我們是電機系的成員，還是注意一下電腦瀏覽器IE容易被入侵的危險比較好 （這也算是電機專業能力的一種）。 這已經是快兩個月前的舊聞了，但是我前不久還是發現有電機系所的高年級學生 還不知道此事，還在用IE上網瀏覽，所以我把此文貼上來提醒大家，德法政府都已經 向大眾警告IE的安全漏洞與危險了，這篇報導完以後也有其他國家的政府在跟進警告了。 如果你還在用IE上網瀏覽，趕快換一種瀏覽器吧！ 我個人習慣使用比較安全的Google chrome或是Mozilla firefox來代替IE。 Google chrome的下載網頁： (縮址：http://tinyurl.com/mq796s) http://www.google.com/chrome/index.html?hl=zh_tw&brand=CHMB&utm_campaign=zh_tw &utm_source=zh_tw-ha-apac-tw-sk&utm_medium=ha Mozilla firefox的下載網頁： http://www.getfirefox.net/ France & Germany: replace your IE (Internet Explorer of Microsoft) with other browsers!! Germany's Federal Office for Information Security issued a warning against all versions of Internet Explorer and recommended that users switch to an alternative such as Firefox or Google's Chrome. http://news.bbc.co.uk/2/hi/technology/8465038.stm France joins Germany warning against Internet Explorer By Jonathan Fildes Technology reporter, BBC News France has echoed calls by the German government for web users to find an alternative to Microsoft's Internet Explorer (IE) to protect security. Certa, a government agency that oversees cyber threats, warned against using all versions of the web browser. Germany warned users on Friday after malicious code - implicated in attacks on Google - was published online. But Microsoft told BBC News that IE8 was the "most secure browser on the market" and people should upgrade. Cliff Evans, head of security and privacy, said that so far the firm had only seen malicious code that targeted the older version of its browser, IE6. "The risk is minimal," he said. For a web user to be affected, he said, they would have to be using IE6 and visit a compromised website. "There are very few of them out there," he told BBC News. However, if this did occur, a PC could become infected with a "trojan horse", allowing a hacker to take control of the computer and potentially steal sensitive information. 'Sophisticated attack' Although the vulnerability has so far been exploited only in IE6, security researchers warned that could soon change. "Microsoft themselves admit there is a vulnerability, even in IE8," said Graham Cluley of security firm Sophos. This terrible piece of PR for Microsoft comes just as the IE browser which had almost total control of the market starts to come under pressure... Rory Cellan-Jones, BBC technology correspondent ...... Following the news, Germany's Federal Office for Information Security issued a warning against all versions of Internet Explorer and recommended that users switch to an alternative such as Firefox or Google's Chrome. The French agency Certa issued a similar warning. "Pending a patch from the publisher, Certa recommends using an alternative browser," it said. The UK government had said that it would not issue a similar warning. However, it said the Centre for the Protection of National Infrastructure (CPNI)was "monitoring the situation" and would "publish further advice if the risks change". Patch path But Mr Evans said that calls to change browsers were "not very helpful". "If you look at other browsers, it's likely they will have other vulnerabilities," he said. The vulnerability was found to be used in an attack on Google He pointed to a report by security firm NSS Labs reportedly showing that IE8 provided better security against phishing and malware than other browsers. "We feel strongly that IE8 is most secure browser on the market," Mr Evans said. His advice was echoed by Mr Cluley. "Switching away will get away from this particular problem," he told BBC News. "But all browsers have security flaws." Mr Cluley said that switching away from IE could create other problems, particularly for companies. "Some web-based applications may not work at all if you're not using Internet Explorer." Microsoft is currently working on a patch for the problem, but a spokesperson said it could not commit to a timeframe. The firm traditionally releases a security update once a month - the next scheduled patch will be ready on 9 February. Expert finds vulnerabilities in Microsoft browser IE- remotely access all of the data on a PC!! Expert finds vulnerabilities in Microsoft browser http://news.yahoo.com/s/nm/20100122/tc_nm/us_microsoft_security By Jim Finkle – Fri Jan 22, 4:26 pm ET BOSTON (Reuters) – A security research firm said it discovered another set of vulnerabilities in Internet Explorer, a day after Microsoft Corp patched the Web browser following a high-profile cyber attack on Google in China. The software maker issued a patch on Thursday to fight malicious software that was used in the attack on Google Inc and dozens of other companies which operate in China. Research firm Core Security Technologies said on Friday that it discovered another set of vulnerabilities in Internet Explorer that hackers can link together and exploit, to remotely access all of the data on a personal computer. "There are three or four ways to conduct this type of attack," said Jorge Luis Alvarez Medina, a security consultant with Boston-based Core, who will demonstrate the vulnerability at the Black Hat security conference in Washington, which begins February 2. A spokeswoman for Microsoft said she could not immediately comment on the matter. Alvarez Medina said hackers can exploit a string of four or five minor vulnerabilities in Internet Explorer, which is used on hundreds of millions of PCs around the world. Although none of the vulnerabilities are serious enough to compromise a machine, a hacker could take control of a PC by exploiting all of them at once, he said. The combination would overwhelm the browser, giving a hacker access to all data on the PC after a user clicks on a malicious link, he said. Alvarez Medina added that he was uncertain whether any hackers had already exploited the weaknesses, which Microsoft has yet to patch. He said that Core was working with Microsoft to find a way to mitigate the risk, but added that he believed other vulnerabilities would crop up even after a solution to these. "It is likely that people will come up with new ones over time," he said. (Reporting by Jim Finkle, editing by Leslie Gevirtz) -- ___ 6@_@9 4| |7 2 5 讓我先想一想...... -- ※ 發信站: 批踢踢實業坊(ptt.cc) ◆ From: 118.168.161.34 ※ 編輯: Geigemachen 來自: 118.168.161.34 (03/04 00:57)