If you're a Windows user I hope you're using Firefox rather than
Internet Explorer. If you can't run Firefox or some other browser then
you should disable Adobe Flash in the browser since this exploit depends
on Flash to first break into Internet Explorer and then into your
system. No fix for IE has been implemented yet and may not for quite
some time.
Description of the (very nasty) bug
<http://www.washingtonpost.com/news/morning-mix/wp/2014/04/28/hackers-targeting-newly-discovered-flaw-in-microsoft-internet-explorer/?tid=hp_mm>
How to disable Flash
<http://www.forwestmedia.com/resources/how-to-guides/temporarily-disable-flash-player/>
I commented to a friend this morning that I'm glad I'm no longer
involved in system software development. That bad guys are just too
damned devious. This exploit uses Adobe Flash to break into Internet
Explorer and then into your operating system. It works this way to step
around some security safeguards that Microsoft implemented way back in
Vista... they found a spot that Microsoft missed.
For the nitty-gritty details
<http://www.fireeye.com/blog/?p=5312>
And the really nitty-gritty details
<http://www.fireeye.com/blog/technical/cyber-exploits/2013/10/aslr-bypass-apocalypse-in-lately-zero-day-exploits.html>
Chuck Norcutt
--
_________________________________________________________________
Options: http://lists.thomasclausen.net/mailman/listinfo/olympus
Archives: http://lists.thomasclausen.net/mailman/private/olympus/
Themed Olympus Photo Exhibition: http://www.tope.nl/
|