Feeds

CERT recommends anything but IE

Safer surfing

  • alert
  • submit to reddit

Next gen security for virtualised datacentres

US CERT (the US Computer Emergency Readiness Team), is advising people to ditch Internet Explorer and use a different browser after the latest security vulnerability in the software was exposed.

A statement on the CERT site said: "There are a number of significant vulnerabilities in technologies relating to the IE domain/zone security model, the DHTML object model, MIME type determination, and ActiveX. It is possible to reduce exposure to these vulnerabilities by using a different web browser, especially when browsing untrusted sites." CERT otherwise recommends users to set security settings to high and disable JavaScript

Malicious code, dubbed variously as "Scob" or "Download.Ject", originally posted last week on a Russian website, could be downloaded secretly onto websites using Microsoft's Internet Information Server 5.0. The code could then be used to log keystrokes made by visitors to the site - so long as they used Internet Explorer as their browser. Information, including passwords, was then to be emailed to the criminals behind the atack.

Microsoft said that it was unaware of widespread consumer impact and noted that the Russian site had been taken offline. It said some enterprise users of Windows 2000 Server, specifically users running IIS 5.0, were being targeted by "Download.Ject". According to MS, this is not a trojan or worm but "a targeted manual attack by individuals or entities towards a specific server". It said users should use a firewall, ensure they have the latest software updates and use anti-virus software.

Bill Gates, Microsoft chairman, called on users to switch on auto-update so that patches would spread faster. Speaking to Reuters in Australia at the weekend, he vowed to "guarantee that the average time to fix will come down. The thing we have to do is not only get these patches done very quickly...we also have to convince people to turn on auto-update."®

Related stories

Watch out! Incoming mass hack attack
Unpatched IE vuln exploited by adware
MS hatches June patch batch

The essential guide to IT transformation

More from The Register

next story
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
KER-CHING! CryptoWall ransomware scam rakes in $1 MEEELLION
Anatomy of the net's most destructive ransomware threat
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
prev story

Whitepapers

Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up distributed data
Eliminating the redundant use of bandwidth and storage capacity and application consolidation in the modern data center.
The essential guide to IT transformation
ServiceNow discusses three IT transformations that can help CIOs automate IT services to transform IT and the enterprise
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.