News, tips, advice, support for Windows, Office, PCs & more
Home icon Home icon Home icon Email icon RSS icon

We're community supported and proud of it!

  • Chinese activist attacks based on Internet Explorer 0day?

    Posted on January 15th, 2010 at 07:32 Comment on the AskWoody Lounge

    Brian Krebs reports that the attacks on Chinese human rights activists that I talked about a couple of days ago – the attack that led Google to finally take a stand in support of basic human dignity over corporate profits – was made possible by my favorite security whipping boy, Internet Explorer.

    Microsoft has confirmed the 0day hole in Security Advisory 979352.

    It looks like the IE 0day is only part of the story, though. The attacks were made possible by a smorgasbord of 0day holes. Researchers are still looking at all of the problems.

    The Washington Post (now without Krebs) says that the Google attack is much larger than originally thought:

    Computer attacks on Google that the search giant said originated in China were part of a concerted political and corporate espionage effort that exploited security flaws in e-mail attachments to sneak into the networks of major financial, defense and technology companies and research institutions in the United States… At least 34 companies — including Yahoo, Symantec, Adobe, Northrop Grumman and Dow Chemical — were attacked, according to congressional and industry sources.

    The bottom line for home users is pretty simple: the bad guys aren’t out to get you, and at the moment you don’t have anything to worry about. These are sophisticated, targeted attacks that haven’t yet made it out into the general population.

    But remember who’s behind it, and why, OK?