Like The Herald Business Journal on Facebook!
The Herald of Everett, Washington
Heraldnet.com

The top local business stories in your email

Contact Us:

Josh O'Connor
Publisher
Phone: 425-339-3007
joconnor@heraldnet.com

Jody Knoblich
General Sales Manager
Phone: 425-339-3445
Fax: 425-339-3049
jknoblich@heraldnet.com

Jim Davis
Editor
Phone: 425-339-3097
jdavis@heraldnet.com

Site address:
1800 41st Street, S-300,
Everett, WA 98203

Mailing address:
P.O. Box 930
Everett, WA 98206

HBJ RSS feeds

Hackers find a hole in Internet Explorer browser

SHARE: facebook Twitter icon Linkedin icon Google+ icon Email icon |  PRINTER-FRIENDLY  |  COMMENTS
By Will Oremus
Slate
Published:
In an alarming development for both Microsoft and the millions who use its Internet Explorer browsers, hackers have found a security hole that allows them to install malicious software on Windows XP computers. Specifically, security researcher Eric Romang of Zataz.com discovered on Sunday that the fresh "zero day" vulnerability allowed cybercrooks to use a form of the old Poison Ivy trojan horse to take control of victims' machines. The flaw appears to affect Internet Explorer versions 6, 7, 8, and 9, though not the brand-new version 10 (which is only available on Windows 8). It seems the culprits may be related to the bunch who exploited a major flaw in Oracle's Java browser plug-in last month.
When news of the Java vulnerability broke, security experts' advice was clear-cut: Disable the Java browser plug-in immediately unless you absolutely need it. The fact that Java applets have grown relatively scarce on the Web, coupled with Oracle's sluggish response to the problem, made that an easy call for most. (Java has since patched the hole, for what it's worth.)
So if you're a Windows XP user, should you now dump Internet Explorer as well? Perhaps, experts say, though the hack shouldn't be a cause for mass panic. For one thing, Microsoft itself has responded quickly with a security advisory that includes an extensive list of work-arounds. Its apparent sense of urgency suggests that it may offer a prompt update that patches the problem, though it hasn't done so yet.
Unfortunately for Microsoft, the work-arounds are a bit cumbersome and could affect your browsing experience - potentially more so than just switching to another browser. And while IE loyalists could just try to avoid potentially malicious websites and hope for the best, you never know. "I would recommend not using Internet Explorer until this issue is patched," Sophos' Chet Wisniewksi says. "While the exploit is not in widespread use, it could be integrated into popular attack kits like the Blackhole Exploit Kit any time now."
For those who were already thinking of switching to another browser, such as Google's super-fast Chrome, Mozilla's highly customizable Firefox, or Opera, consider this the perfect time. If you don't like it, you can come back to IE once Microsoft fixes this flaw.
bc-hackers
Story tags » SoftwareInternet & CloudMicrosoft

MORE HBJ HEADLINES

CALENDAR

Share your comments: Log in using your HeraldNet account or your Facebook, Twitter or Disqus profile. Comments that violate the rules are subject to removal. Please see our terms of use. Please note that you must verify your email address for your comments to appear.

You are logged in using your HeraldNet ID. Click here to update your profile. | Log out.

Our new comment system is not supported in IE 7. Please upgrade your browser here.

comments powered by Disqus

Market roundup