Google is apparently making this decision in response to the hacking attacks on late last year in China. The attackers  used vulnerabilities  in Microsoft’s Internet Explorer 6 to go after Google’s intellectual property, believed to be source code.  One could argue that if they had updated their browsers, the attacker would have had to find other vectors for attacks.

Could this be a strategic move by Google to prove that an Enterprise can survive WITHOUT Microsoft? With Google’s Chrome OS on the horizon, this may just be the warm-up act.

Source: http://www.ft.com/cms/s/2/d2f3f04e-6ccf-11df-91c8-00144feab49a.html

Related posts:

1. Google and China: A Dysfunctional Marriage Since making it’s search engine available to Chinese users in...
2. Microsoft says Do Not Call for Help! If it sounds like a horror movie….well, that’s because is...
3. Use Google Apps or Gmail? Avoid getting hacked! It can happen to the best of us. Blogger and...

The zero-day vulnerability in the latest full version 3.6 of Firefox was discovered by security researcher Evgeny Legerov last month.  Legerov controversially offered to sell exploit code he developed.  Mozilla acknowledged the security vulnerability on Thursday and promised the the next version of 3.6.2, due at the end of the month, would plug the hole.

I have to applaud the German government for taking such a proactive approach to online security of it’s citizens. I have to wonder what would be the response to such an approach my the US government here. As to the advice given, I’m of two minds really. Whereas home users are at liberty to switch browsers as often as their underpants, corporate users may not have that luxury. Whole scale software migrations in a corporate setting is no small undertaking. Ig it were, I doubt Google would have gotten hacked for using IE6.

Vulnerabilities in all browsers are discovered over time. Corporate users, does the musical browser approach really work even if it were possible? I think not. My advice: Test and Upgrade as soon as is feasible.

Related posts:

1. 2010 CyberSecurity Watch Survey Cybercrime threats posed to targeted organizations are increasing faster than...
2. Pentagon and Congress wants control of your network during cyberattack There has been a lot of chatter in the news...
3. Google and China: A Dysfunctional Marriage Since making it’s search engine available to Chinese users in...

Some of these vulnerabilities allows your system to be compromised simply by browsing a page with an infected image file so upgrade without delay.

According to Brian Cluley of Sophos , “It doesn’t matter whether you own a Mac or PC, if you run Safari the message is clear: It’s time to update your browser and ensure that you are protected against hackers exploiting the security holes detailed in the security advisory on Apple’s website”

Related posts:

1. More on Forensics… Follow what the NOVA Information Assurance Strike Team is up...
2. Pentagon and Congress wants control of your network during cyberattack There has been a lot of chatter in the news...
3. 2010 CyberSecurity Watch Survey Cybercrime threats posed to targeted organizations are increasing faster than...

So https indicates your communications to the web site is encrypted. Clicking on the golden lock displays the digital certificate and identity information. But what if your browsers decides it doesn’t like the certificate? Well it warns you. Ever seen these before:

If you have spent any amount of time on the web, you will have eventually come across these warnings. What do you generally do? Flee for your life? Read the details? Continue on to the web site anyway? Well, don’t just ignore this warning! There are multiple reasons why your browser might balk at pproceeding to the requested web site.

Certificates are generally issued by companies like Verisign and Thawte after the entity requesting the certificate has verified its identity. The certificates are digitally connected to a root certificate located at the issuer. Browsers are pre-configured with a number of more popular root certificates. That is why, when you access your online bank account, your browsers automatically recognizes the certificate and allows you to proceed without issue. The certificates are valid for a specified period of time and require renewal. If the certificate has expired, your browser will detect it and you will see the warning displayed  above. If your browser does not recognize the source of the certificate ( i.e no connection to a known root certificate), you will see the error message as well. This is the case when web site owners decide not to purchase a certificate issued by one of the aforementioned third-parties and create their own certificate which still provides the same functions: claims an identify and enable encryption.

This last point is key. Anyone can create a certificate. I can create a certificate in seconds claiming my laptop to be https://www.your-online-bank.com. Tools that enable a man-in-the-middle attack mentioned in yesterday’s post automatically do this.  Now, as your browser will recognize the lack of digital connection between my fake web site certificate and the real root certificate, it will warn you with one of the  errors displayed above. Beware that you don’t make it a habit of clicking to continue without giving it a second thought.

Related posts:

1. Enter the Dragon browser, the more secure Google Chrome The open source engine that forms the basis for Google’s...
2. Beware of Free Internet Connections Many hotels,coffee shops and other such establishments  offer free wireless...
3. SAHI – Web Automation & Application Security Testing Tool Sahi is an automation tool to test web applications. Sahi...