The German government's Bundesamt für Sicherheit in der Informationstechnik (BSI) (or in English, the Federal Office for Information Security) is reported to have told German citizens to avoid all versions of Microsoft Internet Explorer (IE) until security flaws that are suspected to allowing Google and other companies in China to be successfully hacked are fixed.

McAfeesaid last Thursday that a security flaw in  the way Internet Explorer handles Java script was to blame for the attack.  Early reports had blamedanotherAdobePDF problem, but that claim was later retracted.

Microsoft, as expected, cried foul and said such a warning was over the top. The London Telegraphquotes a Microsoft spokesperson as saying that, "These were not attacks against general users or consumers...There is no threat to the general user, consequently we do not support this warning."

Microsoft says the attacks can be thwarted by setting IE's security setting to high, and that a fix is being created.

While setting IE's security setting to high limits functionality and access to some websites, this is probably the only way to go if one wants to continue to use the browser. Active scripting needs to be turned off as well.

However, as the BSI points out, while this can make an attack more difficult, it won't fully prevent them.

McAfee gives some guidance on what to do here.

With the IE attack code out in public now, it means that this mode of attack will likely be very common, and hang around like Conficker, which is still active and causing trouble.

BTW, when I tried to get to the BSI site, it was very, very slow. I wonder if the site is under a DOS attack since making its recommendation to avoid IE.


The BBC is reporting today (Monday, 18 January) that the French government's security agency CERTA has issued the same warning as BSI to French citizens about using Microsoft IE.

Microsoft responded by telling the BBC that it was IE6 that was the real problem and that users need to upgrade to IE8.

The British government also told the BBC that it was not going to issue a similar warning - yet - while the Australian government's AusCERT thinks the Germans and French have gone overboard, says a story in Tuesday's morning Sydney Morning Herald. AusCERT gives a detailed analysis of the IE problem here.

Looks like a security mavens' cat fight is emerging, which, of course, will only likely confuse IE users about its security to no end.

The Conversation (0)

Why Functional Programming Should Be the Future of Software Development

It’s hard to learn, but your code will produce fewer nasty surprises

11 min read
A plate of spaghetti made from code
Shira Inbar

You’d expectthe longest and most costly phase in the lifecycle of a software product to be the initial development of the system, when all those great features are first imagined and then created. In fact, the hardest part comes later, during the maintenance phase. That’s when programmers pay the price for the shortcuts they took during development.

So why did they take shortcuts? Maybe they didn’t realize that they were cutting any corners. Only when their code was deployed and exercised by a lot of users did its hidden flaws come to light. And maybe the developers were rushed. Time-to-market pressures would almost guarantee that their software will contain more bugs than it would otherwise.

Keep Reading ↓Show less