Member Login
Password
SIGN UP NOW
SOA
BUSINESS INTELLIGENCE
CLOUD COMPUTING
VIRTUALISATION
INFORMATION SECURITY
ECM & STORAGE
ExclusivesVideos & PodcastsOff the PressWhitepapersEvents
Search  

 

sitemap

home

Microsoft Fixing IE Security Hole Exploited by Chinese Cyber Hacks
On the 15th of December 2009, Chinese cyber criminals exploited a zero-day vulnerability in Microsoft’s Internet Explorer to launch attacks on many international organizations including Google and Adobe. Several versions of Internet Explorer 6, 7 and 8 are said to sport this security loophole and Microsoft has now released an advisory to mitigate this threat until they can have a security patch ready for public distribution.

According to Microsoft’s official security advisory, "The vulnerability exists as an invalid pointer reference within Internet Explorer. It is possible under certain conditions for the invalid pointer to be accessed after an object is deleted. In a specially-crafted attack, in attempting to access a freed object, Internet Explorer can be caused to allow remote code execution."

Rumors of Microsoft releasing an out of band security patch have been making the rounds all of last week, but Microsoft has put them to rest by confirming that the patch will be released before 9th February, the otherwise scheduled date for the next patch release.

Till then, Microsoft says the immediate move to defend your computer against such an attack is to upgrade to IE 8. IE 8's data execution prevention feature supposedly prevents the execution of an injected shell code on the computer. However, techniques to bypass this additional level of security currently exist and are publicly known.

Upgrade to IE 8 Will Not Solve the Problem
Richie Lai, Director of Vulnerability Research at Qualys, says that "While DEP has been proven to stop exploits like this, there are known ways to bypass DEP if you can get code running. This is where the second mitigating factor comes in, Address Space Layout Randomization (ASLR). On platforms where both DEP and ASLR are enabled, exploitation is extremely difficult."

ASLR is a security feature that prevents the attacker from exploiting vulnerable programs by randomly arranging the program’s stack, heap and library address space. ASLR is currently a standard feature with Windows Server 2008 and Windows 7. However, Microsoft’s implementation of ASLR has also been questioned and criticized.

Moving to Other Browsers is Not a Permanent Solution
Security analysts around the world are actively prescribing a shift from IE to other browser options. These vulnerabilities have even led governments of countries such as Germany and France to advise their citizens to abandon IE and switch over to other options like Mozilla Firefox and Google Chrome. This almost seems like a quintessential knee-jerk response to the current situation because users need to understand that a hacker with motivation and resources can find vulnerabilities in any Internet browser solution.

