Microsoft Warns of IE Flaw That Compromised Google

New evidence points to a previously unknown vulnerability in Internet Explorer as the hole through which criminals recently attacked Google and other companies, rather than a known, but unpatched vulnerability in Adobe Acrobat and Reader, as had previously been claimed.

Microsoft has issued an advisory for the new vulnerability in IE listing every currently supported version except IE5 on Windows 2000 as vulnerable. As described by Microsoft: "It is possible under certain conditions for [an] invalid pointer to be accessed after an object is deleted. In a specially-crafted attack, in attempting to access a freed object, Internet Explorer can be caused to allow remote code execution."

There are some important mitigations to this vulnerability:

    * DEP (data execution prevention) blocks it, and Microsoft has created a KB article with quick links to enable and disable DEP, if your system supports it, as all modern software and hardware do.
    * Protected Mode in IE7 and IE8 in Windows Vista and Windows 7 "limits the impact of this vulnerability." This means that the exploit code runs in the unprivileged context of IE, and can't likely do much damage.
    * If not running in Protected Mode, the attack code runs with the same privileges as the logged-in user, so running them as a standard user can limit the impact of the vulnerability as well.
    * Users running on Windows Server 2003 and 2008 run, by default, in Enhanced Security Configuration and limiting the impact for sites not in the Windows Trusted Sites zone.
    * HTML e-mail in Outlook, Outlook Express and Windows Mail opens in the Restricted Sites Zone, which prevents scripting and ActiveX controls, which Microsoft says should mitigate the attack. Unsurprisingly, this is a clue that the vulnerability is invoked through scripting and/or ActiveX controls.

Microsoft says that they are aware of "limited, active attacks attempting to use this vulnerability against Internet Explorer 6." This is worded interestingly, in that we have been led to believe that many companies were attacked and surely some of them use IE7 or IE8 on Windows XP (on Vista or Windows 7 the attacks would be blocked by Protected Mode). Perhaps the vulnerability is easier to exploit through IE6 than through more recent versions. It wouldn't be the first time that happened.

Just yesterday analysts, VeriSign iDefense among them, were claiming with certainty that the most recent PDF vulnerability, just patched by Adobe, was the vector used in the attacks. It was so easy to believe that this was the case because PDF vulnerabilities are a popular and growing vector for attacks and lend themselves well to targeted attacks.

But now Adobe is claiming that there is no evidence that "Adobe technology" was used as an attack vector. An MSRC (Microsoft Security Response Center) blog entry on the matter states that the IE 0-day was "one of the vectors used in targeted and sophisticated attacks against Google and possibly other corporate networks." This implies that there are others, although they take no position on what those were.

Adobe points to a McAfee Security Insights blog entry that names the mass-attack "Aurora" and states that they have analyzed "several pieces of malicious code" involved in the attack. It seems it was they who identified the new IE 0-day and reported it to Microsoft. They confirm that all versions of IE are vulnerable, but only IE6 was targeted.

Incidentally, in their advisory Microsoft thanks these companies for working with them and providing details:

    * Google Inc. and MANDIANT
    * Adobe
    * McAfee


MANDIANT is an threat management and incident response company which, it would seem, worked with Google on the incident. You know who the other companies are and what roles they played.

Clearly there is still a great deal about these attacks that is not yet public and we need to refrain from jumping to conclusions. Adobe's role in this, for example, could easily be just another victim of the attack, an attack which they claim was largely thwarted. We can also say, based on what we know so far, that the standard best practices advice we always give would have gone a long way towards repelling these attacks: Run current versions of operating systems, browsers and other key software and employ multiple levels of defense. There were already, for example, no end of good reasons not to run IE6 anymore, but now you have one more.

---

Hotmail: Free, trusted and rich email service. Get it now.

ITP officials given bikes to test licence seekers

ISLAMABAD - With the aim to facilitate the persons visiting traffic headquarters for the purpose of getting driving licenses, Islamabad Traffic Police (ITP) has provided motorbikes to its team that conducts driving tests.

Senior Superintendent of Police (Traffic) Dr Moeen Masood on Wednesday handed over the keys of motorcycle to the Driving Test Officer Inspector Majid Iqbal and stressed the importance of ensuring merit in the issuance of the driving licenses.

He said ITP had adopted a very transparent system for the issuance of driving licences, which would be further strengthened to ensure a safe road environment.

The SSP said that Traffic Police was making every possible effort to facilitate the citizens and has introduced one window operation for acquiring the driving license. “ITP is following a very transparent system for getting driving license and every citizen is treated equally as per law,” he said and asked the applicants not to be dependent on touts or others irrelevant persons for getting driving licenses. He said that ITP had implemented equal application of law and eliminated VIP culture. “We take no pressure from anyone and the license-seekers have to appear personally for passing the various phases conducted in a transparent manner,” he maintained.

Following the motto of quality service, he said that ITP force was accomplishing its responsibilities in a professional manner and making every possible effort for a safer road environment in the Capital.

Apple IPhone With New Camera May Be Out By June, Goldman Says

Apple Inc.’s latest iPhone will probably be available as early as June, include a more advanced camera, and may feature a touch-sensitive casing, Goldman Sachs Group Inc. analyst Robert Chen said in an interview, without identifying who gave him the information.

“Apple’s going to put a lot of innovation, not just on the hardware, but also on the software of the new iPhone,” said Taipei-based Chen, a member of Asia’s top-ranked technology hardware research team. The handset will feature a new plastic casing similar to that used for Apple’s touch-panel Magic Mouse released last year, he said.

“We’re not going to comment on rumors and speculation,” said Steve Dowling, an Apple spokesman.

Upgrading to a 5-megapixels camera will bring the handset into line with that offered by Google Inc.’s Nexus One which was released last week, Chen said. Apple, creator of iPod music players and Mac computers, got 23 percent of its sales from iPhones in the September quarter, trailing only laptops as a source of revenue, according to Bloomberg data.

The next iPhone will go into production as early as April and be available to consumers in June or July, Chen said. The handset may include an updated version of the iPhone Operating System as part an overhaul of Apple’s applications store, he said.

Robert Chen is a member of Goldman’s Asia Technology Hardware team lead by Henry King which topped the 2009 Institutional Investor rankings.

Magic Mouse, a computer mouse released in October, has a touch-sensitive solid plastic shell that replaces mechanical buttons. The technology may be replicated in the new iPhone to offer touch-sensitive features on the rear of the handset, Chen said.

Understanding Windows 7's 'GodMode'

Although its name suggests perhaps even grander capabilities, Windows enthusiasts are excited over the discovery of a hidden "GodMode" feature that lets users access all of the operating system's control panels from within a single folder.

By creating a new folder in Windows 7 and renaming it with a certain text string at the end, users are able to have a single place to do everything from changing the look of the mouse pointer to making a new hard-drive partition. The trick is also said to work in Windows Vista, although some are warning that although it works fine in 32-bit versions of Vista, it can cause 64-bit versions of that operating system to crash.

To enter "GodMode," one need only create a new folder and then rename the folder to the following:

GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}

Once that is done, the folder's icon will change to resemble a control panel and will contain dozens of control options. I'm not sure it's my idea of playing God, but it is a handy way to get to all kinds of controls.

I've asked Microsoft for more details on the feature and how it came to be. But so far, Redmond is silent on the topic.

Here is how to enable it:

1. Right click on any bank space on your desktop.
2. Click new from the menu and create a New Folder.
3. Rename the folder as follow: GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}
4. DO NOT use this trick on Vista 64X and Windows 7 64X. It will cause your Windows to crash! (read comments below)