anyweb Posted January 18, 2010 Report post Posted January 18, 2010 The German government has warned web users to find an alternative browser to Internet Explorer to protect security. The warning from the Federal Office for Information Security comes after Microsoft admitted IE was the weak link in recent attacks on Google's systems. Microsoft rejected the warning, saying that the risk to users was low and that the browsers' increased security setting would prevent any serious risk. However, German authorities say that even this would not make IE fully safe. Thomas Baumgaertner, a spokesman for Microsoft in Germany, said that while they were aware of the warning, they did not agree with it, saying that the attacks on Google were by "highly motivated people with a very specific agenda". "These were not attacks against general users or consumers," said Mr Baumgaertner. "There is no threat to the general user, consequently we do not support this warning," he added. Microsoft says the security hole can be shut by setting the browser's security zone to "high", although this limits functionality and blocks many websites. However, Graham Cluley of anti-virus firm Sophos, told BBC News that not only did the warning apply to 6, 7 and 8 of the browser, but the instructions on how to exploit the flaw had been posted on the internet. "This is a vulnerability that was announced in the last couple of days. Microsoft have no patch yet and the implication is that this is the same one that exploited on the attacks on Google earlier this week," he said. Computer expert Alan Stevens: "It's like having a window left open in your house" "The way to exploit this flaw has now appeared on the internet, so it is quite possible that everyone is now going to have a go." Microsoft traditionally release a security update once a month - the next scheduled patch is the 9th of February. However, a spokesman for Microsoft told BBC News that developers for the firm were trying to fix the problem. "We are working on an update on this issue and this may well involve an out of cycle security update," he said. full story > http://news.bbc.co.uk/2/hi/technology/8463516.stm Share this post Link to post Share on other sites More sharing options...
