Top

All Versions of IE Vulnerable to Zero-day Attack?

January 14, 2010 by · Leave a Comment 

In case you haven’t heard, there’s been a zero-day attack against several big companies such as Google, Adobe, and others. The reports and chatter all started when Google reported that they might be taking another approach in conducting operations in China. I think this statement dropped a few jaws, “In mid-December, we detected a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google.” To be honest, I wasn’t surprised given the advanced threats we face, their intent and evolving capabilities. However, I was glad to see a company as large as Google step up and admit to the breach.

Just after Google’s report, Adobe posted their shorter, less-detailed, account of the attack. These reports came in two days ago. Brian Krebs, former security reporter at the Washington Post, has been following this story quite closely. On his blog, he notes that the attackers appear to have targeted source code and trade secrets, and that MS has posted an advisory about the unpatched vulnerability.

This story is a very interesting and is a prime example of why user education is so important. Using this unpatched zero-day exploit and a clever social engineering attack, trade secrets from countless organizations could get stolen–possibly without notice. That’s why educating users is the aim of my new book, Cyber Within. Through education, users will obtain a better understanding of risks and security challenges and will be able to spot social engineering and other malicious schemes instead of giving up corporate secrets. By the way, Cyber Within will be available in a couple of weeks. I’ll keep you posted, but in the mean time, check out a new article by my colleague Kevin Beaver where he outlines the real deal with internal security threats.

Bottom

Warning: Unknown: open(/home/content/30/5076530/tmp/sess_ufmsa2j9kuaeelb37t84chkfa4, O_RDWR) failed: No such file or directory (2) in Unknown on line 0

Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct () in Unknown on line 0