Security Hole in the News. Should you worry?

No, but you should be careful.

The combination of North Korean supporters attacking government websites and Microsoft announcing a security hole has made for a media frenzy. But don’t let the media confuse you, they aren’t related.

The issue with the security hole is that a clever web developer can create an infected website hosting a video. If you visit the website with the infected video, it will infect you.

The SANS security institute (of which I am a member) is keeping a running list of which websites are infected. None of the commonly accessed websites are infected. In fact looking over the entire list, I can’t find anything that could possibly effect any client of ours. Here’s a sample of the types of websites we’re talking about.

www.7iai.cn
www.jazzhigh.com
www.netcode.com
6ik76.8866.org
76ith.8866.org
qd334t.8866.org
u5hjt.8866.org
vpsvip.com
x16ake8.6600.org
www.huimzhe.cn
www.hostts.cn
ucqh.6600.org
qitamove.kmip.net
news.85580000.com
guama.9966.org
dx123.9966.org
ds355.8866.org

How do you get to these crazy websites? The usual way. You open a spam email and click on the link therein. We know that you are all smarter than that.

There is currently a work around that will protect you from this infection but it’s one of those cases where the cure is worse than the disease. If we implemented the work around you would not be able to use any moving image in your browser. Since most news sites use these and since many of you visit CNN, Yahoo, ClickOnDetroit and other popular sites frequently we’d be crippling you if we implemented the work around.

When Microsoft releases a patch for the browser we’ll be sure to push that out as the permanent fix. Meanwhile we’ll be watching the list of infected websites.

---------------
Harbor Computer Services provides IT services to businesses in Southeastern Michigan. Find out more about us www.harborcomputerservices.net