[DUG] Offtopic - but....
Jeremy North
jeremy.north at gmail.com
Fri Jan 22 12:52:39 NZDT 2010
Just got a email from for MS TechNet partners. Just thought I'd pass it on...
...
[bold]The facts to date:
. There have been a very limited number of targeted attacks against a
small number of corporations.
. Attacks seen to date are only effective against Internet Explorer 6.
. Attacks are NOT widespread.
. Thus far we are NOT seeing attacks focused on consumers.
[/bold]
That said, we remain vigilant, and want to be sure our customers and
partners take appropriate action to protect themselves.
[bold]We strongly recommend those using Internet Explorer 6 or
Internet Explorer 7 upgrade to Internet Explorer 8 as soon as possible
to benefit from the improved security protections it offers.[/bold]
IE8 can be downloaded here.
[bold]We also recommend those using Windows XP SP2 upgrade to Windows
XP SP3.[/bold]
It is important to note that all software has vulnerabilities and
switching browsers in an attempt to protect against this one, highly
publicised, but currently limited attack can inadvertently create a
false sense of security. Moreover, IE8 has built-in security features,
such as the SmartScreen filter, that other browsers do not have.
[bold]These features protect against real threats to consumers[/bold],
such as socially engineered malware and phishing attacks.
On Fri, Jan 22, 2010 at 9:00 AM, John Bird <johnkbird at paradise.net.nz> wrote:
> Some more background about IE security holes.
>
> -Symantec report several hundred sites now have variants of the IE attack
> installed. Some are well known dynamic DNS sites. This add urgency to
> installing updates.
>
> -The link below reports Microsoft knew of this exploit 3 months ago - (but
> had not fixed it). The link at MS however is either invalid or has been
> taken down so this admission is no longer on MS site.
>
> http://www.computerworld.com/s/article/9147058/Microsoft_patches_IE_admits_it_knew_of_bug_last_August
>
> http://blogs.technet.com/msrc/archive/2010/01/21/bulletin-ms10-002-released.aspx
>
> This is why I like Firefox's record of known breaches being fixed usually
> within a day or two.
>
> -There is debate about vulnerability of IE7 and IE8, in theory they are
> vulnerable, as MS advisory says, but known breaches so far involved IE6.
>
> http://www.theregister.co.uk/2010/01/21/ie_emergency_patch_released/
>
> John
>
>
> _______________________________________________
> NZ Borland Developers Group - Delphi mailing list
> Post: delphi at delphi.org.nz
> Admin: http://delphi.org.nz/mailman/listinfo/delphi
> Unsubscribe: send an email to delphi-request at delphi.org.nz with Subject: unsubscribe
>
More information about the Delphi
mailing list