Security in today’s world needs to be implemented bottom-up from the grassroots level, which means higher level of data encryption storage on the local drives. For instance, Google has adopted a more secure encrypted HTTPS protocol for their web mail services. After all, an anti-virus software can only protect a system against known malware. And it only takes one customized piece of malicious software to infiltrate a system and the network it is connected to.
Related Articles
CollabNet Acquires Subversion Cloud Hosting Provider Codesion CollabNet® has acquired Codesion™, Inc....
Customer Service Key Driver for IT Investments in Logistics: Survey Softlink Logistic Systems, an Indian...
Oracle Revs AutoVue Enterprise Visualization Oracle has unveiled AutoVue 20.0,...
3PAR Unveils Utility Storage in India 3PAR, a global provider of utility...
Related Podcasts & Videos
Best Practices for Enterprise SOA Deployment Bob Marcus, the leader for SOA and Distributed Virtualization standards at the Network Centric Operation Industry Consortium (NCOIC.org), discusses requirements and best practices for enterprise SOA Deployment, in this talk recorded at Saltmarch Media's Business Technology Summit 2008. The session is based on Bob's experience working with large enterprises such as General Motors and Boeing. It also includes recommendations from a Session on 'SOA Deployment: Industry Best Practices' that Bob has organized for several US government agencies.
Designing Reusable Service Interfaces One of the challenges of SOA is the development of services, which are reusable. Such services can participate in several different processes and orchestrations. Experienced architects are aware that designing and implementing reusable services is much harder task than implementing services for single use. In this talk recorded at Saltmarch Media's Business Technology Summit 2008, Matjaz B. Juric discusses best practices for designing reusable service interfaces. We will discuss the possibilities provided by WSDL. We will address the versioning issue, which becomes crucial when changing/modifying services in order to make them more reusable.
Doing More With Less In the Downturn - Interview with Embarcadero's Philip Rathle Having affordable access to the right tools at the right time has never been more important, especially with today’s intense scrutiny on budgets and expectations to do more with less. Centered on the theme of recession storming, over fifty top level IT decision makers joined Saltmarch Media and Embarcadero Technologies with the objective of demystifying the changing IT environment and its impact on global business. Watch this full interview with Philip Rathle, Director of Product Management, Embarcadero All Access.
Business Transformation vs. SOA Transformation - Can I do Both? Corporations are transforming their business models in an attempt to increase revenue, operational efficiency and global competition by designing innovative business models and processes to be disruptive in their market space. In this keynote, recorded at Saltmarch Media's Business Technology Summit 2008, the Vice President of IBM's Global Solutions and Assets division says business leaders are looking for IT to provide and support the disruptive business models. However, the majority of IT's budget and resources are spent in maintenance leaving little time and resources for IT to be innovative and meet the business demands. In addition, many IT Corporations have adopted SOA in adhoc fashion and achieved some maturity in the technology. The key to aligning the IT objectives with the business objectives is a structured approach. Come hear about new ways to develop the required capabilities and prioritize the initiatives to create a Business and SOA transformation roadmap.
Brian Behlendorf on Open Source, Subversion 1.5, the rise of Globalization and Carbon Offsets Brian Behlendorf, Founder and former CTO of Collabnet, in a free-wheeling interview talks about the concept of an open source company in today's world, the indirect economic value being created by open source projects, the commercial drivers behind open source projects, the intense sharing culture promoted by social networking and collaboration tools, and his green responsibilities and how he carbon offsets his travel. Brian also discusses how application development needs to change to meet the needs of an increasingly globalized world, benefits of a virtualized infrastructure management system, factors that will hinder adoption of Subversion 1.5 and how Subversion stacks up against the competition.
Software + Services: Fundamental Shifts in Platform Computing We are at the cusp of a big industry change. The way software is delivered and monetized is undergoing a fundamental shift. The multiple models for monetization are fundamentally shifting the software industry and business models. Traditionally software companies have made monies only in Licensing and now there are three additional models to monetize. In this talk recorded at Saltmarch Media's Business Technology Summit 2008, Srikanth Karnakota says software licensing is going to continue to exist and grow. Online advertising will grow. Online transactions and subscriptions will grow. But perhaps most importantly for a number of our partners, the amount of value that will be delivered by humans providing customization services, application development services, management services, hosting services, will also continue to grow, and so we see a big opportunity for our partners as we make this transformation to Windows and Windows Live and the new software plus service user interface and computing model.
Most Popular
Most Read

CollabNet Acquires Subversion Cloud Hosting Provider Codesion

CollabNet® has acquired Codesion™, Inc. (formerly CVSDude), which provides an enterprise-grade Subversion hosting platform and serves more than 3,400 customers and 70,000 users in 90 countries. CollabNet founded the Subversion open source project in 2000 and remains the project’s principal sponsor.

Business Transformation vs. SOA Transformation - Can I do Both?

Corporations are transforming their business models in an attempt to increase revenue, operational efficiency and global competition by designing innovative business models and processes to be disruptive in their market space. In this keynote, recorded at Saltmarch Media's Business Technology Summit 2008, the Vice President of IBM's Global Solutions and Assets division says business leaders are looking for IT to provide and support the disruptive business models. However, the majority of IT's budget and resources are spent in maintenance leaving little time and resources for IT to be innovative and meet the business demands. In addition, many IT Corporations have adopted SOA in adhoc fashion and achieved some maturity in the technology. The key to aligning the IT objectives with the business objectives is a structured approach. Come hear about new ways to develop the required capabilities and prioritize the initiatives to create a Business and SOA transformation roadmap.

