Thursday, January 14, 2010

Of Course They Did

Chinese hackers used Microsoft browser to launch Google strike

Microsoft has admitted that its Internet Explorer browser was the weak link used by hackers to attack Google's systems in China.The world's biggest software company today issued a security advisory and warned of a loophole that was used by Chinese hackers to attack dozens of US companies - the same attack that led Google on Tuesday to announce its plan to drop the censorship of its search engine in China.
"In a specially-crafted attack... Internet Explorer can be caused to allow remote code execution," said Microsoft in its security alert.
The company added that it had not yet fixed the vulnerability in the world's most popular web browser, which is used by around two thirds of internet users.
The attacks, which apparently attempted to steal personal information on Chinese dissidents and the code that runs some of Google's critical services, also hit a number of other companies, said to include Yahoo and US defence contractor Northrop Grumman.
Microsoft confirmed the existence of the loophole after an investigation by internet security firm McAfee and information from Google and Adobe.

Snip

There is a reason why the M.S. product is also known as Internet Exploder.