Email
Password
Remember meForgot password?
    Log in with Twitter

article imageOp-Ed: Microsoft to release emergency patch for Internet Explorer

By Paul Wallis     Dec 17, 2008 in Internet
Huge numbers of hacker attacks on computers using Internet Explorer have made Microsoft bring forward their patch for a security vulnerability which is said to have already compromised millions of computers.
The Sydney Morning Herald
According to researchers at software security firm Trend Micro, attacks based on the vulnerability in the world's most popular web browser are spreading "like wildfire" with millions of computers already compromised.
The "zero-day" vulnerability, which came to light last week, allows criminals to take over victims' machines simply by steering them to infected websites; users don't have to download anything for their computers to get infected, which makes the flaw in Internet Explorer's programming code so dangerous.
The volume of attacks suggests this isn’t exactly a stray collection of hackers, but a much more advanced version of existing attack strategies. There are too many attacks. It takes a lot of effort to set up something which can affect millions of computers.
Trend Micro has identified about 10,000 websites that have been infected with malicious software that can be surreptitiously slipped into visitors' unprotected IE browsers to take advantage of the flaw.
Experts are suggesting moving to other browsers, but it’d be nice to know also that these websites are decontaminating themselves.
The information is a lot less than impressive. There’s no indication what these “taken over” computers are doing. There’s no obvious motive, or need, to take over so many computers in the first place.
Unless the idea is to create as many bogus IPs (computer IDs) as possible, to make the hackers impossible to find and so they can have as many proxies as possible, that is. Saturation attacks from millions of compromised computers is another possibility.
The obvious message is that these guys are getting ahead of security in terms of ideas. This can be seen as a guerrilla warfare methodology, as well as a criminal method.
These attacks are a genuine threat to the internet itself, if a temporary one.
Suggestions:
Users must have a method of being unidentifiable to external threats. You can’t hack what you can’t find.
The operating system must be able to block any external command source.
The security system should be able to identify an external source of commands, even if it’s a bogus one.
Servers and networks need to be able to compartmentalize attacks, like watertight doors, to prevent their spread.
Those are the legal suggestions. The less legal, grey area version would be massive retaliation in kind. Hackers survive because nobody can hit back, not because nobody wants to hit back. If anybody ever puts an anti-hacker hunter- killer software download on the market, it’ll outsell condoms.
The world does not need any more problems. It sure as hell doesn’t need any more perfectly safe criminals making billions.
This opinion article was written by an independent writer. The opinions and views expressed herein are those of the author and are not necessarily intended to reflect those of DigitalJournal.com
More about Microsoft, Emergency patch, Internet explorer
 
Latest News
Top News