Hackers used previously unknown Internet Explorer flaw in new attacks

Summerwind · Feb 14, 2014

Hackers used previously unknown Internet Explorer flaw in new attacks | Reuters

Security firm FireEye Inc discovered the attacks against IE 10 this week, saying that hundreds or thousands of machines have been infected. It said the culprits broke into the website of U.S. Veterans of Foreign Wars and inserted a link that redirected visitors to a malicious web page that contained the infectious code in Adobe Systems Inc's Flash software.
FireEye researcher Darien Kindlund said that the attackers were probably seeking information from the machines of former and current military personnel and that the campaign shared some infrastructure and techniques previously attributed to groups in mainland China.
He said planting backdoors on the machines of VFW members and site visitors to collect military intelligence was a possible goal.

Now understand I love PCs and not MACs, but evenso I never use IE of any version except to preview for coding issues when I'm updating or changing my website, this is why. Also I don't use Outlook for the same reason. They are just so targeted. I used to have a different OS shell to avoid even the explorer.exe needing to execute, but it didn't seem to work on W7 so I do have a full Explorer OS and shell. I also keep my internet and cpu icons in my taskbar so if they start popping activity that seems at all unusual for what I'm doing. I hit the disconnect from internet key asap, which I also hit anytime I step away from the screen more than a minute or two.

Carjosse · Feb 14, 2014

Who still uses Internet Explorer?

Summerwind · Feb 14, 2014

Carjosse said:
Who still uses Internet Explorer?

True, I guess most of the Firefox hold-outs that I knew, now use Chrome. Apparently the VFW and 100s of 1000s of others though.

Deuce · Feb 14, 2014

It's still like 80% of computers out there. (although stats now heavily skewed by mobile devices, I think)

PeteEU · Feb 14, 2014

Summerwind said:
Hackers used previously unknown Internet Explorer flaw in new attacks | Reuters

Now understand I love PCs and not MACs, but evenso I never use IE of any version except to preview for coding issues when I'm updating or changing my website, this is why. Also I don't use Outlook for the same reason. They are just so targeted. I used to have a different OS shell to avoid even the explorer.exe needing to execute, but it didn't seem to work on W7 so I do have a full Explorer OS and shell. I also keep my internet and cpu icons in my taskbar so if they start popping activity that seems at all unusual for what I'm doing. I hit the disconnect from internet key asap, which I also hit anytime I step away from the screen more than a minute or two.

Chances are the machines in question are not updated with the latest security patches and so on. Most infections require user interaction.

Summerwind · Feb 14, 2014

PeteEU said:
Chances are the machines in question are not updated with the latest security patches and so on. Most infections require user interaction.

Did you read the article?

I agree about the updating, it specifically says that IE11 isn't a problem but the flaw is in IE10. However, it isn't uncommon with IE to delay installation of the newer releases while MS gets it's bugs worked out. Seems more than once it was a new release of IE that was compromised early on but were fixed with later security updates. I see your point, and it is not only likely it is what the case is, but I don't agree that it always assures the best choice to update to new releases immediately.

PeteEU · Feb 14, 2014

Summerwind said:
Did you read the article?

I agree about the updating, it specifically says that IE11 isn't a problem but the flaw is in IE10. However, it isn't uncommon with IE to delay installation of the newer releases while MS gets it's bugs worked out. Seems more than once it was a new release of IE that was compromised early on but were fixed with later security updates. I see your point, and it is not only likely it is what the case is, but I don't agree that it always assures the best choice to update to new releases immediately.

Yes I did, and like it or not IE 10 and now 11 are considered the most secure browsers out there. They stop most malware. Chrome is right behind, but browsers like Safari, Firefox and Opera are miles behind. You could run IE or Chrome and no antivirus/malware and be relatively secure on a Windows 8 machine and some what secure on a Windows 7 machine.... but if you use one of the 3 others, then you are opening the door to attacks.

