http://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/ Engadget Comments for http://www.engadget.com/media/feedlogo.gif http://www.engadget.com en-us Copyright 2012 Weblogs, Inc. The contents of this feed are available for non-commercial use only. Blogsmith http://www.blogsmith.com/http://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/http://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/Jan 15th 2010 2:05PMhttp://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/http://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/
Great report, no mention of the fact it's limited to IE6 nor the fact that unless Google prefer IE to Chrome (it's self a bigger story IMO) it's not the type of attack Google had.]]>Jan 15th 2010 2:22PMhttp://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/http://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/
And then the suggestion to switch to the now MUCH more insecure Firefox that doesn't even support the full standard HTML4 spec.]]>Jan 15th 2010 2:57PMhttp://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/http://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/I admit I don't use IE except for when I have to do something in windows that requires only IE but it really isn't anyone but the user's fault.

People bitched about IE6 and IE7 and Microsoft released IE8 on which this attack couldn't have happened from what I understand.

Isn't it on the user to update security?
Something was broken so the makers fixed it but instead of accepting the fix, you carried on bitching about what was broken. And you can't really say that they didn't have the opportunity to upgrade because if there's one thing we know, Windows just loves to update itself.

I also understand that there was no single form of attack but a multi-staged attack, one of which was an IE6 exploit. So not solely IE6's fault.

Also, one company being hacked and blaming another company that's also their direct competitor. Classy...]]>Jan 15th 2010 3:32PMhttp://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/http://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/Jan 15th 2010 3:40PMhttp://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/http://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/
(Going to this site just pisses me off more and more, find myself at gizmodo much more often these days...I just hate the gawker interface even more then engadgets)]]>Jan 15th 2010 4:35PMhttp://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/http://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/Jan 15th 2010 4:47PMhttp://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/http://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/
Judging by my downranking from earlier, some of the readership here is just as bad. At least from the "Let's censor/hide facts that don't support our idealism" POV.

So which came first, the Editorial bias, or the reader bias?]]>Jan 15th 2010 4:49PMhttp://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/http://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/If you follow the details of MS's updates you'll see that on a regular basis flaws are fixed that only exist in newer version of their software, so there is no 1:1 relationship with updating and being more secure with MS.
And it makes sense, if you put in new code it will have new flaws not yet found, then once found they are exploited.
]]>Jan 15th 2010 5:52PMhttp://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/http://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/
An attack like that is really hard/ close to not being detected when its done for the first time. More Google-China Conspiracies: http://bit.ly/google-china-censorship-details

Imagine what would happen if another propaganda like this has been promulgated against firefox? And it turns out that someone is just manipulating/orchestrating these events just to spin the head of people and have a revolt from one company after another... ]]>Jan 15th 2010 7:43PMhttp://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/http://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/Jan 15th 2010 8:14PMhttp://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/http://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/Jan 15th 2010 2:05PMhttp://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/http://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/Jan 15th 2010 2:07PMhttp://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/http://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/Jan 15th 2010 2:08PMhttp://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/http://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/
Inconceivable! ]]>Jan 15th 2010 2:09PMhttp://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/http://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/Jan 15th 2010 2:17PMhttp://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/http://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/I think you don't understand the subtlety of sarcasm.]]>Jan 15th 2010 2:21PMhttp://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/http://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/
I do not think th-

...

That joke's been done too many times, hasn't it?]]>Jan 15th 2010 2:29PMhttp://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/http://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/
I think that by now it's perfectly acceptable to simply shout "inconceivable!" whenever you want to imply someone doesn't understand the word(s) he is saying.]]>Jan 15th 2010 2:56PMhttp://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/http://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/As the ancient chinese proverb says: It's not a flaw it's a feature]]>Jan 15th 2010 6:04PMhttp://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/http://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/Jan 16th 2010 7:17AMhttp://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/http://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/Jan 15th 2010 2:07PMhttp://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/http://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/I love Chrome! Sooooo much better than IE]]>Jan 15th 2010 3:41PMhttp://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/http://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/Jan 15th 2010 7:52PMhttp://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/http://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/Jan 15th 2010 2:07PMhttp://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/http://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/yes they is now blame microsoft lol]]>Jan 15th 2010 2:09PMhttp://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/http://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/
yea I'm is now blame techlord]]>Jan 15th 2010 2:14PMhttp://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/http://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/Jan 15th 2010 2:07PMhttp://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/http://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/


Internet Explorer.]]>Jan 15th 2010 2:08PMhttp://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/http://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/
Guess the Apple commercial is right - "We've heard that before"

Not an Apple owner, but could be soon.]]>Jan 15th 2010 2:11PMhttp://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/http://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/Jan 15th 2010 2:19PMhttp://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/http://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/
“most of the world”?

