Monday, March 27, 2006

Do not use IE until latest bug is fixed

The trick is hackers break into legitimate web sites and then set the trap that uses IE to put bots on home computers. I use Firefox for my own browsing, but at work I need to use IE for internal sites. That's probably OK for now. If you use IE you might consider installing and using Firefox instead for the next week or so. The install is very simple and clean, so it's easy to uninstall or just leave it lying around for weeks like this one.
Security Fix - Brian Krebs on Computer and Internet Security - (washingtonpost.com)

More than 200 Web sites -- many of them belonging to legitimate businesses -- have been hacked and seeded with code that tries to take advantage of a unpatched security hole in Microsoft's Internet Explorer Web browser to install hostile code on Windows computers when users merely visit the sites.

In an update to its Security Response Web log, Microsoft security program manager Stephen Toulouse said the attacks Redmond is seeing against the IE flaw 'are limited in scope for now and are being carried out by malicious Web sites.'

I have to call Microsoft out on both counts, and I think some of what I've uncovered so far about these attacks should make it clear that the situation is serious and getting worse by the hour.
I assume IE on the Mac is safe, but there's not much IE use on Macs any more.

No comments: