1/16/2010

Attack code used to hack Google now public

Filed under: — Aviran Mordo

The dangerous Internet Explorer attack code used in last month’s attack on Google’s corporate networks is now public.

The code was submitted for analysis Thursday on the Wepawet malware analysis Web site, making it publicly available. By Friday, it had been included in at least one publicly available hacking tool and could be seen in online attacks, according to Dave Marcus, director of security research and communications at McAfee.

German Government: Stop Using Internet Explorer

Filed under: — Aviran Mordo

In a statement issued today, the German Federal Office for Security in Information Technology (known as BSI) recommends that all Internet Explorer users switch to an alternative browser. They may resume using Explorer after a fix is issued by Microsoft for a critical vulnerability that has been implicated in the Chinese cyberattack against Google.

Gmail Switchs To SSL after China hacking

Filed under: — Aviran

Google is tightening the security of its free e-mail service to combat computer hackers like the ones that recently targeted it in China.

With the shift, Gmail accounts will automatically be set in an “https” mode, meaning contents of e-mail will be scrambled so they’re less likely to leak out to unauthorized users. Before, only the log-in data was encrypted.

Google hadn’t been using this more secure format as Gmail’s default setting because it can be slower than the unprotected mode.

Attack on Google exploited Microsoft browser flaw

Filed under: — Aviran

Recent sophisticated cyber attacks on Google Inc and other businesses exploited a previously unknown flaw in Microsoft Corp’s Internet Explorer browser.

The weakness in the world’s most widely used browser was identified by security company McAfee Inc, and later confirmed by Microsoft.

Google said on Tuesday that in mid-December, it detected an attack on its corporate infrastructure originating from China that resulted in the theft of its intellectual property. It eventually found that more than 20 other companies had been infiltrated.

McAfee said on Thursday that those who engineered the attacks tricked employees of the companies into clicking on a link to a website that secretly downloaded sophisticated malicious software onto their PCs.

“We have never seen attacks of this sophistication in the commercial space. We have previously only seen them in the government space,” said Dmitri Alperovitch, a vice president of research with McAfee.

Powered by WordPress