WatchGuard Wire
Improve Your Security IQ
Hackers in China rumored to have hacked Google with IE zero day
19 January 2010 -- Last week, big news surfaced about
Chinese hackers breaching Google, and many other well-known technology
companies, possibly stealing source code and intellectual property.
It all started last Tuesday, when Google
disclosed that an attacker based in China had hacked the gmail accounts of
certain human rights activists. In reaction to this attack, Google
warned that they would no longer censor search results on their Chinese
search site - something they originally had to do in order to conduct
business in China.
Shortly after Google reported their breach, around 20
other companies reported breaches that appeared to be related -
companies like Adobe, Yahoo, and Juniper. At first, reports
suggested that the attackers used a vulnerability in Adobe's PDF
Reader to breach these networks. However, this week it has become clear
that a zero day
Internet Explorer (IE) vulnerability was at fault. According to a security
advisory Microsoft released this week, IE 6, 7, and 8 suffer from a
complex vulnerability involving invalid pointer references in memory
(perhaps a double
free vulnerability). By enticing you to a malicious web site, an
attacker could exploit this unpatched IE flaw to execute code on your
computer, with your privileges. Since most Windows users have local
administrative privileges, this attack usually results in a full
compromise. Making matters worse, this particular IE exploit has
now been released publicly. Now anyone can try to use the vulnerability
believed to be leveraged in the Google attacks.
This Google hacking incident, which pundits are calling "Aurora,"
has already created huge waves in the security arena. It has political,
business, and security ramifications that experts will have to consider
for a long time to come. However, I'm more concerned with practical
advice. What am I - a business network administrator - supposed to do
about the IE zero day vulnerability while I wait for Microsoft to release patches? Here are a few
suggestions:
- Set your Internet Security Zone level to "High." Microsoft
claims this could prevent this attack.
- If you have a newer version of Windows (Vista and beyond), run IE
in "Protected Mode." (see Microsoft's security
advisory for more details)
- Keep your antivirus and antimalware solutions up to date. They
should have signatures for the publicly released exploit.
- You could also use Firefox with NoScript in the interim. While
Firefox does have its own security flaws, I find combining it with
NoScript protects you from a large portion of web threats.
- Finally, watch for Microsoft's patch
Many people, me included, expect Microsoft to release an out-of-cycle
patch for this IE flaw before next Patch Tuesday. If you are a
WatchGuard LiveSecurity customer, we will release an alert as soon as
we see release of this patch. Nonetheless, I highly recommend
you keep an eye on Microsoft's
security page, so that you can jump on this patch as soon
as it becomes available. -- Corey Nachreiner,
CISSP
Copyright© 2010 WatchGuard® Technologies, Inc. You may copy and distribute this article freely in any medium as long as you copy and distribute the entire article without change and preserve this copyright statement and notice.
|
