“Microsoft has admitted that its Internet Explorer was a weak link in the recent attacks on Google’s systems that originated in China,” BBC News reports.
MacDailyNews Take: Why are the so-called geniuses at Google using the world’s worst browser? If you’re going to test for IE, test the POS in a safe, segregated manner; don’t use it for business.
The Beeb continues, “The firm said in a blog post on Thursday that a vulnerability in the browser could allow hackers to remotely run programs on infected machines. Following the attack, Google threatened to end its operations in China.”
“‘Based upon our investigations, we have determined that Internet Explorer was one of the vectors used in targeted and sophisticated attacks against Google and possibly other corporate networks,’ said Microsoft’s Director of SecurityResponse Mike Reavey in the post,” The Beeb reports.
MacDailyNews Take: Director of Security Response for Microsoft. Busy guy.
The Beeb continues, “Security firm McAfee told news agency AFP that the attacks on Google, which targeted Chinese human rights activists worldwide, showed a level of sophistication above that of typical, isolated cyber criminal efforts.
McAfee’s vice-president of threat research Dmitri Alperovitch told AFP that although the firm had ‘no proof that the Chinese are behind this particular attack, I think there are indications though that a nation-state is behind it.'”
Full article here.
Jim Finkle reports for Reuters, “Google said on Tuesday that in mid-December, it detected an attack on its corporate infrastructure originating from China that resulted in the theft of its intellectual property. It eventually found that more than 20 other companies had been infiltrated.”
“McAfee said on Thursday that those who engineered the attacks tricked employees of the companies into clicking on a link to a website that secretly downloaded sophisticated malicious software onto their PCs through a campaign that the hackers apparently dubbed ‘Operation Aurora,'” Finkle reports.
“The programs allowed the hackers to take control of the PCs without the knowledge of their users, according to McAfee, which has been researching the matter on behalf of several companies involved in the attacks since late last week,” Finkle reports.
“McAfee’s Alperovitch declined to say which companies had hired McAfee, saying they had signed confidentiality agreements,” Finkle reports. “So far the only other victim to come forward is design software maker Adobe Systems Inc, which has said that it is still investigating the matter.”
Finkle reports, “Internet Explorer is vulnerable on all recent versions of the Windows operating system, including Windows 7, according to McAfee. Microsoft said attacks had been limited to IE6, an older version of the application.”
Full article here.
MacDailyNews Take: If you have a choice (i.e. no IT doofus standing over your shoulder dictating stupidity) and are still using Internet Explorer, STOP IMMEDIATELY! Go get yourself a real Web browser.
[Thanks to MacDailyNews Reader “Tom R.” for the heads up.]
Some of us (by “us” I mean me) are stuck on IE 6 (yes, 6 (six)) because of corporate bureaucracy and IT self preservation. It’s really sad. All web sites here at work look like complete trash and every time I ask for anything at all as a substitute (Safari, Firefox, Chrome, etc…) IT laughs it off and won’t provide. It’s impossibly frustrating working on such inferior technology.
But it’s cheaper… and the Dell guy said it’s just as good. ; )
What Googles considers a security flaw is what M$ sold to the chinese government as a security feature….don’t assume that other governments don’t do the same thing. As far Google knows…they have been hacked this one time in China or elsewhere.
“M$: The authoritarianism/totalitarianism begins here”
just my $0.02
Microsoft said it’s just as good too! And to IT Nimrods, Microsoft’s word is the word of GOD!
“The firm said in a blog post on Thursday that a vulnerability in the browser could allow hackers to remotely run programs on infected machines. Following the attack, Google threatened to end its operations in China.”
Maybe they should end operations with Microsoft products instead?
My IT security chief uses a very shrewd line of defense. There are many highly respected IT security companies that provide data on vulnerabilities on common applications (browsers, mail clients, IM/AV conference clients, productivity suites), as well as OSs. Very often (if not all the time), Safari seems to come up very high, even on top, with the total number of vulnerabilities. It certainly lists more than MSIE (we’re talking fully patched, of course). I find it extremely frustrating to argue with the guy. You can tell him a thousand times “How many exploits in the wild?!!!”, but he’ll keep going: “No, no, no… these are wide open vulnerabilities; anyone can hack tomorrow, then we’re screwed; I can’t take that risk”. How do you argue with such stubbornness? And I have no doubt, vast majority of IT security drones repeat the same mantra.