Lets put it this way.. the last few years, the yearly hackathon of what OS is easiest to hack has been won by hacking OSX via Safari. Windows takes a hell of a lot more time to hack, and Linux even more.

So that they found an unknown hole in IE and Flash does not mean that IE is not the most secure browser out there.

Now personally I use Chrome for various reasons and I dont like IE 10, but I do respect the product as being secure as hell. But nothing is secure 100% and if the person behind the computer allows in malware then well. I have had 3 computers this week alone that I have had to clean from Sweet-pages and AwesomeHD malware.. and it aint easy with those short cut infection malware... there always seem some that the scanners miss and it is always those short cuts that customers seem to find bleh.

Fiddytree · Feb 14, 2014

Carjosse said:
Who still uses Internet Explorer?

Business, enterprise, Mom & Pop, and the most important feature of IE:

Carjosse · Feb 14, 2014

Fiddytree said:
Business, enterprise, Mom & Pop, and the most important feature of IE:

Even my school board uses Chrome or Firefox now and that is saying something.

Summerwind · Feb 14, 2014

PeteEU said:
Yes I did, and like it or not IE 10 and now 11 are considered the most secure browsers out there. They stop most malware. Chrome is right behind, but browsers like Safari, Firefox and Opera are miles behind. You could run IE or Chrome and no antivirus/malware and be relatively secure on a Windows 8 machine and some what secure on a Windows 7 machine.... but if you use one of the 3 others, then you are opening the door to attacks.

Lets put it this way.. the last few years, the yearly hackathon of what OS is easiest to hack has been won by hacking OSX via Safari. Windows takes a hell of a lot more time to hack, and Linux even more.

So that they found an unknown hole in IE and Flash does not mean that IE is not the most secure browser out there.

Now personally I use Chrome for various reasons and I dont like IE 10, but I do respect the product as being secure as hell. But nothing is secure 100% and if the person behind the computer allows in malware then well. I have had 3 computers this week alone that I have had to clean from Sweet-pages and AwesomeHD malware.. and it aint easy with those short cut infection malware... there always seem some that the scanners miss and it is always those short cuts that customers seem to find bleh.

I've been running Firefox since it's inception without an antivirus, just a good quality user controlled firewall and have never gotten a worm, a trojan, or a virus. So you can claim it, but though everyone besides me (that I know) has anti-virus meaning it's not an apples to apples comparison, but I've not known anyone go from Firefox to Chrome or Firefox to IE. Only the other way around. That's just my experience. I have no national or international data to back it up.

PeteEU · Feb 15, 2014

Summerwind said:
I've been running Firefox since it's inception without an antivirus, just a good quality user controlled firewall and have never gotten a worm, a trojan, or a virus. So you can claim it, but though everyone besides me (that I know) has anti-virus meaning it's not an apples to apples comparison, but I've not known anyone go from Firefox to Chrome or Firefox to IE. Only the other way around. That's just my experience. I have no national or international data to back it up.

I was talking about the built in security in the browser.. its ability to weed out malware and stop it without having extra protection. IE is best at that, followed by Chrome, then far behind Safari/Firefox and last by Opera.

Now saying that, no browser is perfect in doing so, so you do need extra protection regardless if you use Windows or Mac. Only OS that is secure for now is Linux, simply because so few "average" people use it and the malware producers cant be assed to make malware for Linux.

Summerwind · Feb 15, 2014

PeteEU said:
I was talking about the built in security in the browser.. its ability to weed out malware and stop it without having extra protection. IE is best at that, followed by Chrome, then far behind Safari/Firefox and last by Opera.

Now saying that, no browser is perfect in doing so, so you do need extra protection regardless if you use Windows or Mac. Only OS that is secure for now is Linux, simply because so few "average" people use it and the malware producers cant be assed to make malware for Linux.

