Madshrimps Forum Madness

Madshrimps Forum Madness (http://www.madshrimps.be/vbulletin/index.php)
-   WebNews (http://www.madshrimps.be/vbulletin/forumdisplay.php?f=22)
-   -   Microsoft knew about IE6 flaw for months ? (http://www.madshrimps.be/vbulletin/showthread.php?t=69383)

jmke 22nd January 2010 15:54

Microsoft knew about IE6 flaw for months ?
 
MICROSOFT WAS MADE AWARE of the zero-day IE6 flaw five months before it released the 'emergency' out-of-band ms10-002 patch to finally fix the problem yesterday.

The release was hurriedly cobbled together to patch the hole in Internet Explorer that was thought to have given Chinese hackers, possibly working for China's government, access to Google's internal systems and human rights activists' Gmail accounts.

http://www.theinquirer.net/inquirer/...e6-flaw-months

Rutar 22nd January 2010 17:45

Someone at google actually uses IE? O—o

jmke 22nd January 2010 18:15

...think you misread this.

an exploit on client's end using IE bug.
says nothing about google using IE

Rutar 22nd January 2010 18:39

How did they Access the internal Systems then?

jmke 22nd January 2010 18:41

it were clients using IE6 which were used to attack google site using exploit in IE to bypass certain security barriers from what I've understood.

the "internal systems" = gmail.
which for google is "their system" ;)

Quote:

The company admitted that its own investigations into the highly organized hacking attack in late December against various companies (including Google) had concluded that a Remote Code Execution vulnerability in IE was used by the perpetrators. That vulnerability is triggered by an attacker using JavaScript to copy, release, and then later reference a specific Document Object Model element; attack code may be executed if it is successfully placed in a random location of freed memory.
so all they needed to do is get the target to load a website with the javascript code to get access to their google account;


All times are GMT +1. The time now is 16:55.

Powered by vBulletin® - Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO