It appears you have not yet registered with our community. To register please click here...

 
Go Back [M] > Madshrimps > WebNews
Microsoft knew about IE6 flaw for months ? Microsoft knew about IE6 flaw for months ?
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read


Microsoft knew about IE6 flaw for months ?
Reply
 
Thread Tools
Old 22nd January 2010, 15:54   #1
Madshrimp
 
jmke's Avatar
 
Join Date: May 2002
Location: 7090/Belgium
Posts: 78,579
jmke has disabled reputation
Default Microsoft knew about IE6 flaw for months ?

MICROSOFT WAS MADE AWARE of the zero-day IE6 flaw five months before it released the 'emergency' out-of-band ms10-002 patch to finally fix the problem yesterday.

The release was hurriedly cobbled together to patch the hole in Internet Explorer that was thought to have given Chinese hackers, possibly working for China's government, access to Google's internal systems and human rights activists' Gmail accounts.

http://www.theinquirer.net/inquirer/...e6-flaw-months
__________________
jmke is offline   Reply With Quote
Old 22nd January 2010, 17:45   #2
Rutar
 
Posts: n/a
Default

Someone at google actually uses IE? O—o
  Reply With Quote
Old 22nd January 2010, 18:15   #3
Madshrimp
 
jmke's Avatar
 
Join Date: May 2002
Location: 7090/Belgium
Posts: 78,579
jmke has disabled reputation
Default

...think you misread this.

an exploit on client's end using IE bug.
says nothing about google using IE
__________________
jmke is offline   Reply With Quote
Old 22nd January 2010, 18:39   #4
Rutar
 
Posts: n/a
Default

How did they Access the internal Systems then?
  Reply With Quote
Old 22nd January 2010, 18:41   #5
Madshrimp
 
jmke's Avatar
 
Join Date: May 2002
Location: 7090/Belgium
Posts: 78,579
jmke has disabled reputation
Default

it were clients using IE6 which were used to attack google site using exploit in IE to bypass certain security barriers from what I've understood.

the "internal systems" = gmail.
which for google is "their system"

Quote:
The company admitted that its own investigations into the highly organized hacking attack in late December against various companies (including Google) had concluded that a Remote Code Execution vulnerability in IE was used by the perpetrators. That vulnerability is triggered by an attacker using JavaScript to copy, release, and then later reference a specific Document Object Model element; attack code may be executed if it is successfully placed in a random location of freed memory.
so all they needed to do is get the target to load a website with the javascript code to get access to their google account;
__________________
jmke is offline   Reply With Quote
Reply


Similar Threads
Thread Thread Starter Forum Replies Last Post
Microsoft to release fix for Windows Shortcut flaw on Monday jmke WebNews 0 31st July 2010 12:06
Microsoft warns of TLS/SSL flaw in Windows jmke WebNews 0 10th February 2010 13:28
Microsoft warns of IE flaw, turns PC into public file server jmke WebNews 0 5th February 2010 09:48
Microsoft patching "Google hack" flaw in IE tomorrow jmke WebNews 1 21st January 2010 09:56
Microsoft Patch Tuesday: 5 Criticals, 2 Important, 1 Moderate Patch jmke WebNews 0 14th April 2009 18:47
Microsoft Security Bulletin Summary for September 2008 jmke WebNews 0 9th September 2008 19:20
Microsoft Security Bulletin Summary for August 2007 jmke WebNews 0 14th August 2007 22:21
Microsoft investigates potential new IE flaw Sidney WebNews 0 18th August 2005 18:15

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


All times are GMT +1. The time now is 08:45.


Powered by vBulletin® - Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO