Bobbies arrest five in cyberattack probe

LONDON: British police arrested five people on suspicion of involvement in recent cyberattacks conducted by an Internet hacking group that has backed WikiLeaks.

The five males, aged from 15 to 26, were arrested during an early morning raid at their homes across Britain on Tuesday for their alleged involvement in hacking several company websites.

Police say the cyberattacks were carried out by an online group called Anonymous, a loose-knit collection of activists that has attacked websites of companies that have severed links with WikiLeaks since the organisation began publishing its massive trove of secret US diplomatic cables.

The group of so-called "hacktivists" became well known last year when it targeted companies, including Visa, Mastercard and Paypal, shutting down their websites by overloading their servers with a barrage of online traffic.

Supporters of WikiLeaks accused the companies of trying to stifle WikiLeaks when they cut their links to the group.

The raids were part of a police probe into Anonymous carried out together with law enforcement agencies in Europe and the United Stataes, police said. WikiLeaks said it did not sanction retaliatory attacks by Anonymous.

People convicted of computer misuse offenses in Britain face up to 10 years in jail and a £5,000 fine. - AP

Bobbies arrest five in cyberattack probe

LONDON: British police arrested five people on suspicion of involvement in recent cyberattacks conducted by an Internet hacking group that has backed WikiLeaks.

The five males, aged from 15 to 26, were arrested during an early morning raid at their homes across Britain on Tuesday for their alleged involvement in hacking several company websites.

Police say the cyberattacks were carried out by an online group called Anonymous, a loose-knit collection of activists that has attacked websites of companies that have severed links with WikiLeaks since the organisation began publishing its massive trove of secret US diplomatic cables.

The group of so-called "hacktivists" became well known last year when it targeted companies, including Visa, Mastercard and Paypal, shutting down their websites by overloading their servers with a barrage of online traffic.

Supporters of WikiLeaks accused the companies of trying to stifle WikiLeaks when they cut their links to the group.

The raids were part of a police probe into Anonymous carried out together with law enforcement agencies in Europe and the United Stataes, police said. WikiLeaks said it did not sanction retaliatory attacks by Anonymous.

People convicted of computer misuse offenses in Britain face up to 10 years in jail and a £5,000 fine. - AP

Bobbies arrest five in cyberattack probe

LONDON: British police arrested five people on suspicion of involvement in recent cyberattacks conducted by an Internet hacking group that has backed WikiLeaks.

The five males, aged from 15 to 26, were arrested during an early morning raid at their homes across Britain on Tuesday for their alleged involvement in hacking several company websites.

Police say the cyberattacks were carried out by an online group called Anonymous, a loose-knit collection of activists that has attacked websites of companies that have severed links with WikiLeaks since the organisation began publishing its massive trove of secret US diplomatic cables.

The group of so-called "hacktivists" became well known last year when it targeted companies, including Visa, Mastercard and Paypal, shutting down their websites by overloading their servers with a barrage of online traffic.

Supporters of WikiLeaks accused the companies of trying to stifle WikiLeaks when they cut their links to the group.

The raids were part of a police probe into Anonymous carried out together with law enforcement agencies in Europe and the United Stataes, police said. WikiLeaks said it did not sanction retaliatory attacks by Anonymous.

People convicted of computer misuse offenses in Britain face up to 10 years in jail and a £5,000 fine. - AP

Britain's Royal Navy website gets hacked

 

GONE OFFLINE: A Nov 8 screengrab made in London of the Royal Navy website which has been taken offline after it was 'compromised' by a hacker. - AP

LONDON: The website of Britain's Royal Navy has been closed after hackers gained unauthorised access to the military site.

Military computer specialists are investigating the cybersecurity breach. A statement posted on the website yesterday said it is closed for "essential maintenance."

The navy said in a statement that the website was compromised over the weekend but no damage was done. A hacker who goes by the name TinKode has claimed to have gained access to the site.

