Kate, it says this,
Serious Internet Explorer Bug Leaves Half of all Browsers Open to Hack
By Julianne Pepitone
Microsoft is scrambling to fix a newly found bug in Internet Explorer, which leaves all versions of the browser open to potential attacks.
Hackers have already used the flaw to launch "limited, targeted attacks," Microsoft said a "security advisory" on Saturday.
As with many attacks, hackers can start with methods like convincing users to click on fake websites, Microsoft explained. From there, the glitch could allow attackers to run malicious software on the user's computer -- and even gain the same level of access to the computer as the real user.
It's a serious flaw, and a widespread one: Internet Explorer comprised almost 58 percent of all desktop browsers in March, according to analytics company Net Applications.
Even the Department of Homeland Security weighed in with an advisory on Monday, calling on users to run alternative web browsers until Microsoft is able to fix the problem.
The Internet Explorer issue affects the browser's versions 6 through 11, Microsoft said in its post. Microsoft's response came one day after security company FireEye revealed the flaw in a post on its own site on Friday.
FireEye said attackers are focusing mostly on Internet Explorer versions 9 through 11, which make up about a quarter of all browsers. FireEye dubbed the attacks "Operation Clandestine Fox" and called the flaw "significant."
FireEye recommended that users disable Adobe Flash, saying "the attack will not work" in that case. But Adobe posted its own advisory on Monday, offering users a security update that it said will fix the problem.
Microsoft is still investigating the issue, and the company said it may fix the problem through either a scheduled or off-cycle security update.
Until then, Microsoft wrote in a separate blog post, the company recommends typical protection steps like installing anti-virus software and being cautious when visiting websites. Microsoft also suggested using Internet Explorer in "enhanced protected mode" and downloading a "toolkit" to help guard against attacks.
Those steps could help protect users of newer Windows versions until Microsoft releases a fix. But the glitch is a sobering reminder that no help is coming for users of Windows XP, as Microsoft dropped support of that operating system earlier this month.
First published April 28th 2014, 3:35 pm
Julianne Pepitone
Julianne is a senior technology writer for NBC News Digital. Previously she worked at CNNMoney where... Expand Bio
Security
15 hours
You've Got Hacked: AOL Confirms 'Significant Number' of Mail Users Hit
By Julianne Pepitone
AOL has released more details about a major hack of AOL Mail last week, in which users' accounts were compromised to send out spam messages.
The company is still investigating the breach, but AOL confirmed in a company blog post Monday that "there was unauthorized access to information regarding a significant number of user accounts."
Thankfully, no financial details appear to be affected. But hackers did access a trove of personal data including AOL users' email addresses, mailing addresses, contacts, encrypted passwords, encrypted answers to security questions used for resetting passwords, and some employee information.
Time Warner To End Deal With AOL, Spinning It Off Into Separate Company Mario Tama / Getty Images
No financial details appear to be affected. But hackers did access a trove of AOL Mail users' personal data.
Spammers used that information to send "spoofed" emails -- messages that appear to be from a valid address or trusted contact, but are not actually from those contacts -- from about 2 percent all AOL Mail accounts, the company said.
AOL is notifying users who may have been affected, the company said Monday, and it is working with law enforcement "to investigate this serious criminal activity."
Customer complaints about the spoofing began popping up early last week, including on Twitter with the hashtag #aolhacked.
AOL posted a warning on April 22 about the attack, and stated that it would change its policy "to help mail providers reject email messages that are sent using forged AOL Mail addresses."
AOL Mail takes action against email spoofing!
t.co/syCPd13gY1 — aolmailhelp (@aolmailhelp) April 23, 2014
AOL's official support Twitter account has spent the week tweeting apologies and statements to disgruntled customers, but even some longtime AOL diehards couldn't be mollified.
#AOLHacked @aolsupporthelp AOL you have broken me after 20 years with you I'm changing my email address. How sad.
— Lisa C (@lmc445) April 22, 2014
Others used the incident to take potshots at AOL as the email of choice for the non-techy set.
#AOLHacked so everyone check with your boss's boss, grandparents, and elderly friends.
— Ryan Williams (@ryanlwilliams) April 21, 2014
AOL wasn't the only big tech company to face a security breach this week. Microsoft is scrambling to fix a newly found bug in Internet Explorer, which leaves all versions of the browser open to potential attacks.
First published April 28th 2014, 9:18 pm
Julianne Pepitone
Julianne is a senior technology writer for NBC News Digital. Previously she worked at CNNMoney where... Expand Bio
