Peter Brawley
peter.brawley at earthlink.net
Tue Jan 19 12:29:04 CST 2010
Jim> Does this mean that we should stop using IE, as some have suggested, until a >patch can be created and distributed? For security & performance it seems reasonable to restrict IE use to (i) Microsoft sites and (ii) reputable sites that work correctly only with IE. PB ----- Jim Lawrence wrote: > Google has been going into over-drive mode trying to find the culprits who > managed the break-in to the Google Gmail sites. To that end they have shut > down the Beijing office while a forensic search of all data and > communication records goes on...it may be a Google insider who had the > required knowledge. Supposedly, a security hole in a number IE versions > allowed the attack and governments all over the world seem to be very > concerned. (As of yet the patch has not been completed.) > > http://news.cnet.com/8301-27080_3-10436618-245.html?tag=newsLeadStoriesArea. > 1 > > > The attack is considered a super sophisticated and required a number of > integrated components to work. The nature of the attack is such that it is > widely believed that the process was encourage and sponsored by the Chinese > government who would have a vested interest in the discourse of foreign and > local decedents. > > http://www.wired.com/threatlevel/2010/01/operation-aurora > > > In addition, to the hacking of Google a number of companies were hacked and > source code extracted which may have in turn been used to launch the Google > attack that appears to have been the main object of the exercise: > > http://news.cnet.com/8301-27080_3-10434721-245.html?tag=mncol;txt > > > The actual code that utilized the IE hole has been posted according to the > following link and if so it will not be long before every devious hacker and > script kiddies will have a copy: > > http://siblog.mcafee.com/cto/%E2%80%9Caurora%E2%80%9D-exploit-in-google-atta > ck-now-public > > > Does this mean that we should stop using IE, as some have suggested, until a > patch can be created and distributed? That would be difficult as so many > companies and individuals depend on IE to run their business. According to > many experts the attack code can not be deployed unless the victim initially > connects to a tricked up predatory site. > > AVG now has a free link-scanner which is supposed to catch or be able to > identify links from your current web page that may be dangerous: > > http://linkscanner.avg.com > > > The truth is, it is probably beyond the capability of any browser to be a > hundred percent effective against an attack especially if the perpetrator is > capable of investing unlimited resources, in such a venture. > > Jim > > _______________________________________________ > dba-Tech mailing list > dba-Tech at databaseadvisors.com > http://databaseadvisors.com/mailman/listinfo/dba-tech > Website: http://www.databaseadvisors.com > ------------------------------------------------------------------------ > > > No virus found in this incoming message. > Checked by AVG - www.avg.com > Version: 8.5.432 / Virus Database: 270.14.150/2632 - Release Date: 01/19/10 07:34:00 > >