David Kirkpatrick

March 19, 2010

If your browser is Microsoft’s Internet Explorer …

Filed under: Business, Technology — Tags: , , , , , — David Kirkpatrick @ 2:10 am

don’t hit the F1 key.

Just one more reason to go with Google Chrome.

From the first link:

Microsoft Releases Security Advisory to Address VBScript Vulnerability

added March 2, 2010 at 08:36 am
Microsoft has released a security advisory to address a vulnerability in VBScript. The advisory indicates that this vulnerability exists in the way that VBScript interacts with Windows Help files when using Internet Explorer. By convincing a user to view a specially crafted HTML document (web page, HTML email, or email attachment) with Internet Explorer and to press the F1 key, an attacker could run arbitrary code with the privileges of the user running the application.

US-CERT encourages users and administrators to do the following to help mitigate the risks:

  • Review Microsoft Security Advisory 981169.
  • Review the Microsoft Security Research & Defense blog entry regarding this issue.
  • Review US-CERT Vulnerability Note VU#612021.
  • Refrain from pressing the F1 key when prompted by a website.
  • Restrict access to the Windows Help System.

US-CERT will provide additional information as it becomes available.

March 2, 2010

Google Chrome browser gaining market share

Filed under: Business, Technology — Tags: , , , , , — David Kirkpatrick @ 3:09 pm

The upward trend has reached 16 straight months. I am a huge Chrome fan and highly recommend this nimble and very fast browser for netizens at all levels of tech savvy.

From the link:

As Firefox slid, Google’s (GOOG) Chrome again boosted its share, although the increase was smaller than in the two months before. Chrome ended February with a 5.6% share, up 0.4 of a percentage point. Chrome has doubled its share in the last six months.

Here’s the browser breakdown according to the web measurement vendor NetApplications.com:

  • Microsoft Internet Explorer   61.2%
  • Firefox                                              24.2%
  • Google Chrome                                5.6%
  • Apple Safari                                      4.4%

January 19, 2010

Microsoft’s Internet Explorer flaw behind Google’s security breach

I haven’t been tracking this story closely enough to realize an IE security issue caused the security breach of Google’s corporate network. One pretty simple solution is to change browsers. I was never enamored with Firefox, but finally tried out Google’s Chrome browser in August and have never looked back.

The lesson, as always with online security, is to make sure you have all your patches up to date and do seriously consider capable products to replace known security sieves like IE.

From the first link:

Microsoft (MSFT) is scrambling to patch an Internet Explorer flaw that was used to hack into Google’s (GOOG) corporate networks last month. The attack was used to hack into networks at 34 companies, including Adobe (ADBE), security experts say. Typically such hacks involve several such attacks, but the IE bug is the only one definitively linked to the hacking incident, which security experts say originated in China.

In a security advisory released Thursday, Microsoft said IE 6 users on Windows XP are most at risk from the flaw, but that other users could be affected by modified versions of the attack. Microsoft said it is developing a fix, but it did not say when it expects to patch the issue. The company is slated to release its next set of security updates on Feb. 9. A Google spokesman confirmed Thursday that the Internet Explorer attack was used against Google and that the company then reported the issue to Microsoft.

Google learned of the issue in December and, after discovering the server used to control the hacked computers, notified other companies affected by the hack. Apparently convinced that the infiltration was sanctioned by the Chinese government, Google has threatened to effectively pull its business out of China.

Hit these links for more background on the actual security breach.

December 17, 2008

Microsoft releasing security patch for IE today

Filed under: Business, Technology — Tags: , , , — David Kirkpatrick @ 1:19 am

Microsoft is putting out an emergency patch for Internet Explorer today. If you don’t have automatic update turned on and you use IE (particularly IE7) go and get the “critical” patch.

From the Technology Review link:

Microsoft Corp. is taking the unusual step of issuing an emergency fix for a security hole in its Internet Explorer software that has exposed millions of users to having their computers taken over by hackers.

The “zero-day” vulnerability, which came to light last week, allows criminals to take over victims’ machines simply by steering them to infected Web sites; users don’t have to download anything for their computers to get infected, which makes the flaw in Internet Explorer’s programming code so dangerous. Internet Explorer is the world’s most widely used Web browser.

Microsoft said it plans to ship a security update, rated “critical,” for the browser on Wednesday. People with the Windows Update feature activated on their computers will get the patch automatically.

Thousands of Web sites already have been compromised by criminals looking to exploit the flaw. The bad guys have loaded malicious code onto those sites that automatically infect visitors’ machines if they’re using Internet Explorer and haven’t employed a complicated series of workarounds that Microsoft has suggested.