The navy said the unauthorised access gained to the "public relations" website did not compromise sensitive information. - AP

Britain's Royal Navy website gets hacked

 

GONE OFFLINE: A Nov 8 screengrab made in London of the Royal Navy website which has been taken offline after it was 'compromised' by a hacker. - AP

LONDON: The website of Britain's Royal Navy has been closed after hackers gained unauthorised access to the military site.

Military computer specialists are investigating the cybersecurity breach. A statement posted on the website yesterday said it is closed for "essential maintenance."

The navy said in a statement that the website was compromised over the weekend but no damage was done. A hacker who goes by the name TinKode has claimed to have gained access to the site.

The navy said the unauthorised access gained to the "public relations" website did not compromise sensitive information. - AP

Britain's Royal Navy website gets hacked

 

GONE OFFLINE: A Nov 8 screengrab made in London of the Royal Navy website which has been taken offline after it was 'compromised' by a hacker. - AP

LONDON: The website of Britain's Royal Navy has been closed after hackers gained unauthorised access to the military site.

Military computer specialists are investigating the cybersecurity breach. A statement posted on the website yesterday said it is closed for "essential maintenance."

The navy said in a statement that the website was compromised over the weekend but no damage was done. A hacker who goes by the name TinKode has claimed to have gained access to the site.

The navy said the unauthorised access gained to the "public relations" website did not compromise sensitive information. - AP

Nowadays, businesses must stay vigilent against cyberattacks

Companies must be ever watchful because cyberattacks could exploit their strategic information, in the perspective of markets security and compliance solutions. Nowadays, people are known as cybercriminals can use a wide range of methods - from wired to wireless - to launch their attacks against a company's IT infrastructure.

Businesses need to look at correlate ways to protect the various points of their IT infrastructure. Gone are the days when only perimeters such as a basic firewall and intrusion detection system could be deployed.

Companies could adopt any threat and risk management solution available in the market or engage with any security consultant. The expert judgment provides visibility into activities across a network; from external threats (malware and hackers) to internal threats (data breaches and fraud). This exercise will expose the types of risks associated with application flaws and configuration changes.

Security prevention exercise also helps companies to store and manage the massive volumes of data logs, to enable faster trouble-shooting or forensic analysis.

Nowadays, businesses must stay vigilent against cyberattacks

Companies must be ever watchful because cyberattacks could exploit their strategic information, in the perspective of markets security and compliance solutions. Nowadays, people are known as cybercriminals can use a wide range of methods - from wired to wireless - to launch their attacks against a company's IT infrastructure.

Businesses need to look at correlate ways to protect the various points of their IT infrastructure. Gone are the days when only perimeters such as a basic firewall and intrusion detection system could be deployed.

Companies could adopt any threat and risk management solution available in the market or engage with any security consultant. The expert judgment provides visibility into activities across a network; from external threats (malware and hackers) to internal threats (data breaches and fraud). This exercise will expose the types of risks associated with application flaws and configuration changes.

Security prevention exercise also helps companies to store and manage the massive volumes of data logs, to enable faster trouble-shooting or forensic analysis.

Nowadays, businesses must stay vigilent against cyberattacks

Companies must be ever watchful because cyberattacks could exploit their strategic information, in the perspective of markets security and compliance solutions. Nowadays, people are known as cybercriminals can use a wide range of methods - from wired to wireless - to launch their attacks against a company's IT infrastructure.

Businesses need to look at correlate ways to protect the various points of their IT infrastructure. Gone are the days when only perimeters such as a basic firewall and intrusion detection system could be deployed.

Companies could adopt any threat and risk management solution available in the market or engage with any security consultant. The expert judgment provides visibility into activities across a network; from external threats (malware and hackers) to internal threats (data breaches and fraud). This exercise will expose the types of risks associated with application flaws and configuration changes.

Security prevention exercise also helps companies to store and manage the massive volumes of data logs, to enable faster trouble-shooting or forensic analysis.

