Do You Use Internet Explorer? You’re Vulnerable. AGAIN! – Tech Tuesday
For the past few years, Internet Explorer has not been getting much love, and for good reason. It just plain sucks. Microsoft has played fast and loose with many web standards and at least in my experience, has been slower than a snail encased in ice. And to make it feel even more loved, there’s a security vulnerability for it that is zero day!
Zero Day means, when security researchers found the breach, they also found it being exploited on the net at the same time. So some crafty hackers knew about it and were already setup for it. So if you are using Internet Explorer 9 or older, you are vulnerable to this attack, as Microsoft doesn’t have a patch available. They are however aware of the attack and offering a work around. Use their Enhanced Mitigation Experience Toolkit to prevent the attack from working. That’s a great stop gap but still doesn’t fix the issue at hand. That solution won’t come till Microsoft patches IE, which may not happen in their next regular update.
The attack uses a specially built website that tries to cause a memory corruption so another program could run, and perhaps infect your machine. The file is an encrypted flash file that decompresses in memory and then then opens you up to a remote access tool so your machine can basically be searched for data or used as a bot in a distributed denial of service attack also known as a “DDOS”.
IE has been plagued by these kinds of things for years. Not that Firefox, Safari and Chrome haven’t had these kinds of issues, but they are fewer and far between. No browser is perfectly secure, but I decided to drop IE a long time ago and went with Firefox. It was smaller, faster and I liked the layout. I tried Chrome, but it seems to eat up memory on me, slowing me down. And I use Safari when I need to access a website I am working on and don’t want the cookies in Firefox to automatically log me in.
Still, if you do use IE, I really suggest switching or at least download another browser for these kinds of issues. You will see a difference.
$>rm -f iexplore.exe