Critical Internet Explorer exploit code released in the wild

Attack code that exploits a critical vulnerability in all supported versions of Microsoft's Internet Explorer browser has been publicly released.

Monday's release of a module for the Metasploit exploit framework used by security professionals and hackers could broaden the base of attackers who are capable of targeting the flaw. Until now, the bug has been known to be exploited in only a handful of highly targeted attacks aimed mostly at workers in Japanese government agencies and manufacturers. While the attack code has been available to anyone who knows where to find it, its inclusion in the open-source Metasploit could make it easier for some people to use.

Microsoft issued a temporary fix for the browser two weeks ago. The company, which is scheduled to release its next batch of security updates on October 8, hasn't said when it will issue a permanent patch.

Read 2 remaining paragraphs | Comments


Does My Smartphone Count as Extended Family?

The P in PC stands for personal. We don’t think of that much anymore. It was a big deal in 1981 when IBM introduced the PC and it sat on your desk or underneath it. You didn’t share it with anyone. It was personally yours.


Frankly, I’m not sure we ever had a “personal” relationship with our PCs, but we really have a personal relationship with our cell phones. In fact, according to the 2013 Norton Report, 48 percent of people sleep within arm’s reach of their phones. Twenty-five percent check their phone during a dinner with friends. And 49 percent of people get upset if they leave their mobile phones at home when they go out.

It’s hard to see anyone making sure they slept within arm’s reach of their PC, but mobile phone users treat their devices like a loved one. Maybe that’s why people—smart people who are well aware of the security risks of personal computers—have not transferred those lessons to their phones. The Norton Report shows that users know they are at risk of cybercrime on personal computers—they even follow best practices to protect themselves on their personal computers. Yet, on the device they keep in their purse, pocket, or bed—a device with more computing power than it takes to land a spaceship on the moon and with all the features of a PC and then some—people are not even taking basic security precautions. Nearly half don’t use basic protection such as passwords, security software, or backup their files.

The exploitation of mobile devices is not an opportunity the bad guys are going to miss. For decades, they’ve attacked PCs to make money. They quickly realized with the large number of people using PCs, all they had to do was figure out ways to attack, and money could be made. This same set of circumstances exists for mobile devices. And with the lessons learned from years of attacking PC users, the bad guys are putting their experience to use and moving to mobile. The Norton Report says that 38 percent of smartphone users have already experienced some type of cybercrime on their mobile device.

While we haven’t yet seen the bad guys hit mobile devices as hard as they have hit PCs, we can all see that day is coming. And we all need to quickly figure out that a device personal enough to always keep within arm’s length is also personal enough to demand protection.

This is just one of the fascinating revelations in this year’s Norton Report. To see more, click here.