US eyeing on Australia Internet security program

STRIKING A BALANCE: The Obama administration is reviewing an Australian program that will allow ISPs to alert customers if their computers are taken over by hackers and could limit online access if people don't fix the problem. - AP

WASHINGTON: The US Government is reviewing an Australian program that will allow Internet service providers to alert customers if their computers are taken over by hackers and could limit online access if people don't fix the problem.

Obama administration officials have met with industry leaders and experts to find ways to increase online safety while trying to balance securing the Internet and guarding people's privacy and civil liberties.

Experts and US officials are interested in portions of the plan, set to go into effect in Australia in December. But any move toward Internet regulation or monitoring by the US Government or industry could trigger fierce opposition from the public.

The discussions come as private, corporate and government computers across the United States are increasingly being taken over and exploited by hackers and other computer criminals.

White House cybercoordinator Howard Schmidt told The Associated Press that the United States is looking at a number of voluntary ways to help the public and small businesses better protect themselves online.

Possibilities include provisions in the Australia plan that enable customers to get warnings from their Internet providers if their computer gets taken over by hackers through a botnet.

A botnet is a network of infected computers that can number in the thousands and that network is usually controlled by hackers through a small number of scattered PCs.

Computer owners are often unaware that their machine is linked to a botnet and is being used to shut down targeted websites, distribute malicious code or spread spam.

If a company is willing to give its customers better online security, the American public will go along with that, Schmidt said.

"Without security you have no privacy. And many of us that care deeply about our privacy look to make sure our systems are secure," Schmidt said in an interview. Internet service providers, he added, can help "make sure our systems are cleaned up if they're infected and keep them clean."

But officials are stopping short of advocating an option in the Australian plan that allows Internet providers to wall off or limit online usage by customers who fail to clean their infected computers, saying this would be technically difficult and likely run into opposition.

"In my view, the United States is probably going to be well behind other nations in stepping into a lot of these new areas," said Prescott Winter, former chief technology officer for the National Security Agency, who is now at the California-based cybersecurity firm, ArcSight.

In the United States, he said, the Internet is viewed as a technological wild west that should remain unfenced and unfettered. But he said this open range isn't secure, so "we need to take steps to make it safe, reliable and resilient."

"I think that, quite frankly, there will be other governments who will finally say, at least for their parts of the Internet, as the Australians have apparently done, we think we can do better."

Cybersecurity expert James Lewis, a senior fellow at the Center for Strategic and International Studies (CSIS), said that Internet providers are nervous about any increase in regulations, and they worry about consumer reaction to monitoring or other security controls.

Online customers, he said, may not want their service provider to cut off their Internet access if their computer is infected. And they may balk at being forced to keep their computers free of botnets or infections.

But they may be amenable to having their Internet provider warn them of cyberattacks and help them clear the malicious software off their computers by providing instructions, patches or antivirus programs.

They may even be willing to pay a small price each month for the service - much like telephone customers used to pay a minimal monthly charge to cover repairs.

Lewis, who has been studying the issue for CSIS, said it is inevitable that one day carriers will play a role in defending online customers from computer attack.

Comcast Corp is expanding a Denver pilot program that alerts customers whose computers are controlled through a botnet. The carrier provides free antivirus software and other assistance to clean the malware off the machine, said Cathy Avgiris, senior vice-president at Comcast.

The program does not require customers to fix their computers or limit the online usage of people who refuse to do the repairs.

Avgiris said that the program will roll out across the country over the next three months. "We don't want to panic customers. We want to make sure they are comfortable. Beyond that, I hope that we pave the way for others to take these steps."

Voluntary programs will not be enough, said Dale Meyerrose, vice-president and general manager of Cyber Integrated Solutions at Harris Corporation.

"There are people starting to make the point that we've gone about as far as we can with voluntary kinds of things, we need to have things that have more teeth in them, like standards," said Meyerrose.