Apparently not or we'd not be reading about IE10 having a massive attack, right? Sorry, I'm not convinced Firefox is as un-safe as you suggest, nor that IE is the safest. I'd put Chrome and Firefox at about the same, however since Chrome is Google, and I don't want google and it's many arms of intrusion allowed when I browse, I use Firefox. I don't trust Google to allow any kind of blocking programs that would block google itself, even if is appeared to be blocked. Just my own thing, not that my browsing is at all interesting, but even with Firefox, there's not hardly any pages I go to that don't have google ads, google syndication, googleapis, and of just plain google. Google is great when I want it, but I don't like it following me around.

American · Feb 15, 2014

Federal govt uses IE.

Cardinal · Feb 15, 2014

Summerwind said:
Apparently not or we'd not be reading about IE10 having a massive attack, right? Sorry, I'm not convinced Firefox is as un-safe as you suggest, nor that IE is the safest. I'd put Chrome and Firefox at about the same, however since Chrome is Google, and I don't want google and it's many arms of intrusion allowed when I browse, I use Firefox. I don't trust Google to allow any kind of blocking programs that would block google itself, even if is appeared to be blocked. Just my own thing, not that my browsing is at all interesting, but even with Firefox, there's not hardly any pages I go to that don't have google ads, google syndication, googleapis, and of just plain google. Google is great when I want it, but I don't like it following me around.

How can you really know if any of those privacy add-ons or do-not-track selections are actually doing anything?

PeteEU · Feb 15, 2014

Summerwind said:
Apparently not or we'd not be reading about IE10 having a massive attack, right?

Supposed massive attack.. but to be frank even a few hundred thousand computers aint massive. In the Mac world yes, but not in the Windows PC world. If they were talking millions or 10s of millions then yes, that would be massive.

Sorry, I'm not convinced Firefox is as un-safe as you suggest, nor that IE is the safest.

That is a fact.

Which browser is safest? The answer may surprise you

or

Infosecurity - There is No Single 'Most Secure' Browser

Over all IE comes out way ahead of Firefox and slightly ahead of Chrome. The part I especially fell over was the ability of IE to stop phissing via social networks.

But remember everything is relative to the user behind the screen. All browsers have one massive weakness... the user.

I'd put Chrome and Firefox at about the same, however since Chrome is Google, and I don't want google and it's many arms of intrusion allowed when I browse, I use Firefox. I don't trust Google to allow any kind of blocking programs that would block google itself, even if is appeared to be blocked. Just my own thing, not that my browsing is at all interesting, but even with Firefox, there's not hardly any pages I go to that don't have google ads, google syndication, googleapis, and of just plain google. Google is great when I want it, but I don't like it following me around.

Dont get me wrong. I use to be a massive Firefox fan, but some years ago Firefox was very heavy resource wise and it pissed me. Then Google came out with Chrome, and I tried it and never looked back. As for being afraid of Google.. /shrug I dont see a problem since chances are you are using google in Firefox.. and if not that then Bing or some other inferior search engine that is just as bad. Even the duck thingy search engine is full of spam, and what not, and hardly lists results well (at least last time I looked).

Summerwind · Feb 15, 2014

Cardinal said:
How can you really know if any of those privacy add-ons or do-not-track selections are actually doing anything?

Because from time to time on certain trustworthy sites, I'll allow scripts and turn off the adblocker, then I see all the crap I'm missing. Also even a google search won't work on my browser unless/until I allow google. For DP if I don't have both DP and yahooapis allowed, it works, but not well, with lots of missing details.

I know my firewall choices, which include the ability to choose which programs are allowed on line and which aren't, seem to work as I've never had a trojan, a virus, or a worm. I get no pop ups, and the only blue screens I've ever gotten were when my laptop drive actually crashed. Like I've said before I know how to monitor and control my machine.

The other I guess odd thing I do, is that about every 6-12 months, I back up all important data, wipe the computer and reinstall from original discs. Then I reload any programs I use. I do this because I am often testing programs and uninstalls don't always clean things out all the way. So this assures that every so often, I am positive to have wiped any remnants away. It takes about 12 hours from beginning to end, but I'm an insomniac so what else am I going to do?

