Custom Search

Monday, February 1, 2010

Google Hacked!!!

Hackers linked to China used a zero-day vulnerability in Microsoft’s Internet Explorer browser to compromise corporate systems at more than 30 U.S. companies, including Google, Adobe and Juniper Networks.

According to Microsoft, the vulnerability is still unpatched and can lead to remote code execution attacks if a target is lured to a booby-trapped Web site or views a malicious online advertisement.

Microsoft’s confirmation, in the form of a security advisory, follows public statements from Google and Adobe that their corporate networks were breached by coordinated, sophisticated attackers based in China.


Google said the attacks were very targeted and resulted in the theft of intellectual property. Adobe confirmed its network was also breached in the same attacks but did not provide any details on what was stolen.

In a statement, Juniper Network said it was investigating “a cyber security incident involving a sophisticated and targeted attack against a number of companies.”

According to public chatter, the attackers originated in Taiwan and included a hijacked Internet addressed owned by Rackspace. The hosting firm has confirmed that its systems “played a very small part” in the attacks.

Details on the cyber-attacks are beginning to trickle out. According to Dan Kaminsky, a security researcher who was briefed on the IE vulnerability used in one of the attacks, the exploit was targeted at a Windows XP machine running Internet Explorer 6.

This was confirmed by a Mike Reavey, a director in the Microsoft Security Response Center. “To date, Microsoft has not seen widespread customer impact, rather only targeted and limited attacks exploiting IE 6,” Reavey said.

Here’s the skinny from Microsoft’s advisory:

The vulnerability exists as an invalid pointer reference within Internet Explorer. It is possible under certain conditions for the invalid pointer to be accessed after an object is deleted. In a specially-crafted attack, in attempting to access a freed object, Internet Explorer can be caused to allow remote code execution.

The flaw affects Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, and Internet Explorer 6, Internet Explorer 7 and Internet Explorer 8 on supported editions of Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are affected.

Here’s the danger:

To exploit, an attacker could host a specially crafted Web site, or take advantage of a compromised website, and then convince a user to view the Web site. In all cases, however, an attacker would have no way to force users to visit these malicious Web sites. Instead, an attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail message or in an Instant Messenger message, that directs users to the attacker’s Web site. It could also be possible to display specially crafted Web content using banner advertisements or other methods to deliver Web content to affected systems. The Microsoft investigation concluded that setting the Internet zone security setting to “high” will protect users from the vulnerability addressed in this advisory.

Microsoft is considering an out-of-band emergency IE patch to fix this vulnerability.

5 comments:

stockinfos said...

this is a nice blog. You can also find more information about your choice here

日月神教-向左使 said...

AV,無碼,a片免費看,自拍貼圖,伊莉,微風論壇,成人聊天室,成人電影,成人文學,成人貼圖區,成人網站,一葉情貼圖片區,色情漫畫,言情小說,情色論壇,臺灣情色網,色情影片,色情,成人影城,080視訊聊天室,a片,A漫,h漫,麗的色遊戲,同志色教館,AV女優,SEX,咆哮小老鼠,85cc免費影片,正妹牆,ut聊天室,豆豆聊天室,聊天室,情色小說,aio,成人,微風成人,做愛,成人貼圖,18成人,嘟嘟成人網,aio交友愛情館,情色文學,色情小說,色情網站,情色,A片下載,嘟嘟情人色網,成人影片,成人圖片,成人文章,成人小說,成人漫畫,視訊聊天室,性愛,色情,080苗栗人聊天室,免費a片,視訊美女

金瓜米粉Jason said...

,徵信社,尋人,偵探,偵探社,徵才,私家偵探,徵信,徵信社,徵信公司,抓猴,出軌,背叛,婚姻,劈腿,感情,第三者,婚外情,一夜情,小老婆,外遇,市場調查,公平交易法,抓姦,債務,債務協商,應收帳款,詐欺,離婚,監護權,法律諮詢,法律常識,離婚諮詢,錄音,找人,追蹤器,GPS,徵信,徵信公司,尋人,抓姦,外遇,徵信,徵信社,徵信公司,尋人,抓姦,外遇,徵信,徵信社,徵信公司,尋人,抓姦,外遇,徵信,徵信社,徵信公司,尋人,抓姦,外遇,徵信社

Jerry Adams said...

Hello,

Its good to be here, very nice post, the content is amazing, keep posting friend it will be very helpful for everyone, Thanks for sharing. I really liked it.

Thanks And Regards

90 Day Installment Loans
90 day payday loans


Simply awesome Really interesting ,,brilliant post..thanks for sharing...!!!

Blogger said...

BlueHost is ultimately the best website hosting company with plans for any hosting requirements.

 
Resource Keyword Directory