For example, he said, coffee shops or airports might limit their wireless services to laptops equipped with certain protective technology. Internet providers might qualify for specific tax benefits if they put programs in place, he said.

Unfortunately, he said, it may take a serious attack before the government or industry impose such standards and programs.

In Australia, Internet providers will be able to take a range of actions to limit the damage from infected computers, from issuing warnings to restricting outbound e-mail. They could also temporarily quarantine compromised machines while providing customers with links to help fix the problem. - AP

US eyeing on Australia Internet security program

STRIKING A BALANCE: The Obama administration is reviewing an Australian program that will allow ISPs to alert customers if their computers are taken over by hackers and could limit online access if people don't fix the problem. - AP

WASHINGTON: The US Government is reviewing an Australian program that will allow Internet service providers to alert customers if their computers are taken over by hackers and could limit online access if people don't fix the problem.

Obama administration officials have met with industry leaders and experts to find ways to increase online safety while trying to balance securing the Internet and guarding people's privacy and civil liberties.

Experts and US officials are interested in portions of the plan, set to go into effect in Australia in December. But any move toward Internet regulation or monitoring by the US Government or industry could trigger fierce opposition from the public.

The discussions come as private, corporate and government computers across the United States are increasingly being taken over and exploited by hackers and other computer criminals.

White House cybercoordinator Howard Schmidt told The Associated Press that the United States is looking at a number of voluntary ways to help the public and small businesses better protect themselves online.

Possibilities include provisions in the Australia plan that enable customers to get warnings from their Internet providers if their computer gets taken over by hackers through a botnet.

A botnet is a network of infected computers that can number in the thousands and that network is usually controlled by hackers through a small number of scattered PCs.

Computer owners are often unaware that their machine is linked to a botnet and is being used to shut down targeted websites, distribute malicious code or spread spam.

If a company is willing to give its customers better online security, the American public will go along with that, Schmidt said.

"Without security you have no privacy. And many of us that care deeply about our privacy look to make sure our systems are secure," Schmidt said in an interview. Internet service providers, he added, can help "make sure our systems are cleaned up if they're infected and keep them clean."

But officials are stopping short of advocating an option in the Australian plan that allows Internet providers to wall off or limit online usage by customers who fail to clean their infected computers, saying this would be technically difficult and likely run into opposition.

"In my view, the United States is probably going to be well behind other nations in stepping into a lot of these new areas," said Prescott Winter, former chief technology officer for the National Security Agency, who is now at the California-based cybersecurity firm, ArcSight.

In the United States, he said, the Internet is viewed as a technological wild west that should remain unfenced and unfettered. But he said this open range isn't secure, so "we need to take steps to make it safe, reliable and resilient."

"I think that, quite frankly, there will be other governments who will finally say, at least for their parts of the Internet, as the Australians have apparently done, we think we can do better."

Cybersecurity expert James Lewis, a senior fellow at the Center for Strategic and International Studies (CSIS), said that Internet providers are nervous about any increase in regulations, and they worry about consumer reaction to monitoring or other security controls.

Online customers, he said, may not want their service provider to cut off their Internet access if their computer is infected. And they may balk at being forced to keep their computers free of botnets or infections.

But they may be amenable to having their Internet provider warn them of cyberattacks and help them clear the malicious software off their computers by providing instructions, patches or antivirus programs.

They may even be willing to pay a small price each month for the service - much like telephone customers used to pay a minimal monthly charge to cover repairs.

Lewis, who has been studying the issue for CSIS, said it is inevitable that one day carriers will play a role in defending online customers from computer attack.

Comcast Corp is expanding a Denver pilot program that alerts customers whose computers are controlled through a botnet. The carrier provides free antivirus software and other assistance to clean the malware off the machine, said Cathy Avgiris, senior vice-president at Comcast.

The program does not require customers to fix their computers or limit the online usage of people who refuse to do the repairs.

