Around the Net
Microsoft To Blame For China-Base Google Cyberattack
- Bits Blog et al. , Friday, January 15, 2010 2:43 PM
After examining the malicious software code used in the attacks, software maker McAfee is calling a "vulnerability" in Microsoft's Internet Explorer browser an important pathway for the attacks.
According to The New York Times' Bits blog, Microsoft has conceded as much. "Microsoft said it was investigating McAfee's report, but it has so far determined that versions 6, 7, and 8 of Internet Explorer contain the security vulnerability."
Perhaps making matters worse, DailyTech writes: "Microsoft apparently has known about the flaw and existence of attacks in the wild for some time, but did not publish a security advisor until after McAfee aired the flaw ... This meant that while high profile business users likely knew about the flaw, most private users were left unaware of the danger."
Apologizing for the security snafu, Microsoft CEO Steve Ballmer said: "We need to take all cyber attacks, not just this one, seriously ... We have a whole team of people that responds
in very real time to any report that it may have something to do with our software, which we don't know yet."
Yet, no matter who was directly or indirectly responsible for the attacks,
some experts and analysts argue that this latest incident is hardly front page news.
According to Forbes: "Targeted attacks using unpublished vulnerabilities in browsers are nothing
new, especially for companies like Google with valuable intellectual property to protect ... In fact, what may be most striking about the so-called 'Aurora' exploit is just how old the attackers'
target was."
Likewise, security experts tell BBC News: "The cyber-attack that made Google consider pulling out of China was run of the mill."
Either way -- and whether Google decides to leave China or not -- Ballmer just told CNBC that Microsoft will continue to do business in China indefinitely.
