Internet Explorer 0-day Attacks On US Nuke Workers Hit 9 Other Sites 157
A reader writes with an excerpt from Ars Technica: "Attacks exploiting a previously unknown and currently unpatched vulnerability in Microsoft's Internet Explorer browser have spread to at least nine other websites, including those run by a big European company operating in the aerospace, defense, and security industries as well as non-profit groups and institutes, security researchers said. The revelation, from a blog post published Sunday by security firm AlienVault, means an attack campaign that surreptitiously installed malware on the computers of federal government workers involved in nuclear weapons research was broader and more ambitious than previously thought. Earlier reports identified only a website belonging to the US Department of Labor as redirecting to servers that exploited the zero-day remote-code vulnerability in IE version 8.
... 'The specific Department of Labor website that was compromised provides information on a compensation program for energy workers who were exposed to uranium,' CrowdStrike said. 'Likely targets of interest for this site include energy-related US government entities, energy companies, and possibly companies in the extractive sector. Based on the other compromised sites other targeted entities are likely to include those interested in labor, international health and political issues, as well as entities in the defense sector.'"
Re:Hold Microsoft Responsible (Score:5, Informative)
Then your legacy system is severed from any public lan. your security goes up by 600% if you remove it from having the ability to do ANYTHING but what it is needed for. No you cant email. No you cant surf. No network access. you can only use a SANATIZED USB drive to copy the files needed off of the unit.
Not hard to keep them hacker proof if the IT and ITS departments know what they are doing.
Re:Where's The Java-Like Outrage? (Score:4, Informative)
Because the Java exploits applied to the latest, fully patched version – not an old version which has been superseded for more than 2 years.