This article is from the source 'bbc' and was first published or seen on . It will not be checked again for changes.
You can find the current article at its original source at http://news.bbc.co.uk/go/rss/-/1/hi/technology/8465038.stm
The article has changed 3 times. There is an RSS feed of changes available.
Version 1 | Version 2 |
---|---|
France in fresh Explorer warning | France in fresh Explorer warning |
(9 minutes later) | |
France has echoed calls by the German government for web users to find an alternative to Microsoft's Internet Explorer (IE) to protect security. | France has echoed calls by the German government for web users to find an alternative to Microsoft's Internet Explorer (IE) to protect security. |
Certa, a government agency that oversees cyber threats, warned against using all versions of the web browser. | Certa, a government agency that oversees cyber threats, warned against using all versions of the web browser. |
Germany warned users on Friday after malicious code - implicated in attacks on Google - was published online. | Germany warned users on Friday after malicious code - implicated in attacks on Google - was published online. |
But Microsoft told BBC News that IE8 was the "most secure browser on the market" and people should upgrade. | But Microsoft told BBC News that IE8 was the "most secure browser on the market" and people should upgrade. |
Cliff Evans, head of security and privacy, said that so far the firm had only seen malicious code that targeted the older version of its browser, IE6. | Cliff Evans, head of security and privacy, said that so far the firm had only seen malicious code that targeted the older version of its browser, IE6. |
"The risk is minimal," he said. | "The risk is minimal," he said. |
For a web user to be affected, he said, they would have to be using IE6 and visit a compromised website. | For a web user to be affected, he said, they would have to be using IE6 and visit a compromised website. |
"There are very few of them out there," he told BBC News. | "There are very few of them out there," he told BBC News. |
However, if this did occur, a PC could become infected with a "trojan horse", allowing a hacker to take control of the computer and potentially steal sensitive information. | However, if this did occur, a PC could become infected with a "trojan horse", allowing a hacker to take control of the computer and potentially steal sensitive information. |
'Sophisticated attack' | 'Sophisticated attack' |
Although the vulnerability has so far been exploited only in IE6, security researchers warned that could soon change. | Although the vulnerability has so far been exploited only in IE6, security researchers warned that could soon change. |
"Microsoft themselves admit there is a vulnerability, even in IE8," said Graham Cluley of security firm Sophos. | "Microsoft themselves admit there is a vulnerability, even in IE8," said Graham Cluley of security firm Sophos. |
This terrible piece of PR for Microsoft comes just as the IE browser which had almost total control of the market starts to come under pressure... Rory Cellan-Jones, BBC technology correspondent class="" href="http://www.bbc.co.uk/blogs/thereporters/rorycellanjones/2010/01/has_china_helped_google_in_the.html">Has China helped Google in the browser wars? | |
Mr Cluley said that because details of the exploit were now available online, hackers could soon change the code to target other versions of the browser. | Mr Cluley said that because details of the exploit were now available online, hackers could soon change the code to target other versions of the browser. |
He warned web users to be careful about clicking on links in unsolicited e-mails and advised all web users to upgrade their browser to the latest version, no matter which software they used. | He warned web users to be careful about clicking on links in unsolicited e-mails and advised all web users to upgrade their browser to the latest version, no matter which software they used. |
The advice follows revelations that a "targeted and sophisticated" attack on Google exploited the vulnerability. | The advice follows revelations that a "targeted and sophisticated" attack on Google exploited the vulnerability. |
Google said last week that an attack on its corporate network had targeted the e-mail accounts of human rights activists. | Google said last week that an attack on its corporate network had targeted the e-mail accounts of human rights activists. |
The attack led Google to announce that it might withdraw from China, after it revealed that the attacks had probably originated in the country. | The attack led Google to announce that it might withdraw from China, after it revealed that the attacks had probably originated in the country. |
Following the news, Germany's Federal Office for Information Security issued a warning against all versions of Internet Explorer and recommended that users switch to an alternative such as Firefox or Google's Chrome. | Following the news, Germany's Federal Office for Information Security issued a warning against all versions of Internet Explorer and recommended that users switch to an alternative such as Firefox or Google's Chrome. |
The French agency Certa issued a similar warning. | The French agency Certa issued a similar warning. |
"Pending a patch from the publisher, Certa recommends using an alternative browser," it said. | "Pending a patch from the publisher, Certa recommends using an alternative browser," it said. |
The UK government had said that it would not issue a similar warning. However, it said the Centre for the Protection of National Infrastructure (CPNI)was "monitoring the situation" and would "publish further advice if the risks change". | The UK government had said that it would not issue a similar warning. However, it said the Centre for the Protection of National Infrastructure (CPNI)was "monitoring the situation" and would "publish further advice if the risks change". |
Patch path | Patch path |
But Mr Evans said that calls to change browsers were "not very helpful". | But Mr Evans said that calls to change browsers were "not very helpful". |
"If you look at other browsers, it's likely they will have other vulnerabilities," he said. | "If you look at other browsers, it's likely they will have other vulnerabilities," he said. |
The vulnerability was found to be used in an attack on Google | |
He pointed to a report by security firm NSS Labs reportedly showing that IE8 provided better security against phishing and malware than other browsers. | He pointed to a report by security firm NSS Labs reportedly showing that IE8 provided better security against phishing and malware than other browsers. |
"We feel strongly that IE8 is most secure browser on the market," Mr Evans said. | "We feel strongly that IE8 is most secure browser on the market," Mr Evans said. |
His advice was echoed by Mr Cluley. | His advice was echoed by Mr Cluley. |
"Switching away will get away from this particular problem," he told BBC News. "But all browsers have security flaws." | "Switching away will get away from this particular problem," he told BBC News. "But all browsers have security flaws." |
Mr Cluley said that switching away from IE could create other problems, particularly for companies. | Mr Cluley said that switching away from IE could create other problems, particularly for companies. |
"Some web-based applications may not work at all if you're not using Internet Explorer." | "Some web-based applications may not work at all if you're not using Internet Explorer." |
Microsoft is currently working on a patch for the problem, but a spokesperson said it could not commit to a timeframe. | Microsoft is currently working on a patch for the problem, but a spokesperson said it could not commit to a timeframe. |
The firm traditionally releases a security update once a month - the next scheduled patch will be ready on 9 February. | The firm traditionally releases a security update once a month - the next scheduled patch will be ready on 9 February. |