| 2:20 am on Jan 15, 2010 (gmt 0)|
I'm a bit disturbed by this pile of corporate speak from Microsoft. It's not like this problem was low profile, or anything like that. Come on Redmond, get the lawyers back in their cage and give us some real communication and action -- please!
| 2:37 am on Jan 15, 2010 (gmt 0)|
Microsoft look like they're been caught out by the turn of events, and were not in a position to effectively reply today. I assume they were aware of the issues but were keeping things under wraps since no patch is yet forthcoming. Google's announcement has blown the issue wide open.
There's a good write-up at the Register:
IE zero-day used in Chinese cyber assault on 34 firms [theregister.co.uk]
|Hackers who breached the defenses of Google, Adobe Systems and at least 32 other companies used a potent vulnerability in all versions of Internet Explorer to carry out at least some of the attacks, researchers from McAfee said Thursday. |
The previously unknown flaw in the IE browser was probably just one of the vectors used in the attacks, McAfee CTO George Kurtz wrote in a blog post. Using a sophisticated spear-phishing campaign, the perpetrators included malicious links exploiting the bug in emails and instant messages sent to employees from at least three of the targeted companies.
| 11:15 am on Jan 15, 2010 (gmt 0)|
McAfee Security Insights Blog » Blog Archive » Operation “Aurora” Hit Google, Others [siblog.mcafee.com]
| 2:19 pm on Jan 15, 2010 (gmt 0)|
So...Google EE's are using IE on windows? Not, say, whatever the latest OS/online sytems/chrome is that they're flogging to joe public?
What's that say?
| 3:04 pm on Jan 15, 2010 (gmt 0)|
They forgot to remind their employees to install the all mighty google pack?
Seriously, I doubt this really has anything to do with a IE 6 vulnerability. I'd be betting on some good old fashioned spying in their chinese offices. Whats to stop the govt from sending people in as employees? Cleaners... engineers... the govt has them.
| 3:04 pm on Jan 15, 2010 (gmt 0)|
^ yea exactly so we've got people at google running windows and unpatched IE6?
| 3:12 pm on Jan 15, 2010 (gmt 0)|
Since almost all computers are made in China and the vast majority of computers not assembled in China still contain parts made in China, what is to stop the Chinese government from inserting back doors or similar means into the hardware that they can then exploit later? It seems to me that the very fact we can't (as far as I can find) buy computers that do not have Chinese components in them is a national security threat.
| 3:29 pm on Jan 15, 2010 (gmt 0)|
|Since almost all computers are made in China and the vast majority of computers not assembled in China still contain parts made in China, what is to stop the Chinese government from inserting back doors or similar means into the hardware that they can then exploit later? It seems to me that the very fact we can't (as far as I can find) buy computers that do not have Chinese components in them is a national security threat. |
That was worth repeating. The hairs on my neck stood at attention after reading that statement. What's stopping them? < Rhetoric question. Off to find a computer made in the good ole U.S.A. I'll return once I find one. ;)
[edited by: pageoneresults at 3:46 pm (utc) on Jan. 15, 2010]
| 3:30 pm on Jan 15, 2010 (gmt 0)|
^ they do that.
back in the late 90s a backdoor was caught in a networking adapter.
| 6:53 pm on Jan 15, 2010 (gmt 0)|
To me, Google's announcement about maybe leaving China starts to make more and more sense. It seems that the Gmail hacking, the cyber attack on Google and Adobe, and Google's threat to leave China are all related. From Wired's article [wired.com]:
|iDefense, however, told Threat Level that the attackers were targeting source-code repositories of many of the companies and succeeded in reaching their target in many cases. |
Basically, G might be angry at Chinese officials stealing of their IP.
PS: I just checked, and the results on google.cn appear to be censored again.
| 4:10 pm on Jan 16, 2010 (gmt 0)|
at what point will IE6 be classified as malware?
| 2:18 am on Jan 17, 2010 (gmt 0)|
Are Mac/Apple computers also made in China?
| 2:31 am on Jan 17, 2010 (gmt 0)|
All computers without exception contain components made in China, and a significant proportion are manufactured there in their entirety - this includes many Apple products. Go look for the Made in China label :)
Note that several news outlets are now confirming that exploit code for this vulnerability is publicly available. IE8 in protected mode (which should be enabled by default) is not affected, but earlier versions are. If you have to run IE, then use IE8 - otherwise use Firefox, Safari or Opera instead at least until Microsoft produces a patch.
| 2:47 am on Jan 17, 2010 (gmt 0)|
If what I've read is correct Apple/Mac are almost exclusively made in China/Taiwan.
<back on topic>
Regardless of whether you use IE, you should still install the latest version. Depending on the version of Window's you're using IE can be deeply integrated into more than just the browser.
| 11:53 pm on Jan 17, 2010 (gmt 0)|
anytime a new version or patch comes out grab it ASAP.
im still confused as to why IE6 is used inside google china.
| 9:37 am on Jan 18, 2010 (gmt 0)|
IE6 only? not very likely.
It's just as likely that IE6 isn't capable of leaving you vulnerable but IE7 onwards do (intentionally, big brother much watch afterall).
IE should be avoided in all variations, entire countries (Germany) and major search engines (Google) have spoken.
IE gives me the distinct impression of a runaway train at this point, as if nobody is in control (or perhaps too many people are).