Stop Using Internet Explorer and Upgrade Your Flash Player

Are you one of those people who still uses Internet Explorer as your primary browser? If you are you really need to stop. Seriously. Right fucking now:

Attackers are actively exploiting a previously unknown vulnerability in all supported versions of Internet Explorer that allows them to surreptitiously hijack vulnerable computers, Microsoft warned Sunday.

The zero-day code-execution hole in IE versions 6 through 11 represents a significant threat to the Internet security because there is currently no fix for the underlying bug, which affects an estimated 26 percent of the total browser market. It’s also the first severe vulnerability to target affect Windows XP users since Microsoft withdrew support for that aging OS earlier this month. Users who have the option of using an alternate browser should avoid all use of IE for the time being. Those who remain dependent on the Microsoft browser should immediately install EMET, Microsoft’s freely available toolkit that greatly extends the security of Windows systems.

Internet Explorer has a pretty expansive history of major security flaws. As far as I’m concerned it’s not a safe browser to use in any context. This problem is also worse for people still using Windows XP since Microsoft has finally dropped support for it. By the way, if you’re using Windows XP stop it. Running an operating system that no longer received security updates is asking for trouble.

Also, since I’m on the issue of security news, you also want to upgrade your Adobe Flash Player:

The attacks were hosted on the Syrian Ministry of Justice website at hxxp://jpic.gov.sy and were detected on seven computers located in Syria, leading to theories that the campaign targeted dissidents complaining about the government of President Bashar al-Assad, according to a blog post published Monday by researchers from antivirus provider Kaspersky Lab. The attacks exploited a previously unknown vulnerability in Flash when people used the Firefox browser to access a booby-trapped page. The attackers appear to be unrelated to those reported on Sunday who exploited a critical security bug in Internet Explorer, a Kaspersky representative told Ars.

While the exploit Kaspersky observed attacked only computers running Microsoft Windows, the underlying flaw, which is formally categorized as CVE-2014-1776 and resides in a Flash component known as the Pixel Bender, is present in the Adobe application built for OS X and Linux machines as well.

Flash is another dangerous plugin to have installed. Unfortunately there are still sites that necessitate the use of Flash. My tactic is to disable Flash in every browser except Firefox and use NoScript to block all Flash content I don’t expressly allow. This method does a good job of balancing usability and security in my opinion. Hopefully we will someday live in a world where Flash is no longer used.