Internet Explorer 8 compromised in 2 minutes
Friday, March 26th, 2010
Following the last post about security problems, today we hear that at the hacker contest Pwn2Own Microsoft Internet Explorer 8 running on Windows 7 was compromised in less than 2 minutes. The setup runs DEP and ASLR which are anti malware defences designed to protect memory by restricting buffer overflow and randomly assigning memory addresses to make life hard for hackers.
Obviously all that hard work Microsoft put in to protect us ultimately provides very little real protection. Yet another example of how easy it is to run malicious code on our machines. The worry is that when we’re told we are running protected software that we believe this to be true and don’t take the basic precautions that are essential these days. Avoid going to dodgy websites where possible. Don’t download from untrusted sources. Always operate behind some kind of firewall. Don’t trust emails just because they come from addresses you know. I’d go so far as to say that we should only engage in online banking from a separate setup than we usually use for everyday browsing (i.e. chrome on Linux instead of our usual Firefox on Win7) though this is clearly not convenient for most.
And… don’t forget that iPhones aren’t safe either!
Following the last post about security problems, today we hear that at the hacker contest Pwn2Own Microsoft Internet Explorer 8 running on Windows 7 was compromised in less than 2 minutes. The setup runs DEP and ASLR which are anti malware defences designed to protect memory by restricting buffer overflow and randomly assigning memory addresses to make life hard for hackers.
Obviously all that hard work Microsoft put in to protect us ultimately provides very little real protection. Yet another example of how easy it is to run malicious code on our machines. The worry is that when we’re told we are running protected software that we believe this to be true and don’t take the basic precautions that are essential these days. Avoid going to dodgy websites where possible. Don’t download from untrusted sources. Always operate behind some kind of firewall. Don’t trust emails just because they come from addresses you know. I’d go so far as to say that we should only engage in online banking from a separate setup than we usually use for everyday browsing (i.e. chrome on Linux instead of our usual Firefox on Win7) though this is clearly not convenient for most.
And… don’t forget that iPhones aren’t safe either!
