Friday, July 02, 2004

US Govt Cyber Experts Advise Browser Switch

Last Friday, in response to the latest security exploit involving Microsoft products, the usually staid U.S. government's Computer Emergency Readiness Team, or US-CERT, published a warning strongly suggesting that users of Microsoft's Internet Explorer should switch to another Web browser, due to "significant vulnerabilities" in technologies included in IE.

The following article appeared in The Straits Times, (today's issue) dated 02 July 2004:

"THE United States government's cyberdefence experts, along with other computer gurus, are urging users to consider a switch away from Microsoft's widely used Internet Explorer (IE) because of new security problems.

The unusual - and for Microsoft, highly embarrassing - warning comes because of a security hole that has allowed hackers to surreptitiously install software on hundreds of websites that use Microsoft's Web server programs.

That, in turn, downloads spyware programs to personal computers, including one that steals credit card numbers and other forms of financial information.

'This is a wake-up call for us to advise users to switch to an alternative browser,' said Mr Johannes Ulrich of the SANS Internet Storm Centre in the US, which tracks immediate threats on the Internet. 'With Internet Explorer, you're playing Russian roulette and hoping the sites you visit aren't compromised.'

Most anti-virus software have been updated to block the specific program, the JS.Scob Trojan, but Microsoft has not, so far, been able to inoculate IE against the broad technique.

None of the most prominent alternative browsers, Opera, Mozilla or Netscape, is vulnerable to the flaw. Nor are computers running Linux or the Macintosh operating systems.

Another new threat emerged this week that might compromise the passwords and account information of users who bank online.

It targets users of IE and can be picked up from pop-up ads that secretly download software capable of capturing users' keystrokes. -- LAT"


No comments: