Hackers linked to China used a zero-day vulnerability in Microsoft’s Internet Explorer browser to compromise corporate systems at more than 30 U.S. companies, including Google, Adobe and Juniper Networks.
According to Microsoft, the vulnerability is still unpatched and can lead to remote code execution attacks if a target is lured to a booby-trapped Web site or views a malicious online advertisement.
Microsoft’s confirmation, in the form of a security advisory, follows public statements from Google and Adobe that their corporate networks were breached by coordinated, sophisticated attackers based in China.
Google said the attacks were very targeted and resulted in the theft of intellectual property. Adobe confirmed its network was also breached in the same attacks but did not provide any details on what was stolen.
In a statement, Juniper Network said it was investigating “a cyber security incident involving a sophisticated and targeted attack against a number of companies.”
According to public chatter, the attackers originated in Taiwan and included a hijacked Internet addressed owned by Rackspace. The hosting firm has confirmed that its systems “played a very small part” in the attacks.
Details on the cyber-attacks are beginning to trickle out. According to Dan Kaminsky, a security researcher who was briefed on the IE vulnerability used in one of the attacks, the exploit was targeted at a Windows XP machine running Internet Explorer 6.
This was confirmed by a Mike Reavey, a director in the Microsoft Security Response Center. “To date, Microsoft has not seen widespread customer impact, rather only targeted and limited attacks exploiting IE 6,” Reavey said.
Here’s the skinny from Microsoft’s advisory:
The vulnerability exists as an invalid pointer reference within Internet Explorer. It is possible under certain conditions for the invalid pointer to be accessed after an object is deleted. In a specially-crafted attack, in attempting to access a freed object, Internet Explorer can be caused to allow remote code execution.
The flaw affects Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, and Internet Explorer 6, Internet Explorer 7 and Internet Explorer 8 on supported editions of Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are affected.
Here’s the danger:
To exploit, an attacker could host a specially crafted Web site, or take advantage of a compromised website, and then convince a user to view the Web site. In all cases, however, an attacker would have no way to force users to visit these malicious Web sites. Instead, an attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail message or in an Instant Messenger message, that directs users to the attacker’s Web site. It could also be possible to display specially crafted Web content using banner advertisements or other methods to deliver Web content to affected systems. The Microsoft investigation concluded that setting the Internet zone security setting to “high” will protect users from the vulnerability addressed in this advisory.
Microsoft is considering an out-of-band emergency IE patch to fix this vulnerability.
Thursday, January 28, 2010
This is a Sponsored Post written by me on behalf of IZEA. All opinions are 100% mine.
Guyz! Here’s good news for you, either you are a blogger or advertiser, SocialSpark is now live! SocialSpark is very helpful to bloggers, why? It helps you earn money just like other paid to blog site, but what’s different in SocialSpark? Your profile helps you to get traffic and promote you blog site or for the advertiser their products. You make your own profile so that the other blogger and advertiser can easily get in touch with you.
I sign up for SocialSpark and make my own profile, you can see my profile and look at the different from other blog marketing service just follow this link Jaye Profile. I am surfing and looking other profiles and I found one that interests me. I am a Information Technology and so she is, she work in a company that has a high paying job, while we are chatting I found that Information Technology is very in demand in abroad, if you want to see her profile just follow this links Courtney.
I do love SocialSpark, there a many people that is friendly and willing to help you what you need. However, I have one thing I don’t like here, the communication is limited, and you cannot see if the person you are chatting is online or not, it is better to know if your chat mate is online so that you can make communication instantly. Even it is not in instant message format, as long as you will know that they are online, it is fine to have in their status that they are online,, they have also Code of Ethics so that you wont be harassed by other people. In my opinion, there overall rating from me is 8 out of 10. So what are you waiting for! Sign up and feel the experience.
Monday, January 11, 2010
Wanting to become more beautiful? Want all the guys will look and admire you? Then be beautiful inside out! The Answer for your needs is sono bello, leader in making you beautiful!
Sono Bello is the leader in Laser Assisted Body Contouring technology. They focus on body contouring, and unmatched experience in the latest laser assisted a liposuction technique, that’s why they are one of the nation’s fastest-growing body contouring clinics. So why you should choose sono bello? First and foremost, all the physicians are board certified, you can guarantee that you will be treated well. Secondly, latest laser assisted body contouring equipment, certified best in the world. And Lastly, new techniques carefully designed by the world’s top plastic surgeons, so every time you come to sono bello, they have unique way of how to make you beautiful! Plus, sono bello, have available with 0% financing with their preferred financing partners! So what are you waiting for? Get the body that you always wanted and look beautiful!!!
Wednesday, January 6, 2010
Are you looking for a good web hosting and web servers that qualify for your need? For a quality service and good quality server visit Web Hosting Geeks now, they provide best web hosting services and best quality servers Or whether you are looking for s shared hosting, vps hosting or a dedicated server, Web Hosting Geeks have just the right solution for you. Find the best web host for your new site at the web's biggest web hosting reviews site. So what are the benefits you will gain if you subscribe to their web hosting? I have a friend that already subscribe to them, He have been using it for just a few months, but have already noticed the huge difference between web geeks and the other hosting service that he have been using before this one. The servers are FAST, upgrades to software and databases are applied lightning quick within seconds while other site of a similar size hosted on by my past service takes minutes to update. Bandwidth is flexible and has been able to pull 100mb/s easily off the server when transferring between webhost servers. Overall, they are everything and great! They have also other preferred hosting servers that also been manage by them, so you can be sure that one server will not be crowded among all the subscriber, information will have pure security for your protection, so need to worry about all the information that your putting in the database of their system. So what are you waiting for? Visit them now and subscribe to feel the difference!