Comments on: McAfee: Internet Explorer 0day Fueled Attacks on Google, Adobe

By: Google in China: Unanswered Questions « Free Expression Network

Google in China: Unanswered Questions « Free Expression Network — Tue, 19 Jan 2010 15:57:11 +0000

[...] that Google was not the only company targeted by this attack: other names mentioned have included Yahoo, Symantec, Juniper, Northrop Grumman and Dow Chemical. We don't know whether those attacks obtained proprietary information or personal user data. But [...]

Like or Dislike: 0 0

By: jbmoore

jbmoore — Mon, 18 Jan 2010 03:17:44 +0000

The attack code has been made public by a University of California Santa Barbara computer lab (http://wepawet.iseclab.org/view.php?hash=1aea206aa64ebeabb07237f1e2230d0f&type=js ). Consequently, the developers of Metasploit have released an exploit after only one day of the publication of the code that will allow people to test their systems ( http://blog.metasploit.com/2010/01/reproducing-aurora-ie-exploit.html ) for this vulnerability. It is likely that Core Technology and Immunity Labs have similar updates to their exploit frameworks. Hope this helps.

Like or Dislike: 0 0

By: Google in China: Unanswered Questions | Left to chance

Google in China: Unanswered Questions | Left to chance — Sat, 16 Jan 2010 04:06:06 +0000

[...] that Google was not the only company targeted by this attack: other names mentioned have included Yahoo, Symantec, Juniper, Northrop Grumman and Dow Chemical. We don’t know whether those attacks obtained proprietary information or personal user data. [...]

Like or Dislike: 0 0

By: JohnJ

JohnJ — Fri, 15 Jan 2010 15:41:02 +0000

Since I use Vista and IE8, I found this Microsoft tibit to be interesting:

“In addition, Protected Mode in IE 7 on Windows Vista and later significantly reduces the ability of an attacker to impact data on a user’s machine. Customers should also enable Data Execution Prevention (DEP) which helps mitigate online attacks. DEP is enabled by default in IE 8 but must be manually enabled in prior versions.”

http://blogs.technet.com/msrc/archive/2010/01/14/security-advisory-979352.aspx

Like or Dislike: 0 0

By: Google Cyberattack Exploits IE Vulernability « Integracon Tech Blog

Google Cyberattack Exploits IE Vulernability « Integracon Tech Blog — Fri, 15 Jan 2010 15:01:29 +0000

[...] announced that the recent cyber attack against Google was related to a vulnerability in IE (via KrebsonSecurity). McAfee analyzed the malicious code and tracked what they are calling “Aurora” to a [...]

Like or Dislike: 0 0

By: Most Tweeted Articles by Defcon Experts: MrTweet

Most Tweeted Articles by Defcon Experts: MrTweet — Fri, 15 Jan 2010 10:01:48 +0000

Your article was most tweeted by Defcon experts in the Twitterverse…

Come see other top popular articles surfaced by Defcon experts!…

Like or Dislike: 0 0

By: Tweets that mention McAfee: Internet Explorer 0day Fueled Attacks on Google, Adobe — Krebs on Security -- Topsy.com

Fri, 15 Jan 2010 07:28:57 +0000

[...] This post was mentioned on Twitter by briankrebs, Dave Lewis, wikidsystems, Ed Nadrotowicz, Jeff Beardsley and others. Jeff Beardsley said: So the Chinese attacks on Google were via an unpatched and unpublished flaw in IE – shocking. USE FIREFOX PEOPLE!! http://bit.ly/5CfJFk [...]

Like or Dislike: 0 0

By: All Versions of IE Vulnerable to 0day? | Marcos Christodonte II - Information Security Blog

Fri, 15 Jan 2010 02:50:58 +0000

[...] security reporter at the Washington Post, has been following this story quite closely. On his blog, he notes that the attackers appear to have targeted source code and trade secrets, and that MS has [...]

Like or Dislike: 0 0

By: Chinese activist attacks based on Internet Explorer 0day? @ AskWoody.com

Chinese activist attacks based on Internet Explorer 0day? @ AskWoody.com — Fri, 15 Jan 2010 00:32:19 +0000

[...] Krebs reports that the attacks on Chinese human rights activists that I talked about a couple of days ago – [...]

Like or Dislike: 0 0