NASA Bans IE?

By Roger on October 18, 2007 10:24 AM | | Comments (3) | TrackBacks (0)

I heard that NASA is telling employees and contractors not to use IE due to malware affecting Internet Explorer and Real Player.

"Affected Platforms: Any MS Windows system running with Real Player installed and Platforms Internet Explorer used as the routine web browser. At this time it is believed all variations of Internet Explorer and Real Player may be affected."

They say "The malware appears to be spreading through a large variety of common and highly-respected Internet sites, however it does not appear these sites are themselves infected. The affected sites are serving solely as a mechanism to attract potential victims."

I haven't heard anything about attacks through realplayer and IE, much less through common sites that have been exploited. It sounds related to this advisory from Microsoft, but that was IE7 on XP only. There are some RealPlayer issues over at Secunia but that would effect RealPlayer only. The problem wouldn't be browser specific and a patch is available.

Interesting to see how this develops. If there is a targeted attack against NASA as this would seem to indicate, we'll hear about it eventually.

update - I have seen an updated email alert from them saying if you need to use IE, you should remove Real.

Categories

General

Tags

0 TrackBacks

Listed below are links to blogs that reference this entry: NASA Bans IE?.

TrackBack URL for this entry: http://www.infosecblog.org/mt-tb20071121.pl/609

3 Comments

FCG said:

Can you share the link qhere we can read about the NSA and IE? Thanks.

October 19, 2007 8:25 PM
Roger Author Profile Page said:

I'm assuming you mean NASA and IE.

That information is from an email alert that they sent to their contractors and employees. That is not public information. I went back and forth on whether to disclose the agency name, but I figured someone else would name names even if I didn't.

I think they ended up with some egg on their face when it turned out to be a Real Player zero day exploit which could be mitigated with other means. If a company wants to have a firefox only policy they are free to do so, but they shouldn't make the decision based on FUD and they shouldn't communicate through FUD either.

Information on the realplayer zero day is available at http://isc.sans.org/diary.html?storyid=3519

October 19, 2007 9:15 PM
Anonymous said:

Why would you there's egg on anyone's face? The quote you cited says that it's a realplayer issue, and what other kind of guidance would you give to end users (like the kind that might be traveling with laptops) who aren't in any position to uninstall realplayer? You also seem to be assuming that's the only thing they're doing, while it's not obvious to me that anyone would outline their entire security response in a widely distributed email that would be certain to be leaked...

October 20, 2007 9:06 AM

Leave a comment

Powered by Ajax Comments

About this Entry

This page contains a single entry by Roger published on October 18, 2007 10:24 AM.

Backscatter was the previous entry in this blog.

Air Force "cyber sidearms" is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Subscribe to feed Subscribe to this blog's feed
Add to Google
   Please contact me by leaving a comment where appropriate. Otherwise, you can reach me at blog...@infosecblog.org
Get Safe Online Remember Rick Rescorla Powered by Movable Type 4.01a

Search