Internet Explorer Aurora Exploit in the Wild

Posted on January 17, 2010 by Fuzzy

Score!

I’m happy to note that according to Google Analytics only 28% of you are using Internet Explorer. My hat’s off to 72% of you. If you are in that other 28%, however, unless you like your personal data compromised or you want to feel the thrill of having your PC ride in a botnet herd, use it to download Chrome or Firefox or Opera or Safari or whatever and don’t open it again until Microsoft gets out a patch for the Aurora exploit.

If you’ve read the hubub about China hacking into Google to go after dissidents and others in recent days, you may have heard that IE was a primary attack vector. The exploit is now in the wild and was added to Metasploit, an open source security testing framework that is a ton of fun to play with at wifi hotspots (so I’ve heard) but can otherwise be used to ruin your whole day. This video should send chills down your spine:

No social engineering hacks required. Just clicking on a link can compromise your system. Reports are indicating that all versions of IE, 6 to 8, are affected.

If you think I’m being over-reactionary or that my anti-Microsoft bias is shining through, note that Germany has recommended everyone stop using Internet Explorer immediately and over 20 other tech companies have been hacked. Right now there is no patch from Microsoft.

Hopefully by the time you read this Microsoft will have a patch out, but if that isn’t the case, don’t click on the big blue E unless it’s to download a different browser.

*Edit: France has now joined Germany in advising its people to stop using Internet Explorer until there’s a fix.

This entry was posted in News. Bookmark the permalink.

4 Responses to Internet Explorer Aurora Exploit in the Wild

  1. Ralph Dell says:
    January 22, 2010 at 8:54 am

    You caught my attention with your browser stats. I believe it says a lot more about your blog audience than the overall use of IE or not IE in the US. The vast majority of users that hit my counties web sites are IE users. I’m just tickled to see IE6 usage dropping over time.

    Reply
  2. Sean Mandolini says:
    May 27, 2010 at 8:27 am

    How did you get that font for your blog? I’m having trouble changing the font on my blog :/

    Reply
  3. Christoper Bagu says:
    May 27, 2010 at 10:06 pm

    Finally a post worth my time. Blogs are just getting so boring nowadays. If only more people wrote like you..!

    Reply
  4. Fuzzy says:
    May 28, 2010 at 10:08 am

    I’m using the Google Fonts API, one of the things they announced this month. Basically you stick a reference in the document head and you’ve got a new font ready to use. See: http://code.google.com/apis/webfonts/docs/getting_started.html#Quick_Start

    Reply

Leave a Reply

Your email address will not be published.

*


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>