Remind me again of the current browser shares?]]>Jan 15th 2010 2:36PMhttp://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/http://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/
http://marketshare.hitslink.com/report.aspx?qprid=3

looks like IE all versions is about 60%.

Microsoft Internet Explorer 6.0 20.99%
Microsoft Internet Explorer 8.0 20.86%
Firefox 3.5 16.32%
Microsoft Internet Explorer 7.0 15.53%
Firefox 3.0 6.91%
Chrome 3.0 3.75%
Safari 4.0 3.45%
Microsoft Internet Explorer 8.0 - Compatibility Mode 2.80%
Opera 10.x 1.58%
Firefox 2.0 0.89%
]]>Jan 15th 2010 2:57PMhttp://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/http://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/No, and there probably never will be so long as it has over 60% market share. Its exploit 101, target the largest group of people. If everyone made a mass migration to apple I guarantee you would see A LOT more exploits popping up for OSX. As apple's market share keeps rising, its just a matter of time before you see malware and exploits start cropping up.]]>Jan 15th 2010 3:39PMhttp://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/http://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/Current browser shares are this way because most people are dweebs with no idea of the patheticness of IE.]]>Jan 15th 2010 3:55PMhttp://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/http://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/Jan 15th 2010 2:12PMhttp://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/http://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/Jan 15th 2010 4:12PMhttp://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/http://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/Jan 15th 2010 2:15PMhttp://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/http://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/
"Microsoft has admitted that its Internet Explorer was a weak link in the recent attacks on Google's systems that originated in China."

An IE exploit was used against Google's systems. Not Google getting hax0rd for using IE.]]>Jan 15th 2010 2:33PMhttp://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/http://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/Jan 15th 2010 2:41PMhttp://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/http://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/
I know nothing about cyber attacks, but it sounds like IE was actually used as the weapon. Like if just by connecting to a Google site using IE you could use vulnerabilities to attack.

Kind of like using a specific game (Mechwarrior 2?) on the original Xbox to get XBMC on it.

I still don't know how that's possible unless they somehow got malicious code onto a Google server, or there was some vulnerability in their code that IE allowed the hackers to exploit.

Of course, keep in mind that not every single person that works for Google is a 'computer person'. I'm sure they have lots of people in sales, marketing, accounting, HR, etc. that only know enough about computers to get their jobs done.]]>Jan 15th 2010 2:59PMhttp://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/http://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/
Well, I know that for me, I never upgrade IE on computers I use since I don't *use* IE. I use chrome now, and before that it was firefox, so most of my computers that run XP probably still have IE6. I don't USE it, but that might actually still leave me vulnerable, I'm not sure. I just hate IE so much that I don't want to give MS any happy feelings by downloading the newest version.

But maybe that's dumb and I'm still vulnerable? I'm not even sure.

I do use IE Tab in chrome though, and that would use whatever IE I have, so i do occasionally use it.

Maybe that's what happened at google?
-Taylor]]>Jan 15th 2010 3:00PMhttp://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/http://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/
You dumbass....read more articles before posting. It was indeed machines at Google running IE that opened the door.

What a noob.]]>Jan 15th 2010 3:03PMhttp://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/http://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/Jan 15th 2010 3:08PMhttp://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/http://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/
Or maybe the hackers did get lucky and find the one instance of IE running at the Googleplex. It seems possible that with as many machines as Google has, there's got to be at least a few somewhere that have IE.
Though the activist angle sounds more likely to me.]]>Jan 15th 2010 8:32PMhttp://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/http://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/Google wasn't using IE, IE was used to hack into Google accounts. This is actually how the majority of attacks are carried out, you get a user on a computer using a browser with a security flaw and you hack into their account while they're logged into it. Someone did that with people's Gmail accounts.]]>Jan 16th 2010 6:43PMhttp://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/http://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/
http://www.dailytech.com/article.aspx?newsid=17415]]>Jan 15th 2010 2:20PMhttp://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/http://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/
Again, anything is better than IE, though.]]>Jan 15th 2010 2:29PMhttp://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/http://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/
Amen to that. :)]]>Jan 15th 2010 2:49PMhttp://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/http://www.engadget.com/2010/01/15/ie-security-flaw-exploited-in-recent-google-attacks/Firefox 3.6 and 3.7 are faster than chrome and just about as fast as safari.]]>Jan 15th 2010 3:20PM