Virus Warning?

[Wingnut]

Apparently there's a manual going around for hackers to break into the security and leave bug (or something) on your system that allows them to look at anything they want.

 

Advice is - Don't use IE for a couple of days until MS fix it.

 

Anyone know/heard anything?

[indy]

The German government has warned web users to find an alternative browser to Internet Explorer to protect security.

 

The warning from the Federal Office for Information Security comes after Microsoft admitted IE was the weak link in recent attacks on Google's systems.

 

Microsoft rejected the warning, saying that the risk to users was low and that the browsers' increased security setting would prevent any serious risk.

 

However, German authorities say that even this would not make IE fully safe.

 

Thomas Baumgaertner, a spokesman for Microsoft in Germany, said that while they were aware of the warning, they did not agree with it, saying that the attacks on Google were by "highly motivated people with a very specific agenda".

 

"These were not attacks against general users or consumers," said Mr Baumgaertner.

 

"There is no threat to the general user, consequently we do not support this warning," he added.

 

Microsoft says the security hole can be shut by setting the browser's security zone to "high", although this limits functionality and blocks many websites.

 

However, Graham Cluley of anti-virus firm Sophos, told BBC News that not only did the warning apply to 6, 7 and 8 of the browser, but the instructions on how to exploit the flaw had been posted on the internet.

 

"This is a vulnerability that was announced in the last couple of days. Microsoft have no patch yet and the implication is that this is the same one that exploited on the attacks on Google earlier this week," he said.

 

Computer expert Alan Stevens: "It's like having a window left open in your house"

"The way to exploit this flaw has now appeared on the internet, so it is quite possible that everyone is now going to have a go."

[wolfie]

"The way to exploit this flaw has now appeared on the internet, so it is quite possible that everyone is now going to have a go."

Everyone don't think so. I for one won't be bothering.

[asperity]

Wouldn't know where to start

[Wingnut]

Microsoft patches Explorer hole

 

Microsoft has released a fix for a hole in Internet Explorer that was the weak link in a "sophisticated and targeted" cyber attack on Google.

 

Microsoft recommends that customers install the update as soon as possible or update to the latest version of the web browser for "improved security".

 

Microsoft normally issues patches monthly but the high-profile nature of the attacks led it to act more quickly.

 

The patch - MS10-002 - was released worldwide at 1000 PST (1800 GMT).

 

"It addresses the vulnerability related to recent attacks against Google and small subset of corporations, as well as several other vulnerabilities," the firm said.

 

"Once applied, customers are protected against the known attacks that have been widely publicised."

 

Microsoft has admitted that it has known about the vulnerability since "since early September" 2009 and had planned to patch it in February.

 

Trojan Horse

 

Google threatened to withdraw from the Chinese market following attacks on its infrastructure.

 

The hacks - thought to have originated in China - targeted the Gmail accounts of Chinese human rights activists.

 

Following Microsoft's revelation that Explorer had been used in the attacks, the French and German governments advised their citizens to switch to a different browser until the hole had been closed.

 

The UK government downplayed the threat and said there was "no evidence that moving from the latest fully patched versions of Internet Explorer to other browsers will make users more secure".

 

However, Microsoft has taken the unusual step of patching the hole nearly three weeks ahead of its regular security update.

 

The new patch is available via the Microsoft Update site and will also be fed out to those who have their machines set to update automatically. All versions of Internet Explorer will receive the update.

 

Malicious code exploiting the weakness is known to be circulating on the web, said security experts.

 

If a web user were to visit a compromised site using a vulnerable browser, they could become infected with a "trojan horse", allowing a hacker to take control of the computer and potentially steal sensitive information.

 

Microsoft said on 18 January that the firm had only seen malicious code that targeted the older version of its browser, IE6 and that there were "very few" infected sites on the web.

 

But security firms had said they had seen "copycat" sites trying to exploit the vulnerability.

 

The bad publicity has allowed rivals such as Firefox to gain market share.

 

According to web analytics company StatCounter Firefox is now a close second to Internet Explorer (IE) in Europe, with 40% of the market compared to Microsoft's 45% share.

 

In some markets, including Germany and Austria, Firefox has overtaken IE, the firm said.

 

Mozilla, the foundation behind Firefox has just released the latest version (3.6) of the open-source browser.

[Bazj]

I thought this was just an internet explorer 6 problem.