The security flaw du jour involves Microsoft’s Internet Explorer browser.
On April 26, Microsoft issued a security alert relating to a vulnerability in Explorer versions 6 through 11, 11 being the current version.
Explorer was once the King of Browser Hill, with a 95% usage share around 2002 and 2003. Explorer versions 6 to 11 reportedly still account for about 55% of current desktop browsing.
Adding to Microsoft’s (presumed) embarrassment and pain, the US Department of Homeland Security has now advised computer users to “consider” using alternative browsers until Microsoft fixes the flaw.
(That noise you hear is the celebratory kegger in progress at the Googleplex, home of Chrome.)
The United States Computer Emergency Readiness Team (cool name, guys), a division of Homeland Security, announced on April 28 that the vulnerability could lead to “the complete compromise” of a system affected.
This means that hackers could view, change, or delete data on an affected program, install malware, or create their own accounts.
The UK’s new National Computer Emergency Response Team agreed with their Homeland Security counterparts and warned Britons to update their antivirus software.
The bug is the first to emerge since MS put Windows XP on sunset status and stopped providing security updates for it. Thus, PCs running the ancient, 13-year-old XP OS could be especially vulnerable to hackers – they won’t get the fix for the latest bug when MS releases it.
Security experts having been warning users to upgrade to Windows 7 or 8, but many people haven’t bothered to do so. About 15 to 25% of PC users still use the obsolete XP.
The bug may be the last straw that sends the camel off to the Apple store. Or, as creatures of habit, the camels may stick with the familiar MS.
A hacker ring has reportedly already been busy exploiting the bug (or “feature,” as they prefer to call it) in a campaign called “Operation Clandestine Fox.”
(And yes, this IS starting to sound like the plot of next summer blockbuster, as the Emergency Readiness Team battles the Clandestine Foxes – especially since the hackers are targeting firms in the defense and financial sectors.)
Homeland Security is suggesting that if users don’t want to switch to another browser they can try using a Microsoft security tool called the Enhanced Mitigation Experience Toolkit (EMET).
The only problem is, EMET is so “enhanced” that it’s incompatible with some software and causes systems to crash.
As demonstrated by the long-lasting devotion to XP, people are reluctant to change their habits – even when they risk losing their data and their money.
That’s why PACid’s BoSS encryption technology is designed to be invisible to the end user and doesn’t require users to remember long, random passwords or change their behavior.
Read about how we’re working to make BoSS an industry standard.