Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
Processing registration... Please wait.
This process can take up to a minute to complete.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Hackers were exploiting a Windows and Internet Explorer flaw disclosed in January to attack Google users, the search giant said on Friday.
“We’ve noticed some highly targeted and apparently politically motivated attacks against our users. We believe activists may have been a specific target,” Google’s security team confirmed in a blog post.
The attacks had also aimed at users of “another popular social site”, it said, but did not disclose which site.
Microsoft said it was investigating reports of "limited, targeted attacks" in an updated advisory.
The Windows “MHTML” flaw affected Internet Explorer browsers, allowing an attacker to spoof web content and steal user information.
It stemmed from the way Windows handled MIME-formatted content and affected both servers and desktops.
Google’s security team said this style of attack was a new area of threat for web users.
“It represents a new quality in the exploitation of web-level vulnerabilities. To date, similar attacks focused on directly compromising users' systems, as opposed to leveraging vulnerabilities to interact with web services,” they said.
In January, Microsoft issued a temporary fix (found here) to prevent attackers exploiting the client-side weakness, but was yet to release an actual patch.
A server-side resolution was yet to be developed.
“We’re working with Microsoft to develop a comprehensive solution for this issue,” said Google’s security team.
Google’s server side protections to date had made the vulnerability “harder to exploit”, but they were “not tenable long-term solutions”.
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.