Avgiris said that the program will roll out across the country over the next three months. "We don't want to panic customers. We want to make sure they are comfortable. Beyond that, I hope that we pave the way for others to take these steps."

Voluntary programs will not be enough, said Dale Meyerrose, vice-president and general manager of Cyber Integrated Solutions at Harris Corporation.

"There are people starting to make the point that we've gone about as far as we can with voluntary kinds of things, we need to have things that have more teeth in them, like standards," said Meyerrose.

For example, he said, coffee shops or airports might limit their wireless services to laptops equipped with certain protective technology. Internet providers might qualify for specific tax benefits if they put programs in place, he said.

Unfortunately, he said, it may take a serious attack before the government or industry impose such standards and programs.

In Australia, Internet providers will be able to take a range of actions to limit the damage from infected computers, from issuing warnings to restricting outbound e-mail. They could also temporarily quarantine compromised machines while providing customers with links to help fix the problem. - AP

US eyeing on Australia Internet security program

STRIKING A BALANCE: The Obama administration is reviewing an Australian program that will allow ISPs to alert customers if their computers are taken over by hackers and could limit online access if people don't fix the problem. - AP

WASHINGTON: The US Government is reviewing an Australian program that will allow Internet service providers to alert customers if their computers are taken over by hackers and could limit online access if people don't fix the problem.

Obama administration officials have met with industry leaders and experts to find ways to increase online safety while trying to balance securing the Internet and guarding people's privacy and civil liberties.

Experts and US officials are interested in portions of the plan, set to go into effect in Australia in December. But any move toward Internet regulation or monitoring by the US Government or industry could trigger fierce opposition from the public.

The discussions come as private, corporate and government computers across the United States are increasingly being taken over and exploited by hackers and other computer criminals.

White House cybercoordinator Howard Schmidt told The Associated Press that the United States is looking at a number of voluntary ways to help the public and small businesses better protect themselves online.

Possibilities include provisions in the Australia plan that enable customers to get warnings from their Internet providers if their computer gets taken over by hackers through a botnet.

A botnet is a network of infected computers that can number in the thousands and that network is usually controlled by hackers through a small number of scattered PCs.

Computer owners are often unaware that their machine is linked to a botnet and is being used to shut down targeted websites, distribute malicious code or spread spam.

If a company is willing to give its customers better online security, the American public will go along with that, Schmidt said.

"Without security you have no privacy. And many of us that care deeply about our privacy look to make sure our systems are secure," Schmidt said in an interview. Internet service providers, he added, can help "make sure our systems are cleaned up if they're infected and keep them clean."

But officials are stopping short of advocating an option in the Australian plan that allows Internet providers to wall off or limit online usage by customers who fail to clean their infected computers, saying this would be technically difficult and likely run into opposition.

"In my view, the United States is probably going to be well behind other nations in stepping into a lot of these new areas," said Prescott Winter, former chief technology officer for the National Security Agency, who is now at the California-based cybersecurity firm, ArcSight.

In the United States, he said, the Internet is viewed as a technological wild west that should remain unfenced and unfettered. But he said this open range isn't secure, so "we need to take steps to make it safe, reliable and resilient."

"I think that, quite frankly, there will be other governments who will finally say, at least for their parts of the Internet, as the Australians have apparently done, we think we can do better."

Cybersecurity expert James Lewis, a senior fellow at the Center for Strategic and International Studies (CSIS), said that Internet providers are nervous about any increase in regulations, and they worry about consumer reaction to monitoring or other security controls.

Online customers, he said, may not want their service provider to cut off their Internet access if their computer is infected. And they may balk at being forced to keep their computers free of botnets or infections.

But they may be amenable to having their Internet provider warn them of cyberattacks and help them clear the malicious software off their computers by providing instructions, patches or antivirus programs.

They may even be willing to pay a small price each month for the service - much like telephone customers used to pay a minimal monthly charge to cover repairs.

