IE Security Flaw Exposed and AOL Warning
As you know we here at The Global Geek Podcast are always going on about browser security and how important it is. We encourage listeners to use superior browsers to Internet Explorer.
This is a prime example of what can happen. A zero day vulnerability has been discovered in IE 6. The malicious code installs unwanted software onto a users computer unbeknown to the user. It has been reported that fully patched versions of IE are vulnerable.
Secunia, a security monitoring company has given this latest exploit the highest threat level. As can be expected porn sites are the main culprits at this time but other sites are sure to follow. Don’t expect an update anytime soon for IE in order to fix the problem, Microsoft plan to patch the flaw on October 10th - the next Patch Tuesday. They do this every month and only break this cycle if the attacks are widespread.
This is the second known unpatched flaw in IE in weeks. The truth of the matter is that IE is targeted by hackers and malicious coders. Microsoft fails to be responsible for the software they create. Their advise is ensure that your security applications are up to date! Great, so now the user has to protect themselves against their flawed product! Please do yourself a favour and your PC and use Firefox! In addition to this install a great extension called Site Advisor, it lets you know if a site is good bad or otherwise for a variety of reasons. Check it out.
Lesson in Instant messaging security number 001: Never click on links to unknown sources in the message window! This method for snagging unsuspecting users is on the increase. In light of the news today that a new AOL IM worm is doing the rounds. This latest one installs a root kit on your PC. It is called the W32.pipeline worm.
A message appears asking the user to click on a link to upload a picture of themselves. That should raise your suspicions already! But if you do it then your PC becomes part of a "botnet" - a group of computers controlled remotely to spread viruses and worms to other users.
"The worm provides a path for rootkits and Trojan horses to propagate on the computers of those listed on the user’s buddy list…"
 Disgusting isn’t it. I don’t know why people do it I really don’t.
But ye have been warned and encouraged to make what you do safer:
September 22nd, 2006 at 3:40 pm
Thanks for caring about bad stuff on the web and running Exploit Prevention Labs news. Did you know we’ve developed LinkScanner, a free plug-in (’widget’) that you can add to your blog pages to help ensure that wherever your visitors go next, they won’t get hit by a drive-by (and maybe blame you for the problem).
Plus, Exploit Prevention Labs CTO Roger Thompson is an Aussie, so you guys should support him!
If you’re interested in adding LinkScanner to your pages and helping spread a little self-policing safety around the web, you can get the LinkScanner widget at http://www.explabs.com/LinkScanner/MyLinkScanner/. And if your visitors are interested in learning more about how cybercriminals are exploiting the web, you can link to Roger Thompson’s blog at http://explabs.blogspot.com/.
Cheers!
September 22nd, 2006 at 3:42 pm
I just submitted a comment and got a response saying I’d posted in duplicate. I find that hard to believe since I’ve never been to this site before …
September 22nd, 2006 at 3:51 pm
Pat, I have just checked the logs. Because you posted a comment with multiple links in it the comment was marked for moderation. I have approved your comment.
As you might appreciate, blogs are constantly bombarded with comment spam, I am just glad that your comment was moderated and not marked as spam!
Thank you for your comment, and letting me know.
September 28th, 2006 at 10:39 pm
[...] Last week I talked about a new exploit that was identified in Internet Explorer. The source of the problem was a bug in the Vector Markup Language. In non-geek terms it is the way that some graphics are handled in IE. [...]