McAfee’s Operation Aurora Pinpoints Internet Explorer Attack Vector

January 16, 2010 - By Justin E. Gehrke

According to an article published today on The Washington Post’s website, computer security giant McAfee is claiming responsibility for the identification of the specific vector used in China’s alleged attack, albeit a passive one, on Google.

Where was the vulnerability? As has often been the case, Internet Explorer apparently provided the point of ingress, through it less than perfect coding. Additionally, it appears it may be the same attack vector used in other recent high profile attacks. According to McAfee, the discovery was made as part of the company’s Project Aurora.

While McAfee’s efforts and Microsoft’s reported cllaboration is a step in the right direction, the question remains. When will software giants like Microsoft and Adobe realize that their popularity and proliferance is a double-edged sword. Ease of use and aesthetics must be tempered with security that’s part of the software development process. Until it is, computer security professionals will always be one step behind.

Sources:

The Washington Post

http://www.washingtonpost.com/wp-dyn/content/article/2010/01/17/AR2010011700562.html

Microsoft Security Blog:

http://blogs.technet.com/srd/archive/2010/01/15/assessing-risk-of-ie-0day-vulnerability.aspx

McAfee Operation Aurora:

http://www.mcafee.com/us/threat_center/operation_aurora.html