All the latest UK technology news, reviews and analysis
|
|
|
18 Jan 2010
The pressure on Microsoft to release an out-of-cycle patch for an IE flaw which allowed Chinese hackers to attack Google's systems continues to grow, after authorities in France joined the German government in urging citizens to use an alternative browser.
Microsoft admitted late last week that the hack of Google's systems revealed on Tuesday was caused by a vulnerability in version 6 of its popular browser.
"The vulnerability exists as an invalid pointer reference within Internet Explorer," read a Microsoft security advisory.
"It is possible under certain conditions for the invalid pointer to be accessed after an object is deleted. In a specially crafted attack, in attempting to access a freed object, Internet Explorer can be caused to allow remote code execution."
It later emerged that the exploit code for the flaw had made its way onto the internet, increasing the likelihood of copycat attacks.
The French and German authorities are now urging their citizens to use an alternative browser until the flaw is fixed, and the pressure on Microsoft to release an out-of-cycle patch is growing.
However, Microsoft is continuing to advise users to upgrade to the latest version of the browser, which appears to be unaffected by the vulnerability.
Graham Cluley, senior technology consultant at security vendor Sophos, warned that switching browsers may cause more problems than it solves in many cases.
"If your IT department doesn't already formally support an alternative brow ser, and if your users aren't already familiar with the other browser, you may be causing more problems than it's worth by summarily switching browsers," he wrote in a blog posting today.
"You may also have web-based applications that don't work well, or even at all, unless they are accessed with Internet Explorer. That's not going to be good for productivity. And finally, what if your replacement browser itself turns out to contain a vulnerability? Are you going to switch again?"
Latest stories from Security
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
EU data protection overhaul contains "bureaucratic tick box-proposals", says information commissioner Christopher Graham in exclusive interview with V3
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Web C# ASP.NET Developer (Equity or Mutual Funds) London...
Senior Exploratory Tester - Selenium, Java, AJAX, WEB...
SQL DBA/ Data Architect (T-SQL, SSIS, ETL) - Derivatives...
Test Analyst (Web, QTP, Test Director, VB.NET, SQL...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Heathen Chinese Communists?
@Steve Your post is completely off topic. This is not a political article - don't turn it into one. Besides, how many people are so naive as to think that the only people stealing IP are the Chinese? Probably IP theft is far more common within the domestic US between rivals.
Posted by: Jack 06 Feb 2010
MS just get rid of the crap browser already!
IE seems to be nothing more then a big pos! With it being twisted into windows the way it is (at least in the us still) that makes it worse.MS seems to have a few points about switching and why you should just update, but what about the users and companies that find when they update to the latest version of ie, that it is a big pos as well and can cause just as many issues as switching browsers completely, if not more. IE sucks, just outsource the browser as MS can not seem to get it right anyways, and then focus harder on the OS!
Posted by: IE HATER 19 Jan 2010
IE is defective by design and made incompatible on purpose
The fact that some pages might only / not work with IE is a plan of monopoly and control. IE it's an old pain in the ass of Windows (which is another pain in IT dep.'s ass) users
Posted by: nobodyCares 18 Jan 2010
The Chinese Government Steals Western Intellectual Property
"Google engineers at Silicon Valley began to suspect that Chinese intruders were breaking into private Gmail accounts, the company began a secret counteroffensive." It appears "Adobe Systems, Northrop Grumman and Juniper Networks, Microsoft, Rolls-Royce and Royal Dutch Shell, Rackspace Hosting Inc, Cybersitter", and God knows who, in a considered deliberate attack on Western intellectual property by the heathen Communist Chinese. The practice of stealing is built into the business model at Baidu.com "the Chinese Internet company carved out a strong presence by offering something that Google, at first, would not: easy links to download pirated songs, TV shows and movies." The Communist heathens need a class action lawsuit handed to them for gaining access to everyone, who has ever owned a gmail/hotmail account. Is there a lawyer in the UK worth their salt anymore? I's not Micosoft IE doing the stealing of Western Intellectual property, no matter what the simpletons in France and Germany may think.
Posted by: Steve Real 18 Jan 2010