Internet security experts are warning computer users to avoid using Microsoft’s Internet Explorer browser until a patch can be created for a vulnerability discovered last week. "There really isn't any great defense against [the exploit employed to take advantage of the flaw]," Johannes Ullrich, chief technology officer for the SANS Internet Storm Center, told Tech News World. According to Tech News World, Luxembourg security researcher Eric Romang discovered the vulnerability on 14 September while he was scrutinizing some servers a group of Chinese hackers called the Nitro Gang used to exploit a Zero Day Java flaw last month. On 17 September, Microsoft issued an advisory noting that: "An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website." At that point, the trap is sprung; the infected computer lets the hacker execute malicious code at will. Although Microsoft offered suggestions for reducing the risks associated with the vulnerability and directed users to a temporary “one-click fix-it tool” until it can create a more permanent patch, SANS’s Ullrich told Tech News World that, "Right now, the best thing to do is not use Internet Explorer."
Financial Cybercrime a National Security Threat On 19 September, Lanny Breuer, assistant attorney general for the U.S. Department of Justice’s gave a talk at Fordham Law School at which he said that banks that don’t tell law enforcement agencies about having been victimized by cybercrime are compromising their own security as well as that of the nation as a whole. The warning came shortly after a financial industry group warned banks to be on heightened alert for cyber attacks in the wake of unexplained outages at Bank of America’s and JPMorgan Chase’s public websites. “After a possible, brief delay due to a law enforcement investigation, the institution whose data has suffered a breach should need to inform the public that it happened,” said Breuer.
U.S. Gov’t Report: Mobile Devices Under Attack According to a NetworkWorld article, the U.S. Government Accountability Office has just released a report that provides a bunch of frightening information about cyber criminals’ sharpening focus on mobile devices. Among the bits of bad news in the report is the fact that the number of different malicious software programs aimed at cellphones and tablets has risen from about 14 000 a year ago to roughly 40 000 at last count. And as new mobile platforms and apps proliferate, the number of reported vulnerabilities that provide avenues of attack for cybercriminals has skyrocketed. Common vulnerabilities, says the GAO report, “include a failure to enable password protection and operating systems that are not kept up to date with the latest security patches." Accordingly, says NetworkWorld, more than a half million people had malware on their Android devices in the first half of 2011.
White House Preps Cybersecurity Executive Order Earlier this summer, the U.S. Congress failed to pass the Cybersecurity Act of 2012, a bill that would make the nation’s critical infrastructure less susceptible to cyberattackers. But Tech News World reports that it has seen a draft of a stopgap executive order being hammered out by the Obama administration. Because more than 90 percent of infrastructure such as power plants and railroads is privately owned, the order will, among other things, reportedly ask those companies to voluntarily meet a set of government-developed security standards.
iPhones: No Lines, No Waiting Though not strictly a cybercrime, thieves in London and Osaka, Japan, broke into retail outlets preparing to sell the highly-anticipated iPhone 5 smartphone and walked away with the stores’ entire caches of the new Apple handset on the day they were supposed to go on sale. Thieves took 250 handsets from an O2 store near Wimbledon, and a total of 200 from three stores in the Osaka area. In more than one case, investigators suspect the thefts to be an inside job. In the case of the 116 iPhones that disappeared from a locked storeroom at a Softbank store in Osaka, the burglars were in and out in less than 4 minutes.
Image: University of Arizona
Willie Jones is an associate editor at IEEE Spectrum. In addition to editing and planning daily coverage, he manages several of Spectrum's newsletters and contributes regularly to the monthly Big Picture section that appears in the print edition.