France, Germany advise switching browsers
The governments of France and Germany have urged users to stop using Microsoft’s Internet Explorer browser until the company fixes the security vulnerability that has been blamed, at least in part, for the attacks from China on Google and more than two dozen other companies. The attacks on Google were aimed at the Gmail accounts of dissidents and Google’s source code.
The German Bundesamt für Sicherheit in der Informationstechnik (BSI) issued a statement Jan. 16 that running IE in protected mode and disabling active scripting could improve the browser’s security but could not completely prevent exploitation. They recommended that users switch to an alternative browser until Microsoft patches the flaw.
The French computer emergency response group Centre d’Expertise Gouvernemental de Réponse et de Traitement des Attaques informatique (CERTA) issued the Jan. 15 advisory. “Le CERTA recommande l’utilisation d’un navigateur alternatif.” [CERTA recommends using an alternate browser.]
McAfee security company CTO George Kurtz commented on the gravity of the attack on the company’s blog yesterday in a piece titled “Dealing With ‘operation Aurora’ Related Attacks:”
“I believe this is the largest and most sophisticated cyberattack we have seen in years targeted at specific corporations. While the malware was sophisticated, we see lots of attacks that use complex malware combined with zero day exploits. What really makes this is a watershed moment in cybersecurity is the targeted and coordinated nature of the attack with the main goal appearing to be to steal core intellectual property.”
Kurtz didn’t exactly call for Microsoft to issue an out-of-cycle patch, but came close:
“It will be interesting to see if this vulnerability forces and out of cycle patch update.”
McAfee blog piece.
Tom Kelchner