorer vulnerability: panic, or don't panic?
Stephen Withers
Tuesday, 19 January 2010 09:58
Page 1 of 3
While some European governments are recommending users abandon Internet Explorer in the light of the current security scare, Microsoft and some security vendors question the value of such a move.There has been speculation that this vulnerability - along with one in Acrobat and Reader that Adobe patched last week - was used in December's China-based attacks on Google and more than 30 other US companies.
Amichai Shulman, CTO of Imperva doubts this was the case.
"First, why are Google employees using IE and not Google's own browser, Chrome? This doesn't make sense," he said.
"Second, to execute an attack this sophisticated, it likely occurred as a result of spear phishing Google employees to gain access to Google users credentials. A hacker would have to jump through many hoops inside an internal network. This requires network — not browser — vulnerabilities so that the attacker can communicate with malware inside Google's internal network," added Shulman.
Microsoft has explained that Internet Explorer 6 is the only version affected by the exploit, which was subsequently made public.
Internet Explorer 7 on Windows XP has the same vulnerability, but a different exploit is needed due to memory layout differences between the two browser versions.
IE protected mode in Vista and Windows 7 prevents the current exploit from working, as does DEP (data execution prevention) in Internet Explorer 8.
DEP is enabled by default when Internet Explorer 8 is running on Windows XP SP3, Vista SP1 (and higher), or Windows 7.
DEP can be manually activated in Windows XP SP2, Windows Server 2003 SP2 (and higher), Windows Server 2008, and the release version of Vista by following this link to Microsoft's web site.
Which governments are advising users to abandon Internet Explorer, and what is Microsoft's response? Find out on page 2.
You think you have a disaster recovery plan?
Think again. Most businesses only have PART of a DR plan - and this spells business disaster in the event of an IT disaster.
Download The Seven Sins of Disaster Recovery White Paper now and find out how you can prevent this happening to you.
