Security Blog

The latest news and insights from Google on security and safety on the Internet

MHTML vulnerability under active exploitation

11 mars 2011
Share on Twitter Share on Facebook
Google

27 commentaires :

Unknown a dit…

Wouldn't a better recommendation be to simply *stop using internet explorer*? It's really sad that Microsoft can't patch issues like this in a far more timely fashion.

12 mars 2011 à 13:10
Tom 218 a dit…

Is there a pattern to the activists being attacked - what are the issues they're active on, any common thread?

12 mars 2011 à 13:32
Frej a dit…

That is serious... Now it's not only website developers affected. I hope the day when IE legacy stops casting a bad light over MS is soon to come.

12 mars 2011 à 14:21
Anonyme a dit…

my daughters gmail account was hacked and she was using Internet explorer

12 mars 2011 à 14:49
Unknown a dit…

Use Google Chrome for the fastest or Firefox for the user friendly experience and don't use IE, we don't.
Fred

12 mars 2011 à 22:30
plexor a dit…

As I become more paranoid about my safety everywhere, it seems as though the biggest threat is from the Net - or more precisely - the ongoing threat caused by people who use Microsoft products from Browsers to Servers.
The only apparent solution would be to punish people for using these products the way irresponsible people are finally being punished for texting while driving.

13 mars 2011 à 22:06
Reverend Magdalen a dit…

I second the request for more information about what specific type of activist is being targeted. This information could be vital to protecting people in future. Please share at least the general topic of the activism.

14 mars 2011 à 03:23
Greg Zeng a dit…

Crippleware (SAFARI, CHROME, CHROMIUM, MOILLA, etc cannot save web pages in one compressed file: mht.

IE & its shells (Cray, Green, Maxthon, etc) probaly are affected by the IE bug as well.

Only truly effective browser is freeware, mistakenly labelled as shareware. It is available on Symbian, Linux, Android, Windows, etc. OPERA.

14 mars 2011 à 08:44
P J a dit…

@Greg Zeng

That's funny :) Because this is operating system's hole then opera is also affected ;)

14 mars 2011 à 12:08
Anonyme a dit…

@P J I'm pretty sure only internet explorer (all versions, including the ie shells mentioned above) is affected, source: http://www.h-online.com/security/news/item/Microsoft-warns-of-cross-site-scripting-in-Windows-1180179.html

14 mars 2011 à 13:00
Unknown a dit…

Is it *all* political activists? Is it a campaign against one particular flavor?

20 mars 2011 à 10:41
vu3mes a dit…

hi

i had two accounts with google mail which i had been using for years now. yesterday i could not access both the accounts and when it was open i had a warning that the accounts were acessessed by an ip no. based in china and duely instructed me to change my passwords. in the inbox i could see the mass mail circualted using my id which was returned non delivered by some addressees.

21 mars 2011 à 07:02
Scott Grayban a dit…

Why is anyone using Internet Expolder ? Why is google telling people to use a insecure browser in the first place ??? Seriouisly google if you are going to help at least get it right.

21 mars 2011 à 09:02
Unknown a dit…

internet explorer is targeted because its the most popular browser. if everyone changed to firefox for example, do you think that attacks would suddenly stop? if you do your totally nieve and unrealistic. Internet explorer is popular, and whether you agree with that or not its not good enough to blame microsoft for the actions of those who will attack them. If firefox had the same market share - then firefox would be under attack. Microsoft bashing is all well and good, but at least have a coherant argument!

21 mars 2011 à 09:07
Unknown a dit…

@Plexor
Are you for real? Punish people for using IE?
People had to use IE in the past, which, quite rightly was fought and won against. Now to punish people for using IE is worse! Say someone uses IE and doen't have a GMail account? Say someone finds a way to hack into ALL browsers, does everyone get punished?
Microsoft are to blame and should be punished, not the users.

Frank.

21 mars 2011 à 09:25
Unknown a dit…

"We’ve noticed some highly targeted and apparently politically motivated attacks against our users"

China against human-rights activists..?

21 mars 2011 à 09:32
Unknown a dit…

I've found that any Microsoft product I've used has eventually encountered technical issues. While I understand the price of an iMac or another Apple product can sometimes be prohibitive, I've been using an iMac for several years and encountered very few issues - when I have the issue has been easily resolved. Safari all the way!

21 mars 2011 à 09:53
Unknown a dit…

i wonder how many microsoft bashers here are actually using a microsoft operating system, and often use other microsoft software...

as far mac's being safe - indeed the are more secure - but again - only because the number of worldwide users are so so much smaller than those using microsoft products. Someone who is set to attack a group of users will obviously go for the largest user base, to cause the most disruption. Macs, safari, firefox are only safe because microsoft is taking the hit for you, not because the software or hardware is any better or more intelligently created. Im well aware of microsofts shortfalls, but i think everyone should imagine a world without microsoft products, sure there linux and all the different flavours thereof, but can you seriously imagine most of the population trying to be productive on a unix box?? absolutly wony happen. unix and linux are excellent - for specific uses. for a user friendly, easy to learn based market- no they arent fit for that purpose.

21 mars 2011 à 10:52
卢海玲 a dit…

Chinese government is becoming the new hidden Nazi now. It is torturing ,murdering and fooling its own ordinary citizen inside china. It has more than a quarter of a million internet polices doing all kinds of attacks, stealing info from other countries. The Chinese government is the biggest hiker organization in the world, it going to rule the world by its Mafia rules. All the west countries should work together to fight with it now in order to save everyone include chinese in the world.

21 mars 2011 à 11:47
Unknown a dit…

Why use gmail? It seems gmail is targeted cause it weak. I have 1 hotmail and 2 yahoo accounts.