I wonder how many of these high-profile breaches have to happen before you finally get to these people. I have yet to read an article about Safari (or Firefox) being the vector for a major security attack.
Jim, unions just love IE. It brings everyone down to one incompetent level. Especially gummint unions.
Right, ron, because most corporate IT people are all unionized.
(since it’s obvious you’re pretty much set on the “repeat what Rush Limbaugh says” mode – the above is SARCASM)
Unions or not have nothing whatsoever to do with anything on this, it’s corporate groupthink (such as Predrag mentioned) and penny-wise-pound-foolish corporate management (that keeps buying more “cost effective” Dell products) that’s the issue.
I would be one of those corporate “IT Drones” you speak of. I cannot stand I.E. We use Firefox exclusively but it doesn’t matter. My users still get nailed by malware online. Somehow Fake-AV always finds a way through and infects the desktop. We cannot use Safari because it does not render or work properly with many of our corporate software tools and systems. The best and only way to tackle this is have a good up to date AV on the desktop, Gateway Malware/AV detection and to educate (or strike fear into them!) your users to recognize when something is amiss and call you immediately.
Doesn’t google have it’s own browser? Isn’t it a bit awkward that they still use inferior IE 6? How come any of the staff are allowed to use it.
It is hard to believe that they got sucked into the Microsoft dark side. Did they not have their top guy on Apple’s board? Did he not learn anything their? Google could have at least had their people surfing with Safari and remove their administrative rights on those PC until they take a class in common scene or something.
No. Just be safe and trash those Windows boxes and give them all a Mac mini!
Yet the IT/CIO keeps mouthing off how Mac cannot be supported because its a security risk!!! ahahahaha… yeah bend over again Windows boys & girls.
Is anyone here foolish enough to believe that the Chinese are concerned about personal security and privacy? And can’t the same thing be said about Microsoft?
“…no IT doofus standing over your shoulder dictating stupidity…”
I’m afraid so. I’m forced to use IE on a PeeSea at work. Sometimes I just can’t believe how crappy it is.
@ Toasty –
The Best way to avoid the issue is to use Macs instead of Windows systems
” width=”19″ height=”19″ alt=”wink” style=”border:0;” />
I was at an Apple store last week. Guy was at the Genius Bar asking if Norton Antivirus was compatible with Snow Leopard. I told him he was wasting his money. Haven’t had AV on an OS X machine ever, still unnecessary after 7 years
” width=”19″ height=”19″ alt=”wink” style=”border:0;” />
The iSlate will require iPhone OS 4.0.
It may seem odd to include a product’s name in the OS of another product, but the iPod touch also runs the iPhone OS.
Hey MDN webmaster …
I woulda set the [..] “..a real Web browser…” [..]
link (above) to here.. instead !
Ya kno– those doofuses who actually STILL use that poor excuse for a Web Browser (ie:IE).. just might need the additional help !
” width=”19″ height=”19″ alt=”wink” style=”border:0;” />
Weird… My comment appeared on the wrong article!!!
Google needs to step up imo and show Microsoft how to make a decent browser and slap China for their human rights. People need to demand more for future products such as Windows 8
I always tell the poor folks stuck on Windoze machines – the single best thing they can do to keep their machines secure, is never, ever, EVER use Internet Explorer.
You’d think Google would know better.
@Toasty
…..I would be one of those corporate “IT Drones” you speak of….
so-o-o …. the thought of switching to a more robust.. (as well as a proven more secure) Operating Platform would be out of the question …. right ?
@Toasty: “We cannot use Safari because it does not render or work properly with many of our corporate software tools and systems. The best and only way to tackle this is have a good up to date AV on the desktop…”
No, you cannot use Safari because your in house apps are written using Windows proprietary code, and you don’t buy corporate software tools that are standards compliant. Safari is standards compliant, just as OS X is Unix standards (POSIX) compliant. YOUR BAD! Not Apple’s. I have been running OS X and Safari on 6 internet connected computers since Jaguar in 2003 with NO anti-virus software and have never had a problem. I never, EVER run IE.
@MDN
Ahem, it wasn’t Google employees that were targeted, but Chinese dissidents using G-Mail (among others). Google can hardly make the use of Chrome, Firefox, Safari et al compulsory for G-Mail account holders…
Wow….Microsoft is the weak link.
Who would have guessed!