Threat Level Thursday: You Can Use Internet Explorer Now and Change Your Passwords
Threat Level Thursday brings you two simple messages today: You can finally use Internet Explorer and change your passwords!
For those who haven't heard, Microsoft's Internet Explorer was recently discovered to contain a zero-day exploit capable of allowing malicious Interneters (read: hackers) to steal valuable personal information. The exploit affected Internet Explorer versions 6-11. Security firm FireEye discovered the Internet Explorer vulnerability last Saturday and noted the attacks it recorded in 2013 were mostly targeted at Internet Explorer versions 9-11.
"The exploit leverages a previously unknown use-after-free vulnerability, and uses a well-known Flash exploitation technique to achieve arbitrary memory access and bypass Windows' ASLR and DEP protections," FireEye said.
Shoptalk aside, the point was plain: Do not use Internet Explorer if you can help it. Even the U.S. Department of Homeland Security warned the American public not to use Internet Explorer until Microsoft issued a fix to the problem.
"We are currently unaware of a practical solution to this problem," CERT said in post Monday morning.
"US-CERT recommends that users and administrators enable Microsoft EMET where possible and consider employing an alternative Web browser until an official update is available," CERT said in a Sunday statement.
The problem seemed especially dire for Windows XP users because Microsoft recently stopped support for the operating system.
Thankfully, Microsoft issued a fix Thursday at 10 a.m. PT. Those using Internet Explorer with automatic updates turned on should receive it with no hassle, and those that update manually are strongly encouraged to manually download it. But wait, there's more good news too.
"We have made the decision to issue a security update for Windows XP users. Windows XP is no longer supported by Microsoft, and we continue to encourage customers to migrate to a modern operating system, such as Windows 7 or 8.1. Additionally, customers are encouraged to upgrade to the latest version of Internet Explorer, IE 11," Microsoft said in a statement Thursday.
Change Your Passwords if Your Heart Bleeds
A couple weeks ago, an Internet vulnerability was discovered that was believed to be so widespread it became dubbed the worst bug ever: Heartbleed. The insidious vulnerability made the Internet seem a foreign and scary place -- intial estimates put around two-thirds of the world's servers at risk. Major websites and social media networks, such as Google services, Yahoo services and Facebook, were all found to be vulnerable. Interestingly enough, Heartbleed went undetected for over two years, and although most web service providers have patched the loophole, the only solution for users in the beginning was to change passwords -- which went largely ignored. Although 64 percent of Internet users in a Pew Research Center survey heard of Heartbleed, only 39 percent acted and changed passwords or accounts.
Point? Cybersecurity is no longer a thing of the future. The time to act is sooner rather than later.