New IE hole exploited in attacks on Google, other U.S. companies
I think that we may be approaching a time in which THE TRUE COSTS of using the hardware or software of any vendor will become public knowledge. There are COSTS associated with all of our choices in business. In the past, high-tech companies and others, like banks, have been able to hide embarrassing viral infections or security breaches by denying that they ever occurred or by sweeping the incident “under the rug” of internal secrecy. Only the very worst incidents that could not be concealed made it to the “press.”
A “MUST READ” article in CNET news, by Elinor Mills, quotes a Microsoft statement that:
The vulnerability affects Internet Explorer 6, IE 7, and IE 8 on Windows 7, Vista, Windows XP, Server 2003, Server 2008 R2, as well as IE 6 Service Pack 1 on Windows 2000 Service Pack 4, Microsoft said in an advisory on Thursday afternoon.
Yes, I admit it, having my own business means that I no longer have to use ANY of these products above (and I DON’T), as I did when I worked in high tech in Silicon Valley, and was forced to, by (sometimes well-meaning, but otherwise technologically unsophisticated) management. If you have your own business and you STILL work for an idiot, it is a totally different problem. The term “vectors” has a special meaning for folks like me with advanced degrees in microbiology. This may be one of the examples of “art” (software engineering) imitating “life,” rather than the other way around!
The CNET article reveals the scope of the recent attack on Google and others. Chinese human rights activists were only SOME of the actual targets. CNET provides a link to another MUST READ article by Ms. Mills, and further states that:
“Source code was stolen from some of the more than 30 Silicon Valley companies targeted in the attack, sources said. Adobe has confirmed that it was targeted by an attack, and sources have said Yahoo, Symantec, Juniper Networks, Northrop Grumman, and Dow Chemical also were targets.“
It becomes a lot less concealable, and MUCH less “honorable”, to “bury” information about an attack on U.S. firms that originates in a foreign country. And software defects in our product choices become vehicles by which intellectual property (source code) can be (and was) stolen….
CNET provided important details from Microsoft on the nature of this particular software defect and ways to “mitigate” the attacks:
Ah, there go those “ActiveX Controls” again! Have they actually been a major problem for their entire existence?
McAfee CTO, George Kurtz, wrote about the vulnerability earlier today in a blog post:
Dmitri Alperovitch, vice president of threat research at McAfee observed that:
Please read both excellent articles by Elinor Mills of CNET for further details of this ground-breaking attack that occurred over the holidays, when many companies had fewer staff on hand.
It seems pretty obvious to me that the days in which companies hid problems with their hardware and software choices (or denied them) are coming to an end. Such concealment and denial are no longer in the interests of our nation, or of the companies themselves.
(Note added on January 15, 2010: The exploit code for this attack has been released on the Internet, and the German federal security agency issued a statement today urging its citizens to use an alternative browser to IE until a patch arrives. [Yeah, the Germans are pretty smart.] (Note added January 19, 2010: The French, too…!) Meanwhile, the U.S. government, while NOT urging anything so sensible, plans to ask China for a formal explanation of the cyberattacks against Google and other U.S. companies. CNET’s Elinor Mills has a video on the subject of the attacks.)
(Update added January 23, 2010: Microsoft released a “cumulative critical” patch for the “Google attack” flaw in IE, along with seven other “holes” in IE. )
(Note added January 16, 2010: You can download a version of Firefox [Mac or PC] in an International edition that “speaks your language” here. You can download a version of Safari for Mac or PC here. I use both, on Mac [of course!], at the same time. Most of my visitors on PC use Firefox. [Not an endorsement….])
-Bill at
Cheshire Cat Photo™ – “Your Guide to California’s Wonderland™”
You can view higher-resolution photos (*generally* 7-30 megabytes, compressed) at the Cheshire Cat Photo™ Pro Gallery on Shutterfly™, where you can also order prints and gifts decorated with the photos of your choice from the gallery. Apparel and other gifts decorated with some of our most popular photos can be ordered from the Cheshire Cat Photo™ Store on CafePress®. Both Shutterfly™ and CafePress® ship to most international locations worldwide! Framed prints and prints on canvas can be ordered from our galleries on imagekind® and redbubble®. All four locations are accessible from here. If you don’t see what you want or would like to receive an email when new photos are up on the site, send us an email at info@cheshirecatphoto.com.
©2010 William F. Hackett. All Rights Reserved.