Lewis, who has been studying the issue for CSIS, said it is inevitable that one day carriers will play a role in defending online customers from computer attack.

Comcast Corp is expanding a Denver pilot program that alerts customers whose computers are controlled through a botnet. The carrier provides free antivirus software and other assistance to clean the malware off the machine, said Cathy Avgiris, senior vice-president at Comcast.

The program does not require customers to fix their computers or limit the online usage of people who refuse to do the repairs.

Avgiris said that the program will roll out across the country over the next three months. "We don't want to panic customers. We want to make sure they are comfortable. Beyond that, I hope that we pave the way for others to take these steps."

Voluntary programs will not be enough, said Dale Meyerrose, vice-president and general manager of Cyber Integrated Solutions at Harris Corporation.

"There are people starting to make the point that we've gone about as far as we can with voluntary kinds of things, we need to have things that have more teeth in them, like standards," said Meyerrose.

For example, he said, coffee shops or airports might limit their wireless services to laptops equipped with certain protective technology. Internet providers might qualify for specific tax benefits if they put programs in place, he said.

Unfortunately, he said, it may take a serious attack before the government or industry impose such standards and programs.

In Australia, Internet providers will be able to take a range of actions to limit the damage from infected computers, from issuing warnings to restricting outbound e-mail. They could also temporarily quarantine compromised machines while providing customers with links to help fix the problem. - AP

Stop Using Internet Explorer

In a statement issued last 4 days (January 16, 2010), the German Federal Office for Security in Information Technology (known as BSI) recommends that all Internet Explorer users switch to an alternative browser. They may resume using Explorer after a fix is issued by Microsoft for a critical vulnerability that has been implicated in the Chinese cyberattack against Google.

If you missed it, McAffee released on January 15, 2010: a report outlining details of the cyber assault on Google and around 20 other major technology companies. It specifically implicates a critical flaw in all versions of IE that allows hackers to “perform reconnaissance and gain complete control over the compromised system.” Microsoft has responded that it is developing an update to the vulnerability.

According to the statement from BSI, even running Internet Explorer in “protected” mode is not enough to prevent a hacker from exploiting this security flaw.

IE, while the world’s most popular browser, has been steadily losing marketshare over perceptions that it is slower and less secure than rival browsers, especially Firefox. This incident won’t help.

The full statement, translated via Google, is below:

---

Translated Statement from Germany

---

“In Internet Explorer, there is a critical yet unknown vulnerability. The vulnerability allows attackers to inject malicious code via a specially crafted Web page into a Windows computer to infiltrate and set up. The last week became known hacker attack on Google and other U.S. companies has probably exploited the vulnerability.Affected are the versions 6, 7 to 8 Internet Explorer on Windows systems XP, Vista and Windows 7 Microsoft has released a security advisory in which it discusses ways of minimizing risk and is already working on a patch to close the security gap. The BSI expects that this vulnerability will be used in a short time for attacks on the Internet.

Running the Internet Explorer in ‘protected mode’ as well as disabling scripting Acitve Although more difficult to attack, but it can not completely prevented. Therefore, the BSI recommends to switch to the existence of a patch from Microsoft to an alternative browser.

Once the vulnerability has been closed, the BSI will provide information on its warning and information about public-CERT. Keep informed about the civic-CERT and the BSI warns citizens and small and medium enterprises from viruses, worms and vulnerabilities in computer applications. The expert analysis of the BSI around the clock, the security situation in the Internet and send alerts when action is needed and safety information via e-mail.”

Source : ERM Blog

Stop Using Internet Explorer

In a statement issued last 4 days (January 16, 2010), the German Federal Office for Security in Information Technology (known as BSI) recommends that all Internet Explorer users switch to an alternative browser. They may resume using Explorer after a fix is issued by Microsoft for a critical vulnerability that has been implicated in the Chinese cyberattack against Google.