Brian Behlendorf on Open Source, Subversion 1.5, the rise of Globalization and Carbon Offsets

Brian Behlendorf, Founder and former CTO of Collabnet, in a free-wheeling interview talks about the concept of an open source company in today's world, the indirect economic value being created by open source projects, the commercial drivers behind open source projects, the intense sharing culture promoted by social networking and collaboration tools, and his green responsibilities and how he carbon offsets his travel. Brian also discusses how application development needs to change to meet the needs of an increasingly globalized world, benefits of a virtualized infrastructure management system, factors that will hinder adoption of Subversion 1.5 and how Subversion stacks up against the competition.

CollabNet Acquires Subversion Cloud Hosting Provider Codesion

CollabNet® has acquired Codesion™, Inc. (formerly CVSDude), which provides an enterprise-grade Subversion hosting platform and serves more than 3,400 customers and 70,000 users in 90 countries. CollabNet founded the Subversion open source project in 2000 and remains the project’s principal sponsor.

Best Practices for Enterprise SOA Deployment

Bob Marcus, the leader for SOA and Distributed Virtualization standards at the Network Centric Operation Industry Consortium (NCOIC.org), discusses requirements and best practices for enterprise SOA Deployment, in this talk recorded at Saltmarch Media's Business Technology Summit 2008. The session is based on Bob's experience working with large enterprises such as General Motors and Boeing. It also includes recommendations from a Session on 'SOA Deployment: Industry Best Practices' that Bob has organized for several US government agencies.

Designing Reusable Service Interfaces

One of the challenges of SOA is the development of services, which are reusable. Such services can participate in several different processes and orchestrations. Experienced architects are aware that designing and implementing reusable services is much harder task than implementing services for single use. In this talk recorded at Saltmarch Media's Business Technology Summit 2008, Matjaz B. Juric discusses best practices for designing reusable service interfaces. We will discuss the possibilities provided by WSDL. We will address the versioning issue, which becomes crucial when changing/modifying services in order to make them more reusable.

Advertisement

More Videos

Best Practices for Enterprise SOA Deployment Bob Marcus, the leader for SOA and Distributed Virtualization standards at the Network Centric Operation Industry Consortium (NCOIC.org), discusses requirements and best practices for enterprise SOA Deployment, in this talk recorded at Saltmarch Media's Business Technology Summit 2008. The session is based on Bob's experience working with large enterprises such as General Motors and Boeing. It also includes recommendations from a Session on 'SOA Deployment: Industry Best Practices' that Bob has organized for several US government agencies.

More...
Off the Press

CollabNet Acquires Subversion Cloud Hosting Provider Codesion CollabNet® has acquired Codesion™, Inc. (formerly CVSDude), which provides an enterprise-grade Subversion hosting platform and serves more than 3,400 customers and 70,000 users in 90 countries....

Red Hat Upgrades Middleware Platform with JBoss Enterprise SOA Platform 5.0 Red Hat has updated its middleware portfolio with JBoss Enterprise SOA Platform 5.0 that it says can provide improved web services and cloud integration. The company claims businesses can use JBoss...

Oracle Launches OLTP Machine Exadata 2 in India OLTP is a widely accepted technology known to deliver extreme performance and scalability for online transaction processing. Oracle has launched Oracle Exadata Version 2 in the Indian market, which...

More...
Whitepapers

A Business Case for Using Adobe Flex and the Adobe Flash Platform RIA combines the goodness of instant Web access to centralized data to create a user experience that is both easy to use and enjoyable. Fortune 500 companies like NASDAQ that need to run high-use,...

Cost Effective Defence-in-depth Security Controls and Solutions Information ranging from trade secrets to financial data to privacy related information has become the target of sophisticated attacks from both sides of the firewall. While most organizations have...

How to Leverage SOA Investments using Agile Methods Transitioning to SOA is a complex process that adds its supporting technologies, methodologies and staff to an enterprise’s existing layers of already fixed and difficult-to-change architecture....

More...
Site Links|Advertise|Terms of Use|Imprint|Privacy Policy|Sitemap
BTMarch|BTMarch Home|BTMarch Exclusives|BTMarch Videos & Podcasts|BTMarch Off the Press|BTMarch Whitepapers
BTLinks|Advertise|Weekly Email Digest|Members Login|Contact Us|RSS Feeds