Attackers Target MHTML Security Flaw in Windows by Using Internet Explorer - Attackers are exploiting MHTML bug, first revealed in January. |
|
Business Related Topics...
Computer Related Topics...
Entertainment, Recreation & Sports Related Topics...
Health & Fitness Related Topics...
Home & Family Related Topics...
Shopping Related Topics...
Would you like to submit articles to our site? Have a question or a problem?
You are here: DIME Home > Computer Security > Attackers Target MHTML Security Flaw in Windows by Using Internet Explorer
Attackers are exploiting MHTML bug, first revealed in January.
Author: eccuni
Date: Mar 14, 2011 - 8:09:10 AM
A bug associated with MIME Encapsulation of Aggregate HTML (MHTML) protocol handler in Windows, first identified in January is being exploited by attackers. Internet Explorer (IE) serves as an attack vector and users browsing through any version of the browser are more susceptible to the exploitation of this vulnerability. The vulnerability affects Windows XP and later versions. The vulnerability is related to the process by which Internet Explorer deals with MIME formatted web-pages on Windows.
Google has issued an alert that attacks are being launched against Google users using Internet explorer. The company claims that attacks seem to be highly targeted and politically motivated against certain activists. The company has not divulged any information on the identity of the targeted activists. Google has also claimed that account holders of a popular social site (identity not disclosed) have also been targeted by attackers. The company has applied server-side defenses to prevent MHTML attacks. However, the defenses are not foolproof and users may temporarily shift to firefox, chrome or other browsers to guard against exploitation of MHTML vulnerability.
The bug allows offenders to create a fake webpage, entice people to visit the site. When unwary users visit the specially crafted webpage, IE is made to execute malicious java script. The script may spoof content or perform functions that on behalf of a user on a compromised website. Microsoft had earlier released a work around for the bug in the form of "Fix it" wizard. The solution enables users to lockdown MHTML by enabling the button and reversing the lockdown of MHTML by disabling the Fix it button on the wizard. Microsoft is yet to offer a security update for the flaw and may offer a fix during the upcoming monthly security updates.
Online IT courses and video tutorials may be used to create awareness among public on safe computing practices. Internet users must avoid clicking on suspicious links on e-mails, instant messengers (IM) and resist visiting suspicious websites. Users can also disable active scripting.
Attackers
constantly find and exploit vulnerabilities in software products. Online
IT degree and e-learning programs may facilitate security
professionals in keeping them abreast of latest developments in IT security.
Organizations must adhere to the security updates, patches and advisories. Hiring professionals qualified in IT degree programs may aid organizations in timely identification and application of appropriate patches.
Contact Press
EC-Council
Website:
http://www.eccouncil.org
Email: iclass@eccouncil.org
Tel: 505-341-3228
EC-Council University is based in Albuquerque, New Mexico
and offers Master of Security Science (MSS) degree to students from various backgrounds
such as graduates, IT Professionals, and military students amongst several
others. The MSS is offered as a 100% online degree program and allows
EC-Council University to reach students from not only the United States, but
from all around the world.
EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.
EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates the global series of Hacker Halted security conferences.
Cybercriminals Target Rabobank with DDoS AttacksMay 3, 2011 - 6:17:36 AM Recently, Rabobank suffered distributed denial-of-service (DDoS) attack resulting in disruption of Internet banking and mobile banking services. Customers of the bank were not able to login to their online accounts. Rabobank with Headquarters in Utrecht, Netherlands operates in 48 countries across world and specializes in food and agricultural finance. Information security professionals are investigating the attack and are yet to determine the source of attack. The attack follows a similar attack on a Dutch government website, rijksoverheid.nl. The latest attack reportedly hampered operations of the Dutch payment system iDeal, making it difficult for associated banks to process payments.... [Read the full story] |
Don't Take Destruction of Data for GrantedApr 2, 2011 - 11:02:01 AM The prompt and secure destruction of data and confidential company documents should not be taken for granted. As the amount of data increases in the world, as does the need to securely destroy it to prevent unscrupulous individuals or of groups well organised criminals accessing it for their own illegal needs. However, the skills and techniques that these people use are also ever-developing, and the rightful owners of this data need to try to stay one step ahead with advice from companies that specialise in protecting and destroying your personal data. It can be compared to the virus / anti-virus war, and burglars versus locks, and if you want to look at it in its most basic or original form; predator versus prey in a... [Read the full story] |
Mozilla Makes Firefox Version 4.0 PublicMar 24, 2011 - 8:09:36 AM |
Security Researchers Alert Facebook Users on New ScamMar 23, 2011 - 8:19:01 AM |
Search for articles: |
Latest Articles in All Categories |
Putting Up a Small Commercial Printing Business |
So You Might Be Unemployed And Desire To Become A San Francisco Real Estate Investor Now |
Meditation and Mindfulness: Dealing With Emotion |
CPA Websites: Five Essential Ideas for Composing Convincing Articles |
Set Goals In Order to Come Up With Your Action Plan |
Is the Air in Your Home Safe to Breathe? |
Coarse Fishing Tackle Review: The JW Young 13ft Trotter Rod |
Section 1031 Exchanges For San Diego Real Estate Investors |
Phoenix Real Estate Investing For Highest Possible Earnings |
Legendary are the Volk Racing TE37 Wheels |
Developing the Next Generation Wall Station (ChaseDesk™) for Healthcare - A Case Study |
What are step down transformers? |
Introducing Sharehype, the Revolutionary Tool for Online Marketers |
Rewards To Shopping For Austin Real Estate On The Web |
Hydroponics for Beginners |
Would you like submit your articles and have them approved on a priority status? Find out more about how you can become a Priority author for pennies a day! Click here.
Dime-co.com Home |
|
|
|
|
|
|
|
|
|
|
|
|
|
Disclaimer: Dime-Co.Com is an online information article and video article network. All articles, video articles, comments, and other features herein are for informational purposes only and are provided "as is" without warranties, representations or guarantees of any kind. The views and opinions expressed in an article, comments, links or blogs are the author's own, and not necessarily those of dime-co.com's owners. For full disclaimer, please read our TOS.