Thursday, May 1, 2014

Digital Darkroom: Stop using Microsoft Internet Explorer, at least for now!

Microsoft Internet Explorer Logo, courtesy of Microsoft Corporation
Many photographers use Microsoft Windows for their computing, to run their digital darkroom software, research, and communicate on the Internet. Many Microsoft Windows users make heavy use of the Microsoft Internet Explorer (IE) browser for their use of the Internet.

As many know, along with being a professional photographer, I am a network and tech security consultant. If you haven't heard about the recent serious problems of Microsoft Internet Explorer (all versions), or hadn't taken it seriously, please take my warning seriously.
The problem with all versions of Internet Explore from versions 8 through 11 (current version) is that all the versions contain a particularly vulnerable “zero day exploit” through which hackers can install malware from a website you visit, which they have either hacked or setup themselves. Once you've visited the website while using Internet Explorer, the malware secretly installed on your computer can give a stranger total control of it, without your knowledge. You might not even notice it's running.

Once in control of your computer, it only gets worse. They can steal your private information, get access to your email, your credit and debit cards, your bank accounts, your files, and they have access to any computer on a network to which you have access. Not only can they steal your identity through Internet Explorer, they can run up bills on your credit cards, empty your bank accounts into their accounts, and open up other accounts and credit/debit cards with your social security number and other information, for which you are responsible, until and and unless you can prove you're the victim of identity theft.

Even if you're able to prove identity theft, and get from under the crushing debt which was in your name, if could take years, many years, until you regain control of your life, all because you used Internet Explorer when you should have discontinued it's use, at least until patched.

Both the US Department of Homeland Security's Computer Emergency Readiness Team and the United Kingdom National Computer Emergency Response Team said in advisories released on Monday that the vulnerability in Microsoft Internet Explorer 8 through the current IE 11 could lead to "the complete compromise" of an affected system. They are strongly recommending total discontinuance of Internet Explorer, at least until properly patched.
For Windows XP users, this means permanently discontinuing any use of Internet Explorer as your non-upgradeable version 8 will not be fixed by Microsoft...ever!
For now use another browser on the Internet such as Google's Chrome, or Mozilla's Firefox. Microsoft has stated they will have a fix for IE 11 in mid May.

While waiting for Internet Explorer to be patched, Microsoft, along with some in the media are erroneously reporting that computers with the Microsoft Enhanced Mitigation Experience Toolkit (EMET) 4.1 (latest version) are safe from this particular "Zero Day exploit."
That is incorrect!
A Bromium Labs researcher has determined that those hackers using this exploit can easily bypass all the protections in EMET 4.1. It would appear that EMET 5.0 can protect computers from this problem, however, it's only in tech preview right now, and on many levels, not ready for prime time.
I assure you that this problem is all too real, and anyone who continues to use Internet Explorer is playing with fire!

I would add that for anyone using Adobe Flash, they should immediately install the latest version, only out for a few days. The prior version has a “zero day exploit itself.” This is true for all computer platforms which can use Flash.


Ed - Nova Scotia said...

Thanks for the warning. I've dropped IE use as of this morning. I had no idea the problem was this bad, and as potentially devastating as it is.

Stan - NYC said...

OMG the report on local TV didn't explain it this way. Thanks.

Nancy - Ocean City said...

How could Microsoft know about this for weeks and not have it fixed already?

Post a Comment