21 mars 2011 à 12:47
Unknown a dit…

@ James,

Safari is not any more secure than other browsers - people simply don't target it like IE is targeted. At PWN2OWN a MacBook Pro was hacked in 5 seconds via a Safari security hole.

http://news.themacfeed.com/2011/03/safari-security-hole-in-only-5-seconds/

21 mars 2011 à 13:02
amdgangster@gmail.com a dit…

People in China(here) use gmail because they belive the service of the world's best company is reliable.Google people ,please don't let us down.People may be put in a black jail because they offended the system,that's not a joke.I just don't know where the history is aheading...Anyway,we enjoyed youtube through自由门very much...the world is awesome!

21 mars 2011 à 20:34
rpr a dit…

Bob said: "internet explorer is targeted because its the most popular browser ... If firefox had the same market share - then firefox would be under attack."

Have a look at http://en.wikipedia.org/wiki/Usage_share_of_web_browsers The page says that in Feb 2011 the usage shares of most popular browsers were: IE 43.55%, FF 29%, Chrome 13.89%. So, the popularity of IE is not much larger than that of FF, but still IE is much more exploited for cyber attacks. I conclude that IE is much more vulnerable.

25 mars 2011 à 14:32
Unknown a dit…

in the past day i had to change my password 3-4 times, somebody is accessing my e-mail and signing up for things, one that i know of so far. who is finding my passwords and not allowing me on unless i change it every time?
please help, i'm sick of it.

29 mars 2011 à 22:26
GP a dit…

You can't blame users for using the standard browser shipped with the OS. We should have some kind of a regulatory body that has the authority to fine companies for security vulnerabilities in their products. You can't just make people agree to a long list of terms and conditions and then not take responsibility for your incompetency.

1 avril 2011 à 13:32
Jon Carnes a dit…

Bob - you live in a dream world. Me telling you that won't change you though as you have massively consumed the MS kool-aid.
My company is 90% Unix/Linux and the users don't have any issues with the technology. Most of them don't even *know* they are running Linux.

9 avril 2011 à 10:25
Srk9 a dit…

gp, the answer here is for people to stop using Windows. Google should encourage people to use modern operating systems that have package managers like Ubuntu Linux.

3 juin 2011 à 18:47

Enregistrer un commentaire

  

Libellés


  • #sharethemicincyber
  • #supplychain #security #opensource
  • android
  • android security
  • android tr
  • app security
  • big data
  • biometrics
  • blackhat
  • C++
  • chrome
  • chrome security
  • connected devices
  • CTF
  • diversity
  • encryption
  • federated learning
  • fuzzing
  • Gboard
  • google play
  • google play protect
  • hacking
  • interoperability
  • iot security
  • kubernetes
  • linux kernel
  • memory safety
  • Open Source
  • pha family highlights
  • pixel
  • privacy
  • private compute core
  • Rowhammer
  • rust
  • Security
  • security rewards program
  • sigstore
  • spyware
  • supply chain
  • targeted spyware
  • tensor
  • Titan M2
  • VDP
  • vulnerabilities
  • workshop


Archive


  •     2023
    • mars
    • févr.
    • janv.
  •     2022
    • déc.
    • nov.
    • oct.
    • sept.
    • août
    • juil.
    • juin
    • mai
    • avr.
    • mars
    • févr.
    • janv.
  •     2021
    • déc.
    • nov.
    • oct.
    • sept.
    • août
    • juil.
    • juin
    • mai
    • avr.
    • mars
    • févr.
    • janv.
  •     2020
    • déc.
    • nov.
    • oct.
    • sept.
    • août
    • juil.
    • juin
    • mai
    • avr.
    • mars
    • févr.
    • janv.
  •     2019
    • déc.
    • nov.
    • oct.
    • sept.
    • août
    • juil.
    • juin
    • mai
    • avr.
    • mars
    • févr.
    • janv.
  •     2018
    • déc.
    • nov.
    • oct.
    • sept.
    • août
    • juil.
    • juin
    • mai
    • avr.
    • mars
    • févr.
    • janv.
  •     2017
    • déc.
    • nov.
    • oct.
    • sept.
    • juil.
    • juin
    • mai
    • avr.
    • mars
    • févr.
    • janv.
  •     2016
    • déc.
    • nov.
    • oct.
    • sept.
    • août
    • juil.
    • juin
    • mai
    • avr.
    • mars
    • févr.
    • janv.
  •     2015
    • déc.
    • nov.
    • oct.
    • sept.
    • août
    • juil.
    • juin
    • mai
    • avr.
    • mars
    • févr.
    • janv.
  •     2014
    • déc.
    • nov.
    • oct.
    • sept.
    • août
    • juil.
    • juin
    • avr.
    • mars
    • févr.
    • janv.
  •     2013
    • déc.
    • nov.
    • oct.
    • août
    • juin
    • mai
    • avr.
    • mars
    • févr.
    • janv.
  •     2012
    • déc.
    • sept.
    • août
    • juin
    • mai
    • avr.
    • mars
    • févr.
    • janv.
  •     2011
    • déc.
    • nov.
    • oct.
    • sept.
    • août
    • juil.
    • juin
    • mai
    • avr.
    • mars
    • févr.
  •     2010
    • nov.
    • oct.
    • sept.
    • août
    • juil.
    • mai
    • avr.
    • mars
  •     2009
    • nov.
    • oct.
    • août
    • juil.
    • juin
    • mars
  •     2008
    • déc.
    • nov.
    • oct.
    • août
    • juil.
    • mai
    • févr.
  •     2007
    • nov.
    • oct.
    • sept.
    • juil.
    • juin
    • mai

Feed

Follow
Give us feedback in our Product Forums.
  • Google
  • Privacy
  • Terms