Tuesday, January 26, 2010

Tech alert: How to prevent Operation Aurora attack

This morning I sent an e-mail to Peirce College faculty about the recent exploits in Internet Explorer. This is a very important security issue, and I want to share the information with you here.

You might have heard about the recent cyber attacks on Google in China. During Google's course of investigation, it discovered at least 20 other large companies from a wide range of businesses -- including the Internet, finance, technology, media and chemical sectors -- have been similarly targeted. As a result, Google is withdrawing from China.

Further research by McAfee and Symantec have identified the cause as a vulnerability in Internet Explorer. The attack has been named "Operation Aurora."

It has been classified as a Zero Hour, or Zero Day Attack. This is a computer threat that tries to exploit software that are unknown to others, undisclosed to the software vendor, or for which no security fix is available.

The reason why I am informing you of this news is that it is directly related to using Internet Explorer. Versions 6, 7, and 8 have the exploit. You might be using IE as your browser right now.

Peirce is using highly sophisticated tools to monitor outgoing and incoming traffic as it relates to this global attack. I would like to offer you the following steps to mitigate this risk in your own home.
1. Ensure your virus protection is up to date, and set to auto update. While there is no known fix at this point, you should be able to get it on the U.S. Computer Emergency Readiness Team Web site when it's available.

2. Make sure Windows is also up to date.

3. Consider using Firefox as your Web browser. This is more secure than Internet Explorer, as it is not tied into Windows.
We'll keep you posted as updates develop. Stay safe!