If you missed it, McAffee released on January 15, 2010: a report outlining details of the cyber assault on Google and around 20 other major technology companies. It specifically implicates a critical flaw in all versions of IE that allows hackers to “perform reconnaissance and gain complete control over the compromised system.” Microsoft has responded that it is developing an update to the vulnerability.

According to the statement from BSI, even running Internet Explorer in “protected” mode is not enough to prevent a hacker from exploiting this security flaw.

IE, while the world’s most popular browser, has been steadily losing marketshare over perceptions that it is slower and less secure than rival browsers, especially Firefox. This incident won’t help.

The full statement, translated via Google, is below:

---

Translated Statement from Germany

---

“In Internet Explorer, there is a critical yet unknown vulnerability. The vulnerability allows attackers to inject malicious code via a specially crafted Web page into a Windows computer to infiltrate and set up. The last week became known hacker attack on Google and other U.S. companies has probably exploited the vulnerability.Affected are the versions 6, 7 to 8 Internet Explorer on Windows systems XP, Vista and Windows 7 Microsoft has released a security advisory in which it discusses ways of minimizing risk and is already working on a patch to close the security gap. The BSI expects that this vulnerability will be used in a short time for attacks on the Internet.

Running the Internet Explorer in ‘protected mode’ as well as disabling scripting Acitve Although more difficult to attack, but it can not completely prevented. Therefore, the BSI recommends to switch to the existence of a patch from Microsoft to an alternative browser.

Once the vulnerability has been closed, the BSI will provide information on its warning and information about public-CERT. Keep informed about the civic-CERT and the BSI warns citizens and small and medium enterprises from viruses, worms and vulnerabilities in computer applications. The expert analysis of the BSI around the clock, the security situation in the Internet and send alerts when action is needed and safety information via e-mail.”

Source : ERM Blog

Stop Using Internet Explorer

In a statement issued last 4 days (January 16, 2010), the German Federal Office for Security in Information Technology (known as BSI) recommends that all Internet Explorer users switch to an alternative browser. They may resume using Explorer after a fix is issued by Microsoft for a critical vulnerability that has been implicated in the Chinese cyberattack against Google.

If you missed it, McAffee released on January 15, 2010: a report outlining details of the cyber assault on Google and around 20 other major technology companies. It specifically implicates a critical flaw in all versions of IE that allows hackers to “perform reconnaissance and gain complete control over the compromised system.” Microsoft has responded that it is developing an update to the vulnerability.

According to the statement from BSI, even running Internet Explorer in “protected” mode is not enough to prevent a hacker from exploiting this security flaw.

IE, while the world’s most popular browser, has been steadily losing marketshare over perceptions that it is slower and less secure than rival browsers, especially Firefox. This incident won’t help.

The full statement, translated via Google, is below:

---

Translated Statement from Germany

---

“In Internet Explorer, there is a critical yet unknown vulnerability. The vulnerability allows attackers to inject malicious code via a specially crafted Web page into a Windows computer to infiltrate and set up. The last week became known hacker attack on Google and other U.S. companies has probably exploited the vulnerability.Affected are the versions 6, 7 to 8 Internet Explorer on Windows systems XP, Vista and Windows 7 Microsoft has released a security advisory in which it discusses ways of minimizing risk and is already working on a patch to close the security gap. The BSI expects that this vulnerability will be used in a short time for attacks on the Internet.

Running the Internet Explorer in ‘protected mode’ as well as disabling scripting Acitve Although more difficult to attack, but it can not completely prevented. Therefore, the BSI recommends to switch to the existence of a patch from Microsoft to an alternative browser.

Once the vulnerability has been closed, the BSI will provide information on its warning and information about public-CERT. Keep informed about the civic-CERT and the BSI warns citizens and small and medium enterprises from viruses, worms and vulnerabilities in computer applications. The expert analysis of the BSI around the clock, the security situation in the Internet and send alerts when action is needed and safety information via e-mail.”

Source : ERM Blog