Old IE Too Risky for GIFAS and VFW
The French military defense contractor GIFAS and the US veterans organization VFW learned the hard way why updating Microsoft software such as Internet Explorer makes a big difference. These two organizations received the same treatment a Japanese financial company took on the chin recently, which some security investigators from Symantec Corp blamed on a Chinese conspiracy. The Chinese government has firmly denied all Chinese involvement, of course. http://www.reuters.com/article/2014/02/15/us-hacking-microsoft-idUSBREA1D02220140215
The attack depends on old versions of the Microsoft browser Internet Explorer (IE). Specifically, versions 9 and 10 of IE were attacked through ‘zero day vulnerabilities.’ The most obvious and cheapest preventative, short of avoiding IE and other Microsoft software (which has become a routine choice among many experienced professional software developers), requires upgrading to IE version 11. http://www.pctools.com/security-news/zero-day-vulnerability/
A simple portrait of how Microsoft makes software has helped me for the past several decades, so I will pass it along to those who might be able to use it themselves. When in the 1970’s Microsoft was starting up, it won a huge gamble that made all the difference in its profitability. Beating its CPM competitor by sheer luck to obtain a contract with IBM, the planet’s largest computer maker then and still a force with which to be reckoned, Bill Gates and his buddies decided to put out whatever software they could cobble together quickly to meet contract deadlines. http://en.wikipedia.org/wiki/History_of_Microsoft
They pushed junk software onto a hungry, naïve market and as quickly as they could they upgraded that junk piece by piece. In terms of management theory, they turned the old professionals’ model of Administration-Service-Sales (where a business sets up a shop or an office, hones its skills and builds its inventory to offer great services or products, and then sells its very best to a small market that recognizes value; http://www.sba.gov/content/marketing-sales-management) to the new model Sales-Service-Admin (where the business promises to sell whatever customers say they want despite not currently having it, then cobbling together something close to what was promised and servicing it to patch unavoidable glitches, and finally handling paperwork admin as an afterthought). The result made Microsoft a financial success very quickly, although insiders who knew how the magic had been made vowed to do something different and better.
The same model, SAA, has been adopted repeatedly in markets where customers don’t recognize value because the standards have shifted and the sophistication needed to apply those standards to evaluate a service or product has become too advanced. Microsoft did not invent the SAA management model but Microsoft mastered it.
Today Microsoft software seems ubiquitous; avoiding it requires real effort. Further, competitors who saw how profitable Microsoft became almost overnight couldn’t beat that profitability so they joined in, leaving consumers adrift in a violent SAA sea.
Enter the hackers who know the weaknesses of early products well enough to take advantage. That’s how the zero-day vulnerabilities get in the door. No one sees them enter until their damage is done. Ongoing security investigators suspect that the same holes now being patched at the VFW and GIFAS may have been embedded in software for some extended time before discovery.
The old professional model that combined a hard won set of specialized knowledge with age old moral codes has given way in this age of information to ever improving knowledge without the morality. The role of security investigators, both governmental and private, will have a long and profitable future in this environment, as analysts at http://HamiltonFinanceServices.com see it. What do you think?
Then again, it could be as simple an answer as: MS software (i.e. Windows, IE, Office) is everywhere and used by billions so it makes sense for hackers to target it. Anything can be hacked including Apple, Linux, Chrome, Firefox, Safari (in fact, Safari is one of the easiest browsers to hack) but MS is generally the target since (as you mentioned) its software is ubiquitous particularly in third world countries. BTW: IE11 is generally touted as one of the most secure browsers available, particularly when coupled with Smart Screen filter.
Maybe MS software should not be depended upon so heavily.
Well… it’s a free world. I’ll opt for MS Office any day of the week over the “free” alternatives. I’ll also opt for the polish of Windows over Linux and I don’t really care about the so-called security issues. I’ve been online since the mid 90’s and have yet to have any real issues. Granted, I run with the best security software I can buy, I opt for a hardware firewall, I lock down our home network, I don’t open attachments in my email, I don’t visit porn sites or gambling sites, I do not download a lot of “free” software and I’m leery about the links I choose to click. I make certain my browser is the latest iteration (IE11, Chrome 32) and that Windows critical updates are applied immediately. Perhaps if the French military defense contractor got his head out of his derriere he might not have exposed the organization he was trying to protect to the zero-day attacks. But you see… here’s the thing: it’s always easier to blame somebody else. Why it’s Microsoft’s fault not mine. Microsoft’s browser is full of holes. Microsoft should have warned me. :p
Maybe we all wait to be burned before taking the hot stove seriously. On the other hand, you seem to have some pretty safe habits already, which might be more than most users can say.
You’ll have to take my words with a grain of salt since my wife and I have a vested interest in Microsoft. Our son is a distinguished (I use that descriptive proudly since he was awarded the distinction) software engineer with the company. MS has provided a very good living for him and us by extension – you see, my wife says, “I wish I had the latest office…” and it arrives on our doorstep two days later. Naturally I’m rather defensive of the company’s reputation although I try not to be blind to its foibles (hence I’ve always used another browser as my default browser much to my son’s amusement). The French debacle doesn’t really surprise me. Our local Bank of America is still running with Windows XP Professional whose support is about to be withdrawn. I’m hopeful the bank will take the hot stove seriously but time will tell.
I TRIED TO USE THE VIVALDI FOR A BLOG AN D I HAVE TO TELL THAT IT IS VERY POOR AND MUCH WORSE THAN MY OPERA. iS THE PLAN OF DEVELOPING IT ? OT IT WILL BE ONLY LIKE NOW?aND WHAT WILL THE TRANSFERED BLOG FROM MY OPERA WILL LOOK LIKE? SO POOR TOO?
Vivaldi is, in the words of its founder, a work in progress. I have made a somewhat comfortable income from blogging about current news that interests me through Word Press joined with a handful of somewhat aggressive advertisers who meet my editorial standards. Who knows where Vivaldi will end up without ads, but nonetheless I sincerely appreciate the efforts being made to upgrade it in a rational manner.
If you have specific technical ideas for improvement, there is a developers’ forum available through Vivaldi.
JamesD, all three of my kids have landed firmly in the IT world, like your son. The oldest loves the new manufacturing-IT possibilities so he focuses there; my second son, the wealthiest by far, is a computer engineer for Reuters (officially named Thomson Reuters http://thomsonreuters.com/about-us/) who uses MS systems primarily because that’s what he received training on years ago; and my third child, a daughter, works the marketing end of IT for Reynolds & Reynolds, making a very comfortable living, again with predominantly MS systems. I agree the world has many thanks owed to Bill Gates and his buddies, although from a management consulting perspective (one of my several hats) I do not encourage use of the MS model.