According to Computer World, a problem with Internet Explorer has recently emerged. Last month, a code was posted to the Bugtraq mailing list by an unknown hacker that could maliciously affect Internet Explorer versions 6 and 7. The code was confirmed to affect IE 6 and 7 by security analysts. The code apparently exploits flaws in the way in which IE 6 and 7 retrieves objects from CSS (cascading style sheets). If a hacker can lure a victim to a particular website while using IE 6 or 7, the code can be used to install malicious software on the users computer when they are using the website. This code is very valuable to hackers. IE 6 and 7 currently hold 40% of the market share for internet providers. That is a potentially huge market of internet users for hackers to exploit. Also, if a code could be made for versions 6 and 7 of Internet Explorer, it's possible that a code be created for Microsoft's most recent version, IE8, which could be even more dangerous if in the hands of hackers. Microsoft must be on the lookout for hackers to exploit these weaknesses in Internet Explorer and be prepared to create patches to fix the problems.
An article posted today on Computer World contained updates pertaining to Microsoft's handling of this potential security breach. According to the article, Microsoft immediately issued a patch just 18 days after the code was leaked publicly. New information, though, reveals that Microsoft may have known about the potential problem 6 months before the code was leaked. The vulnerability was apparently reported to Microsoft in June, but it wasn't until the code was leaked that Microsoft jumped to do anything. They report that Microsoft confirmed the vulnerability 3 days after the code was made public, and issued a patch shortly after. Microsoft was applauded for their quick response to the problem, but it was because they were so much faster than usual that people began to suspect that they may have known for longer. No attacks using the code have actually surfaced yet, though, so Microsoft isn't facing any recourse for not revealing the vulnerability when they first found out about it. Because the patch is out there and the problem can be fixed before the problem is too big, Microsoft may be in the clear.
http://www.computerworld.com/s/article/9141278/New_attack_fells_Internet_Explorer
http://www.computerworld.com/s/article/9142078/Microsoft_knew_of_just_patched_IE_zero_day_for_months
Thursday, December 10, 2009
Subscribe to:
Post Comments (Atom)
Posts
To be frank, I feel as though Microsoft is fighting a losing battle with Internet Explorer for a number of reasons. Because of its large market share, it is a huge target among the hacker population. Much of the spyware, adware, and viruses are successfully built around exploitable bugs in the architecture of IE. Of course, the large market share means profit for Microsoft, and if it were to abandon IE, another browser would simply take its place as a target.
ReplyDeleteIE has simply fallen behind in innovation in web-browsing, with Firefox and Chrome paving the way for style and efficiency. I find myself quite frustrated if forced to use IE in terms of speed and failure in fluidity in tabular web browsing. My advice to Microsoft would be to take a step back from IE, perhaps looking to acquire or ally with Chrome or Firefox in a synergistic way, for I find it to be more of a liability than anything else.
Maybe this is just a personal vendetta and blowing off steam due to frustration, maybe not.