Tuesday, January 19, 2010

How Google was Cracked by the Chinese

Microsoft contends on its security blog that a heretofore unknown vulnerability is responsible for the EPIC breaches at Google. Logic would let one surmise that this is likely the same attack vector used to breach DoD contractors' systems too, to get to the supposedly unclassified specificatons of the F-22 Raptor as well as some submarine technology.

Affected are IE 6, 7, and 8, most revisions, according to their security advisory. Apparently a dangling pointer is to blame - these are hard to find unless they cause stability issues.

Food for thought: anyone with the resources to rip apart binary code to craft one of these exploits has significant funding, and significant backing. The only other option is a source code leak at Microsoft.

Everyone else who "trusted their vendor" really needs to rethink it. And anyone who still thinks closed source is more secure, well, there is some cheap swampland someone will sell you...

Labels: , , , ,