Showing posts with label security. Show all posts
Showing posts with label security. Show all posts

Wednesday, December 17, 2008

Microsoft releases patch for IE


Microsoft has finally released its security patch for Internet Explorer. It will be a relief for fans of the most popular browser, but there may still dangers lurking under the hood of millions of computers users.

Even before the security hole became widely publicised, hackers were already exploiting the vulnerabilities and launching attacks on unsuspecting IE users [FT blog]. The holes in IE security weren’t widely publicised and many people may still be open to attack from the unscrupulous hackers phishing for information. Sky News and the BBC made only scant mention of the risk associated with the web-browser. CNN made a small mention of the story but in the main most would have learnt of the risk via the internet itself as word of mouth spread around the globe. Even after the release of the patch the Fox News website was still informing readers that the risk continued and advised internet users to avoid IE.

For those who have updated their browser it is advisable to run anti-virus software after installing any available updates. The update may need to be initiated by some users by going to update.microsoft.com and clicking the ‘check for updates’ button on the window. The updates may only be accessible by using Internet Explorer and security in the program might also need to be reduced to ‘Medium’ in some cases.

Microsoft ready to launch security patch



Microsoft is set to launch an emergency patch to repair a large security hole that has become evident in all versions of Internet Explorer. While internet users wait to patch up their security many have turned to other browsers. There are several alternatives to Microsoft’s Internet Explorer, but while most offer a secure browsing environment, all have their own faults, glitches and bugs.


Google Chrome, which recently came out of beta, has cleaned up some of the problems that existed in earlier versions but many users remain unsatisfied with the program. While fast, there are few of the features that users of other popular browsers will be familiar. There is no Google Toolbar which can provide quick shortcuts to regularly visited sites and there are bizarre anomalies when attempting to copy links from the address bar into documents. While attempting to copy and paste a link into Microsoft Works Word Processor a message greets the user: “The information you copied exceeds the size limit for pasting into the Word Processor. Try reducing the size of your selection and then copy and paste again”. However pasting the same into Microsoft Word does work, but many users of Microsoft’s new operating system Vista will find themselves without this much used programme.


Mozilla’s Firefox has gained a large user base, though still well below that of Internet Explorer, but not everything works swimmingly. Many websites simply won’t open properly in the browser, and web publishing through Firefox can cause problems in other browsers. Foreign language support is a particular issue that is failing in the browser. But in its favour Firefox is relatively fast, though start-up is still slightly slower than IE, and the browser does come with many of the familiar add-ons seen in IE. Some though remain unavailable including the ‘download video’ facility for the popular Realplayer.


Flock is perhaps not as well known but is popular amongst those who participate in a great deal of so called social networking. However, there are similar issues, as with Google Chrome, of copying and pasting links, even into the compose pages of blogger. The layout can also appear very complicated and perhaps overwhelming to many.


Safari and Opera are perhaps the least used of the Internet browsers. Safari, which started life as a Mac specific browser, has spawned its Windows version but has yet to be taken up in vast numbers, despite claims of being the fastest of all the available browsers. Opera is mostly seen in mobile phones and while it has achieved a positive reception amongst desktop users there remains a number of compatibility issues. It remains the 5th most popular browser after Internet Explorer, Firefox, Safari and Chrome.
In usage terms Internet Explorer is the most popular browser with over 71% using the program. Firefox is second but only shares 20% of the market. Safari has a small but loyal 6% of Internet users though many are only on Macs. Both Opera and Chrome have less than 1% of the market share while other browsers fall well below that figure.


Despite the problems plaguing Microsoft’s browser, and with many making temporary use of other browsers, most will probably return to IE. There will be some who find Firefox fires up better, and some may find Chrome more shiny than expected. There may even be some who flocked to Flock and feel sheepish about returning to IE. Some might also start singing the praises of Opera. But most will return to where they feel most comfortable and where the surroundings are familiar. The next dilemma is whether to uninstall the half a dozen or so browsers that some have placed on their PCs [Mashable].

Microsoft is set to release the security patch at 18:00 GMT/UTC [13:00 EST] via all the usual routes [BBC / CNN / Sky News]

Tuesday, December 16, 2008

Media fail to report major Internet risk



Millions of computer users around the world are at risk after Chinese security experts inadvertently revealed holes in Microsoft’s Internet Explorer browser. The vulnerability was first revealed last week by the Chinese security team Knownsec. It said on Tuesday 9th December it mistakenly released exploit code thinking that the problem was already patched, iDefense said [computerworld].

