|FROM ||Ruben Safir
|SUBJECT ||Subject: [NYLXS - HANGOUT] MS can't secure OS even after new security update on IE...
|From owner-hangout-outgoing-at-mrbrklyn.com Sat Jan 23 18:48:14 2010
Received: by www2.mrbrklyn.com (Postfix)
id 7624B56DF0; Sat, 23 Jan 2010 18:48:14 -0500 (EST)
Received: by www2.mrbrklyn.com (Postfix, from userid 28)
id 6345156DF9; Sat, 23 Jan 2010 18:48:14 -0500 (EST)
Received: from mail2.panix.com (mail2.panix.com [184.108.40.206])
by www2.mrbrklyn.com (Postfix) with ESMTP id 032DE56DF0
for ; Sat, 23 Jan 2010 18:48:13 -0500 (EST)
Received: from panix1.panix.com (panix1.panix.com [220.127.116.11])
by mail2.panix.com (Postfix) with ESMTP id 301D938E41
for ; Sat, 23 Jan 2010 18:50:07 -0500 (EST)
Received: by panix1.panix.com (Postfix, from userid 20529)
id 2185F14B98; Sat, 23 Jan 2010 18:50:07 -0500 (EST)
Date: Sat, 23 Jan 2010 18:50:07 -0500
From: Ruben Safir
Subject: [NYLXS - HANGOUT] MS can't secure OS even after new security update on IE...
Content-Type: text/plain; charset=us-ascii
User-Agent: Mutt/1.5.18 (2008-05-17)
Expert finds vulnerabilities in Microsoft browser
Fri, Jan 22 2010
By Jim Finkle
BOSTON (Reuters) - A security research firm said it discovered another
set of vulnerabilities in Internet Explorer, a day after Microsoft Corp
patched the Web browser following a high-profile cyber attack on Google
The software maker issued a patch on Thursday to fight malicious
software that was used in the attack on Google Inc and dozens of other
companies which operate in China.
Research firm Core Security Technologies said on Friday that it
discovered another set of vulnerabilities in Internet Explorer that
hackers can link together and exploit, to remotely access all of the
data on a personal computer.
"There are three or four ways to conduct this type of attack," said
Jorge Luis Alvarez Medina, a security consultant with Boston-based Core,
who will demonstrate the vulnerability at the Black Hat security
conference in Washington, which begins February 2.
A spokeswoman for Microsoft said she could not immediately comment on
Alvarez Medina said hackers can exploit a string of four or five minor
vulnerabilities in Internet Explorer, which is used on hundreds of
millions of PCs around the world.
Although none of the vulnerabilities are serious enough to compromise a
machine, a hacker could take control of a PC by exploiting all of them
at once, he said.
The combination would overwhelm the browser, giving a hacker access to
all data on the PC after a user clicks on a malicious link, he said.
Alvarez Medina added that he was uncertain whether any hackers had
already exploited the weaknesses, which Microsoft has yet to patch.
He said that Core was working with Microsoft to find a way to mitigate
the risk, but added that he believed other vulnerabilities would crop up
even after a solution to these.
"It is likely that people will come up with new ones over time," he
(Reporting by Jim Finkle, editing by Leslie Gevirtz)