Internet Explorer users warned change browser
From Times Online
December 16, 2008
Nico Hines
Internet Explorer users warned to change browser over security fears
Microsoft admitted today that a serious flaw in security has left the majority of the world’s internet users exposed to attacks from hackers hoping to steal personal data and passwords.
A loophole in Internet Explorer (IE), the default web browser on most computers, allows criminals to commandeer victims’ PCs by tricking them into visiting unsafe websites.
It is thought that two million computers have already been affected as Microsoft conceded that 1 in 500 internet users may have been exposed.
Computer users are advised by some security experts to switch to an alternative internet browser, such as Firefox or Google Chrome, to avoid the hackers who have so far corrupted an estimated 10,000 websites.
Microsoft said that it is considering the release of an emergency update to correct the flaw. The computing company claims that it has only detected attacks on Internet Explorer 7, the most common version of the browser, but gave warning that other versions are also potentially vulnerable.
The hack was initially devised by Chinese criminals, who have been stealing computer game passwords that can be sold on the black market.
However, Paul Ferguson, a security researcher for Trend Micro Inc, an anti-spyware provider, said that the security breach is so severe that it could be “adopted by more financially motivated criminals for more serious mayhem — that’s a big fear right now”.
Since the security flaw was reported on December 9, Microsoft said that there has been an exponential increase in attacks attempting to make use of the vulnerability. These opportunistic hackers who exploit known security breaches are called “zero-day” attackers.
These threats occur as hackers race against software makers to attack the affected programmes, such as IE, before the known problems are repaired.
“Zero days are unusual — and zero days in the world’s most popular browser on the world’s most popular operating system are really unusual,” said a Trend Micro spokesman. “The threat from it is only going to grow."
John Curran, a spokesman for Microsoft, said: “Right now it’s affecting about 0.2 per cent of users who may have come in touch with the vulnerability.
“It has the potential to move world wide rather quickly so it’s a significant issue and that’s why Microsoft is working diligently to get it resolved as quickly as possible.
“We are recommending four steps [see below] which would protect you from the vulnerabilities we know today but there could be variations to the vulnerabilities.
“Obviously the chance for this to be exploited is there.”
The company is telling users to employ a series of complicated workarounds to minimise the threat. It has been suggested that increasing the internet security zone level to high and disabling Ole32db.dll in the access control list could help protect a computer.
Some security experts, though, have advised IE users switch to another browser until an update is released. The next scheduled patch is not due until January 13 but it is not unusual for Microsoft to release an emergency patch.
Microsoft have struggled to build an appropriate patch thus far because the affected component is at the very core of the IE programme and any changes to the central code could cause a number of unexpected side-effects.
Microsoft’s advice for Internet Explorer users
1. Keep your anti-virus up-to-date. Microsoft has circulated the definitions of these vulnerabilities to all the major anti-virus providers.
2. Reset Internet Explorer to run in protected mode. This is the default mode in Windows Vista but not XP or the earlier versions.
3. Set zone security to high.
4. Ensure Windows is updated. You can do this manually through Windows updater or set it to automatic updates.
More complex and comprehensive approaches are listed on the Microsoft website.
http://technology.timesonline.co.uk/tol/news/tech_and_web/article5351749...
Good thing I use Mozilla and Safari!
The easiest way to keep your computer safe is to stop using Internet Explorer. -Yahoo! News
cheers,
paul
Wednesday, 17 December 2008
Microsoft plans quick fix for IE
Microsoft Internet Explorer logo, file pic from 2004
Internet Explorer is used by vast majority of world's computer users
Microsoft is due to issue a patch to fix a security flaw believed to have affected as many as 10,000 websites.
The emergency patch should be available from 1800 GMT on 17 December, Microsoft has said.
The flaw in Microsoft's Internet Explorer browser could allow criminals to take control of people's computers and steal passwords.
Internet Explorer is used by the vast majority of computer users and the flaw could affect all versions of it.
So far the vulnerability has affected only machines running Internet Explorer 7.
Potential danger
According to Rick Ferguson, a senior security adviser at security firm Trend Micro, the flaw has so far been used to steal gaming passwords but more sensitive data could be at risk until the security update is installed.
"It is inevitable that it will be adapted by criminals. It's just a question of modifying the payload the trojan installs," he said.
It is relatively unusual for Microsoft to issue what it calls an "out-of-band" security bulletin and experts are reading the decision to rush out a patch as evidence of the potential danger of the flaw.
Some experts have suggested that users switch browsers until the flaw is fixed.
Firefox, Opera, Chrome and Apple's Safari system are not vulnerable to this current flaw.
But Graham Cluley, senior consultant with security firm Sophos, said no browser is exempt from problems.
"Firefox has issued patches and Apple has too. Whichever browser you are using you have to keep it up to date," he said.
"People have to be prepared and willing to install security updates. That nagging screen asking if you want to update should not be ignored," he said.
MICROSOFT SECURITY ADVICE
Change IE security settings to high (Look under Tools/Internet Options)
Switch to a Windows user account with limited rights to change a PC's settings
With IE7 or 8 on Vista turn on Protected Mode
Ensure your PC is updated
Keep anti-virus and anti-spyware software up to date
http://news.bbc.co.uk/2/hi/technology/7787445.stm
That's why i don't use IE. Long Live Mozilla Firefox! :D
(more of an annoyance really) is when I google something the links all come up on the right hand side of the screen (aka going from right to left as in Arabic script). It's difficult to easily read the English results.
I think I DID look, a few months ago, to see if I could change that, but ran out of patience.
I'm forced to use IE for some data sites at work :o(
I use Opera at home ;o)
Did you Google it first?
but couldn't get on with it at that time. When I tried to resurrect it from the desktop short cut yesterday it wouldn't connect, so I downloaded it all over again and THIS time it is MUCH more user-friendly. For a start most of my 'favourites' have been copied across from IE - that didn't happen a year ago!
What's the video Speed? I better go look!
Is there anyone who uses IE still? LOL go firefox or chrome.
Poverty is not for the sake of hardship. No, it is there because nothing exists but God. Poverty unlocks the door -- what a blessed key!
- Jalaluddin al-Rumi
http://video.google.com/videoplay?docid=1954933468700958565&hl=es
God know what is true and what is going to happen in near future.
But after seeing this video i am more serious for my children future now.
[img_assist|nid=53652|title=|desc=|link=none|align=center|width=|height=0]
land or invest in Gold. Keep Gold with you instead of money.
[img_assist|nid=53652|title=|desc=|link=none|align=center|width=|height=0]
use alternative web browser. i recommend Mozilla firefox,i'm using it instead of IE. Firefox even warns you of the sites you are opening if there's a virus on it. IE are known for its vulnerability and prone to virus attacks and hackers.
101 things that the Mozilla browser can do that IE cannot.
kindly read this site > http://www.xulplanet.com/ndeakin/arts/reasons.html
With all that's been going on recently, it's enough to make me go back to:
a) keeping my money under the bed and
b) using pen and paper and metal filing cabinets!
:o/
in this part of the world :-(
[img_assist|nid=53652|title=|desc=|link=none|align=center|width=|height=0]
"Some security experts, though, have advised IE users switch to another browser until an update is released. The next scheduled patch is not due until January 13 but it is not unusual for Microsoft to release an emergency patch".
I've gone over to Firefox until such time as Microsoft get that 'emergency' patch out, although I doubt hackers are interested in the likes of me, but one never knows - people DO do their personal banking on line, so ..
I suppose keeping Windows Live Messenger open is OK provided you don't use it for browsing?