AliHajiSheik · Feb 15, 2014

Summerwind said:
Because from time to time on certain trustworthy sites, I'll allow scripts and turn off the adblocker, then I see all the crap I'm missing. Also even a google search won't work on my browser unless/until I allow google. For DP if I don't have both DP and yahooapis allowed, it works, but not well, with lots of missing details.

I know my firewall choices, which include the ability to choose which programs are allowed on line and which aren't, seem to work as I've never had a trojan, a virus, or a worm. I get no pop ups, and the only blue screens I've ever gotten were when my laptop drive actually crashed. Like I've said before I know how to monitor and control my machine.

The other I guess odd thing I do, is that about every 6-12 months, I back up all important data, wipe the computer and reinstall from original discs. Then I reload any programs I use. I do this because I am often testing programs and uninstalls don't always clean things out all the way. So this assures that every so often, I am positive to have wiped any remnants away. It takes about 12 hours from beginning to end, but I'm an insomniac so what else am I going to do?

Save yourself some time and just make an image of your drive after your next reinstall, then you can just go back to it and reinstall updates and copy over data. Your drive won't last forever.

Summerwind · Feb 15, 2014

PeteEU said:
Supposed massive attack.. but to be frank even a few hundred thousand computers aint massive. In the Mac world yes, but not in the Windows PC world. If they were talking millions or 10s of millions then yes, that would be massive.

That is a fact.

Which browser is safest? The answer may surprise you

or

Infosecurity - There is No Single 'Most Secure' Browser

Over all IE comes out way ahead of Firefox and slightly ahead of Chrome. The part I especially fell over was the ability of IE to stop phissing via social networks.

But remember everything is relative to the user behind the screen. All browsers have one massive weakness... the user.

Dont get me wrong. I use to be a massive Firefox fan, but some years ago Firefox was very heavy resource wise and it pissed me. Then Google came out with Chrome, and I tried it and never looked back. As for being afraid of Google.. /shrug I dont see a problem since chances are you are using google in Firefox.. and if not that then Bing or some other inferior search engine that is just as bad. Even the duck thingy search engine is full of spam, and what not, and hardly lists results well (at least last time I looked).

Actually I will agree there, it has become massive and if I wasn't on a reasonably new, very cool laptop that I got factory refurbished for a song (and a new hard drive as it did crash in the 7th month, of course the warranty on a refurbish was 6 months). I've streamed video, recorded tv from a tuner dongle, done 14+MB photo editing, while Skyping with my daughter, and haven't been able to push the cpus past 15%. And I have a terrabyte hard drive, so no shortage there. Were this my last computer, a 10 yo with a AMD dual core and 225gb harddrive, I might be more likely to reconsider the browser. On here I'm fine.

I don't go to social media sites, so I guess perhaps I'm not worried about them. But again, I'd imagine that all that could be controled through NoScript, though it's way too much hassle I think for most people to really learn to use NoScript.

Summerwind · Feb 15, 2014

AliHajiSheik said:
Save yourself some time and just make an image of your drive after your next reinstall, then you can just go back to it and reinstall updates and copy over data. Your drive won't last forever.

I actually have a program to do that. I might, though by doing things one at a time, I assure that programs that have been unused or replaced in that six months aren't reinstalled simply because they were part of the last reinstall. Well something to think about, thanks.

Hackers used previously unknown Internet Explorer flaw in new attacks

Summerwind

Hot Flash Mama

Carjosse

Sit Nomine Digna

Summerwind

Hot Flash Mama

Deuce

Outer space potato man

PeteEU

Summerwind

Hot Flash Mama

PeteEU

Fiddytree

Neocon Elitist

Carjosse

Sit Nomine Digna

Summerwind

Hot Flash Mama

PeteEU

Summerwind

Hot Flash Mama

American

Trump Grump Whisperer

Cardinal

Respected On All Sides

PeteEU

Summerwind

Hot Flash Mama

AliHajiSheik

Summerwind

Hot Flash Mama

Summerwind

Hot Flash Mama