By staff writers and wires From: news.com.au January 19, 2010 8:44am
Governments have advised against using Internet Explorer until it is secured by Microsoft.
France, Germany dump Internet Explorer
Australians 'should upgrade or switch'
Microsoft says hackers only hit IE6
Google attack an "inside job"
AUSTRALIANS have been advised against using Microsoft's Internet Explorer (IE) because of a security threat.
Local web users have been advised to install security patches or switch browsers, while two countries - France and Germany - have now issued warnings against all versions of Microsoft's browser.
Germany warned users Friday after a malicious code - implicated in recent attacks on Google - was published online, and now Certa, a French Government agency that oversees cyber threats, has warned against using all recent versions of the web browser.
While the Google attacks were designed to exploit Internet Explorer 6, Microsoft has released a security advisory for Internet Explorer 6, 7 and 8.
Microsoft said it has only seen a "very limited number of targeted attacks against a small subset of corporations".
"The attacks that we have seen to date are only effective against Internet Explorer 6."
"We are not seeing any widespread attacks and thus far we are not seeing attacks focused on consumers."
The company recommended users upgrade to Internet Explorer 8 - which is technically still vulnerable - and anyone using older versions of Windows XP to upgrade to Service Pack 3.
It is still working on a permanent solution.
Australian alerts
An alert from the Australian Government website staysmartonline.gov.au suggests users try Microsoft's temporary fixes or consider an alternate browser.
But Paul Ducklin, Asia Pacific head of technology at Sophos, says "all browsers have vulnerabilities".
"Even though it's true that IE is exploited more than any other browser, you don't achieve security simply by switching."
"That's security through obscurity, which is merely false security."
"Good security means defence in depth, and in a well-defended network a single unpatched vulnerability in your browser shouldn't really be enough for the bad guys to get in."
Dr Mark Gregory, internet security expert at RMIT University, says any panic rush to another browser would not help protect users.
"Microsoft Internet Explorer is no worse than any other browser, they all have the same inherent flaws in them so a mass panic rush wouldn't do anything other than giving the hackers a new target," he said.
"Microsoft products are no more susceptible to hacking than other products, but because they are the largest they are often the target."
George Kurtz, worldwide chief technology officer of security firm McAfee, said on his blog last week that the Google attack was a fresh threat.
"All I can say is wow. The world has changed," Mr Kurtz said.
"Everyone’s threat model now needs to be adapted to the new reality of these advanced persistent threats."
"In addition to worrying about Eastern European cybercriminals trying to siphon off credit card databases, you have to focus on protecting all of your core intellectual property, private nonfinancial customer information and anything else of intangible value."
What can you do?
- Download an alternate browser: Mozilla Firefox, Apple Safari, or Google Chrome are the main alternatives.
- Upgrade from IE6: Internet Explorer 8 is technically still vulnerable, but Microsoft has not advised of any exploits in the wild.
- Upgrade your browser's security: Tips from US security agency CERT.
- Follow Government advice: Online alerts from Stay Smart Online.
- with NewsCore, Updated 3:00pm
Source
Social Networking Bookmarks