My recent visit to a friend’s Cyber Cafe near Bunut area exposed a very ‘unpleasant’ practice that is still going on in many Brunei’s Internet CC and it is the over use of the ‘out of style’, ‘No Taste’ insecure IE6. IE6 can be considered a ‘Crime of Fashion’ to web designers, because of its failure to keep up with the latest trends in CSS and graphics design. Trying to introduce Brunei fm News site to them ended up in a not so flattering incident, when some of the news boxes fell to the ground (bottom of the IE6 screen). It should never happened if they are using Firefox, Opera, Google Chrome or at least the more recent version of IE (IE 7 or 8). Obviously, using IE6 is one of the fastest way to get infected or hacked on the internet. So we thought we are safe if we use Firefox…
Well you are wrong. Firefox also has its dark moments in the past when its vulnerability being used by hackers to gain access to web users. But luckily, ‘Open Source’ culture( exposed sourced code of Firefox to millions of online community users), allowed it to be audited and discussed in the most ‘humanly’ efficient as possible, has helped to secure us, from prolong exposure to danger on the web.
But thats has not always been the case with Microsoft ‘closed source’ work. In many ‘unpleasant’ incidents, I remembered one in particular, where they failed to find a fix to the vulnerability in one of their infamous IE, they ended up providing a fix in terms of an executable that will disable that particular function (leading to the vulnerability). ‘Wait!’ so you thought, Microsoft could actually disabled the function themselves when they were the one introducing it in the first place, but ‘No!!!!!’, because at that specific time, you need to execute that fix, to disable that function in IE to protect you from being attacked on the Internet. ‘Conclusion’ is that Microsoft can’t always fix the security vulnerability the same way they introduce it to you.
So Oooops! Microsoft did it again! And this time not only to infamous IE users but also to Firefox users. Ryan Naraine wrote on his blog ‘The flaw was addressed in the MS09-054 bulletin that covered “critical” holes in Microsoft’s Internet Explorer but, as Redmond’s Security Research & Defense team explains, the drive-by download risk extends beyond Microsoft’s browser.‘
This is what actually happened, Microsoft introduced their new addons ‘Microsoft .NET Framework Assistant’ to our Firefox browser, without our knowledge and consent, and ‘Ooops, it has a vulnerability that allows hackers to get into our system (following certain conditions are met, the attack will be possible). But instead of disabling it themselves (just the way they sneaked into our Firefox addon) they ended up ‘recommending’ Firefox users to disable it.
‘For Firefox users with .NET Framework 3.5 installed, you may use “Tools”-> “Add-ons” -> “Plugins”, select “Windows Presentation Foundation”, and click “Disable”.’
Microsoft did it again! (Instead of disabling it themselves)
Brunei fm Online Team
Latest by editor:
- Asean could bid to jointly host FIFA World Cup
- Why Bruneians might be the next 'Online' target by attackers.
- Understanding the attack on Borneo Bulletin website
- Royal Brunei Airlines offering passengers more flexibility and more flights
- Protecting Brunei web visitors from Virus, Spyware and Malware for *FREE