Unfortunately there was no patch and by the weekend around 0.2% of the world’s computers has been “exposed to websites containing exploits of this latest vulnerability according to researchers Ziv Mador and Tareq Saade on their blog. The hole enables hackers to place code on websites which enable them to steal passwords from subsequent visitors. Initially the affected sites appeared to be pornographic websites, however the problem has grown significantly with many other sites now affected. Security experts warned that the number of affected sites was growing exponentially and while some attacks were launched to steal passwords to online gaming their was an increased risk the exploit could be used to steal more sensitive data.

By Sunday many security experts were advising PC users to use a different web browser, such as Firefox, Flock or Google Chrome, until Microsoft came up with a solution. But it was only on Tuesday morning that major news organisations began to cover the story. Many may still be unaware of the risk as the item is buried away in the tech pages of news websites and the back pages of newspapers. The BBC mentioned the news on their website at 09:20 GMT but their 24 hour news channel did not report the ‘Breaking News’ until 11:15 GMT, about a week after the exploit was discovered!

As for a solution, it is unclear when Microsoft, who only recently issued its biggest group of patches in five years, will release a patch for this vulnerability. Such patches often take time to develop and a scheduled patch release is not due until 13th January 2009. An emergency release may come but until then computer users are told to be extra vigilant with their online activity.

Microsoft advises users to use IE in protected mode, but this is only available to Vista users. Symantec gave a far more comprehensive ‘work around’ but many users would probably be baffled by the list.

The news of the security failure could not have come at a worse time for Microsoft as it prepares to launch a new operating system Sky News. Windows 7 may not be out for some time but with more and more holes appearing in Microsoft products, many computer users may start to look elsewhere.

Monday, December 08, 2008

Security breached in airport protest


Protesters who breached secure areas of Stansted airport have disrupted air travel for hundreds of travellers. Essex police made 57 arrests following the demonstration which was described by airport operator BAA as “unlawful”. The action was mounted by climate change action group Plane Stupid, but with concerns that Britain’s airports might be under threat of terrorist attacks the demonstration could be regarded as plain stupid. In 2006 a threat of attacks

Ryanair has criticised the security at the airport after many of its flights were cancelled and there will no doubt be questions as to how the protesters were able to breach the secure area so easily.

Protesters, using bolt cutters, cut through fences at around 03:15 GMT and made their way onto an area near but not actually on the main runway. The airport does not become operational until around 06:00 GMT, but the action forced the closing of the runway until 08:10 GMT. At least 56 flights were cancelled and delays persisted throughout the day. Delays were also expected to continue into Tuesday, though Ryanair said there was likely to be disruption for the next three days. The disruption has left many passengers feeling angry.

One of the activists said that that while she was “incredibly apologetic” that passengers had been affected, the threat to the planet from airport expansion needed to be highlighted. Lily Kember, 21, told the BBC that "The effects of climate change are going to be monumental". Another protester said, "We're afraid of what the police might do to us, we're afraid of going to jail but nothing scares us as much as the threat of runaway climate change."

But the arguments failed to wash with passengers. Stuart Meacock, from Peterborough, told BBC Radio 5 Live, "It's disgusting. I mean, it's not only breaking all of the safety rules, but it's disrupting everybody's lives”. Another delayed passenger told the BBC Jorg Tittel told the BBC, "I am all for fighting for our environment, but these kids have failed already. They are making thousands of travellers angry". Many people also called into London’s radio station LBC to vent their anger over the events. For those waiting for flights the situation was uncertain with many passengers telling Sky News channel that they had found it difficult to get information.
The anger towards the protesters also filled bulletin boards and comments pages on the Internet. One Sky News viewer said, “They are all plain stupid and self-centred”. Some were even demanding the protest group should pay for their actions. One man writing under the name of Scott on Sky’s website said, “The police should beat them with nightsticks and then put them in jail for an illegal protest. The fine should be the total cost of clearing the runways, the additional fuel, overtime, etc divided evenly amongst all the members of the organisation, even if they were not there”.

A spokeswoman for Essex Police said 50 people had been accused of aggravated trespass, three of attempting to gain access to a restricted area, and four of conspiracy to commit a public nuisance. Ch Supt Ian Gruneberg told BBC News the demonstrators, who were chained together, were "committing a criminal act" and would be dealt with by the courts.

The irony about today’s protest was that amongst those delayed at Stansted was a delegation heading to the climate change summit at Poznan in Poland [BBC / Sky News].