Did Google use Internet Explorer?

Did Google use Internet Explorer?

Tags:   advisory  Chrome  Google  Imperva  Internet Explorer  McAfee  Microsoft  vulnerability

By Victor Ng | Jan 19, 2010

Microsoft has acknowledged that the IE exploit had been used in the attacks against Google and other major corporations. "We have determined that Internet Explorer was one of the vectors used in targeted and sophisticated attacks against Google and possibly other corporate networks," said Mike Reavey, director of Microsoft's Security Response Center (MSRC).

However, Reavey downplayed the threat to average Windows users. "Microsoft has not seen widespread customer impact, rather only targeted and limited attacks exploiting IE6 at this time," he said.

It seems the malware that Microsoft and other researchers have examined was designed to exploit IE6, the eight-year-old browser that's most often used with Windows XP.

But, in response to McAfee’s claim  that the vulnerability in Internet Explorer played an important role in the recent attack against Google China, Imperva CTO Amichai Shulman cast doubt over the assertion.

While it's true that Microsoft issued a security advisory today, as McAfee noted when it reported the IE bug had been exploited by hackers who had attacked computer networks of nearly three dozen major companies between mid-December 2009 and Jan. 4, 2010, many industry watchers are questioning why Google wasn't using its own Chrome web browser instead. 

The advisory warned users of a critical and unpatched vulnerability in IE, and acknowledged that it had been used to hack several companies' networks.

“First, why are Google employees using IE and not Google’s own browser, Chrome? This doesn’t make sense,” explained Shulman. “Second, to execute an attack this sophisticated, it likely occurred as a result of spear phishing on Google employees to gain access to Google users’ credentials. A hacker would have to jump through many hoops inside an internal network. This requires network -- not browser -- vulnerabilities so that the attacker can communicate with malware inside Google’s internal network.”

He added: “Unfortunately, blaming Microsoft is all too easy and it’s leading to a panic. France and Germany are now recommending that its citizens not use Internet Explorer given its role in the recent Google hacking incident,” he said, citing today’s decision by leading European governments.

 
 
12

Similar

Related Articles

Add comment

Post a Comment

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <a> <p> <span> <div> <h1> <h2> <h3> <h4> <h5> <h6> <img> <img /> <map> <area> <hr> <br> <br /> <ul> <ol> <li> <dl> <dt> <dd> <table> <tr> <td> <em> <b> <u> <i> <strong> <font> <del> <ins> <sub> <sup> <quote> <blockquote> <pre> <address> <code> <cite> <embed> <object> <strike> <caption>
  • Lines and paragraphs break automatically.
  • Use <!--pagebreak--> to create page breaks.

More information about formatting options

 

Similar

Related Articles

knowledge_central_tab

 
 
Knowledge Central
Today's top security priorities
Attacks based on vulnerabilities in websites are skyrocketing, and not many solutions are available to protect organizations against them. How do you deal with this and other key security issues today?
Taking a holistic business-centric approach to security
Today’s CIOs face multiple challenges, including the need to innovate in an extremely competitive business climate, address highly dynamic regulatory and compliance challenges, speed ROI to counter shrinking IT budgets, and secure their organizations against a wide barrage of sophisticated threats.
 
 
 
UTM product offers Logansport Savings Bank superior protection
Astaro Security Gateway’s IPS was able to block attacks that other intrusion prevention systems (IPS) missed at Logansport Savings Bank.
Hong Leong Financial opts for Juniper Networks at new Malaysia head office, data center
Hong Leong Financial Group Berhad builds complete and seamless data center and office network infrastructure with Juniper switches, security devices and Junos software.
 
 
 

Recent popular content

Most Read
Merging SIM and IAM systems
WhiteHat Security reveals top 10 Web hacking techniques
Zeus botnet temporarily disrupted
Social networking sites are phishing traps
RSA conference tackles social networking

Site map
Search Security Asia
About Us
Print/Digital Subscription
Sales
Feedback
Security Tips
Expert Opinions
Research
White Papers
Case Studies

Blogs
Topics
Application security
Disaster recovery and business continuity
Identity management and access control
Information security careers, training and certifications
Topics
Network and Internet Security
Security best practices
Security threats
Surveillance and facilities management
Media
Videos
Podcasts
Webcasts
News
RSS