Skip to main content

IT Security Police: 'Step Away From That IE'


IT Security Police: 'Step Away From That IE'


A flaw in Internet Explorer unknown to researchers was recently uncovered and poses an immediate threat to users. While Microsoft has offered a series of steps to take to avoid damage, Kaspersky Lab security researcher Kurt Baumgartner has other advice: "In my humble opinion, it seems like a smart idea to switch to another browser for now, like Google's Chrome, if you can."

Internet Explorer is too dangerous to use, according to warnings from throngs of security experts, including Germany's Federal Office for Information Security.

The German government agency issued an alert that advises citizens to avoid using Internet Explorer and use an alternate browser until a patch can be found for a vulnerability discovered last week. The flaw allows hackers to execute code on infected computers.

"There really isn't any great defense against this," Johannes Ullrich, chief technology officer for the SANS Internet Storm Center told TechNewsWorld. "Right now, the best thing to do is not use Internet Explorer."

Microsoft is working feverishly to plug the flaw, a "Zero Day" vulnerability -- a defect unknown to a software maker until it's discovered by someone else, such as security researchers or hackers.

The vulnerability was discovered by Luxembourg security researcher Eric Romang on Sept. 14 while scrutinizing some servers used by a group of Chinese hackers called the Nitro Gang to exploit a Zero Day Java flaw last month.


Microsoft Reacts


On Monday, Microsoft alerted IE users of the risks facing them due to the defect. "The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer," it stated in a security advisory.

"An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website," it continued.

The advisory noted that the flaw affected IE versions 6 through 8 for Windows XP, seven through nine for Windows Vista, and eight and nine for Windows 7.

Microsoft made several recommendations for users to reduce the risks associated with the vulnerability until the company can push a patch out to address the problem. They included:

Install the company's free Enhanced Mitigation Experience Toolkit (EMET), which implements additional security measures on Windows machines.
Configure Internet and intranet security zone settings to "high" to block ActiveX and Active Scripting in those areas.
Configure IE to display prompts before running Active Scripting or disable the feature entirely in the Internet and intranet security zones.
Challenging Solution

Microsoft's recommendations come with some warts, however. Researchers have already found a way to evade EMET, according to Kurt Baumgartner, a senior security researcher with Kaspersky Lab.

Even if EMET weren't vulnerable, it's a solution unlikely to appeal to most users. "It's not something the average user is going to use," Ullrich maintained. "It's something for more professional users. It's not a great workaround."

Professional users may also avoid the EMET solution because it can be time consuming to roll out to a large organization, according to Donald S. Retallack, research vice president for systems management & security for Directions on Microsoft.

"System administrators with large scale software management tools, like the System Center products, could push EMET out to an organization," he explained to TechNewsWorld. "But it gets pretty complicated when you have to install it on machines that aren't on your network -- roaming laptops and so forth."

Another Wart


Cranking up IE's security zone settings also has drawbacks, Baumgartner added. "That will mess up website rendering," he told TechNewsWorld, "and the same goes for enabling IE prompts for Active Scripting or disabling Active Scripting altogether."

"In my humble opinion, it seems like a smart idea to switch to another browser for now, like Google's Chrome, if you can," he recommended.

Directions on Microsoft's Retallack believes Microsoft will act quickly to plug the IE vulnerability. "They're taking this seriously," he said.

And they should because momentum is building in the Internet underground to rapidly exploit the vulnerability in malware, according to Kaspersky's Baumgartner. "The risk of mass exploitation accelerates rapidly not because the vulnerability is known but because exploit code targeting the vulnerability is being open source distributed," he explained.

Browser Wars


With Microsoft trying to regain market share for its browser -- it's currently running a national television advertising campaign for IE -- will this current security setback hurt it in the browser wars?

Not very much, according to Vince Vizzaccaro, executive vice president for marketing and strategic alliances for Net Applications, a web analytics firm. Historical data shows widely publicized security incidents don't have long-term effects on market share.

"Many people are unaware of the security threats that come up with their browsers and thereby make no changes to their browsing behavior," he explained to TechNewsWorld.

"Of those people who are aware of the threats," he continued, "most are aware that browser security is taken seriously by all the major browser providers and that while there are breaches on occasion, these breaches tend to be dealt with quickly to minimize the impact on users."

Comments

Post a Comment

Popular posts from this blog

How to use ng-href directive in AngularJS

ng-Href Directive                  ng-Href directive is hyper link markup to a text in angularJs. This hyperlink will change able to implement dynamic url {{hash}} value. Hash value to assign in a controller to happened user click event fire to assign dynamic url. This Value is undefined means it will return to 404 page. ng-Href directive Example  HTML:      <div ng-app="anchor">     <div ng-controller="anchorController">         <a ng-href="http://www.google.com" ng-click="show($event)">Anchor Tag</a>     </div>   </div> Javascript :  var anch = angular.module('anchor', []); anch.controller('anchorController',['$scope', '$window', function($scope, $window){     $scope.show = function(obj) {       $window.open(obj.target.href);     } }]); Result :  Demo
4 comments
Read more

A simple start and stop timer counter in angularjs

     AngularJs using to create a start and stop counting timer functionality application. This application is need the following directive like $interval and $filter , We create default time object is display current timer clock functions.         A timer counter is have three functionality as below that start, stop and reset. A start function is called to start the $ interval directive to active so now counter is begin, This moment you are unable to proceed a reset logic.         Stop function is is call to $ interval belongs one of the method like cancel , This method make corresponding active interval prose is stop it. Reset function is call to reset all scope value is to be zero. HTML: <div ng-app="timerApp">     <div ng-controller="timerController">         Current Time : {{time}} <br/>         <hr/>                <Button ng-click="timer_start()">Start</Button>         <Button ng-click=&
Post a Comment
Read more

How has lockdown impacted Indian farmers?

How has lockdown impacted Indian farmers?             Generally compare to other sectors it's not major impacted by our Indian farmers but we acceptable minor impacts. Here we separate major two farming cultures one is mono farming culture another one poly farming culture. Mono farming :             The major impacts from our Indian farmer for monoculture. Here I have briefly explained what are the things we had faced our local farmers. Here I explain two different crops type: Daily crops : * We harvest more than 100-kilo grams daily crops like brinjal but we unable to sell those in local markets. * We are unable to reach urban markets. * We don't have enough transport facilities. * We unable buy require fertilizer and other complements * In the early stage we are facing manpower shortage but later it's not an issue. * We unable to do value-added products. * Waste is very high for somedays Sessional Crops: * We major affect transport pr
Post a Comment
Read more