Feeds

back to article IE 0day accidentally leaked to Chinese hackers

Details concerning a potentially serious security vulnerability in fully patched versions of Microsoft's Internet Explorer have been leaked to people in China, a researcher warned over the weekend. Michal Zalewski, a security researcher at Google, blogged that data concerning at least one “clearly exploitable crash” in the …

COMMENTS

This topic is closed for new posts.
FAIL

Umm

'accidentally leaked' ? ITYM 'also discovered by'.

2
0
Silver badge
Badgers

I accidentally the whole server!

Proposal:

"accidentally been indexed by Google" == "googlexed"

1
0

This post has been deleted by its author

Anonymous Coward

The 0day wasn't leaked *to* the Chinese

If you read the original blog post you'll see that Zalewski isn't saying that they accidentally leaked the data to the Chinese but that a Chinese IP address accessed Zalewski's website having used some Google search terms that suggest very heavily that they (the Chinese IP address) already knew about the vulnerability and were looking to see if anyone else knew about it.

The Chinese (allegedly) appear to have leaked the fact that they already knew about this 0day, which is interesting.

5
1
Joke

Time flies like an arrow,

Steve Ballmer likes a Toupée.

2
0
Silver badge

sitting on a web server

What, they just hoped no one would find it?

MS knew about it for ages, but sat on it. Now they can wait and see if it gets used, then maybe fix it after a few more months.

Must be one of the hard to fix bugs because it's commingled with other Windows features.

2
0

Oops!

hacked self wide open 'researching', coders come sniffing using the goog as mega C&C, game over.

Surfing in places you wouldnt take your Mother? Hmmm.

Tea & biscuits anyone?

0
1
Thumb Down

Ahhh Hmmmmmm Ummmmmmmm

Ummmmmm well another Microsoft battle - with the management leading from the rear and the consumers as cannon fodder.

Hmmmmmmmmmmmmmmmm

3
1
Pint

Note to Chinese hackers

Next time use a US-based IP address and everything will be OK.

1
0
Grenade

If its that important

Why not place it in a url that isn't accessible to google crawlers? I mean just because you have a webserver out there does that give google free license to crawl it? Conversely, Microsoft could take matters into their own hands and implement some form of security that would deny access to such url's from google IP addresses.

0
0
Bronze badge
Boffin

Blocking google crawlers

All you need is a robot.txt file to block google crawlers from accessing specific parts of your website ... third-party crawlers might ignore though ...

http://webdesign.about.com/od/promotion/ht/htrobotstxt.htm

0
0
Paris Hilton

Double take...

>On December 30, detailed search queries [At Google?] showed that the sensitive information, in addition to files for an unpublished security tool, had been retrieved by the unknown party.<

Am I reading this right? Google employees casually check the Google search logs to see who (IP address, unique cookies etc) used specific search phrases?

The Lord and Scroogle help us :-(

Paris - because Michal Zalewski knows I searched for her on Christmas Eve.

0
0
Silver badge
Happy

weblog

Nope - the users own web server logs would have provided all of that information.

0
1
Flame

Microsoft

So, another critical security bug in MS software.

Yet another reason for offices around the world to ditch their shitty software and move to another OS. (ANY other OS!)

5
0
Flame

Any other OS?

Why do you think joyriders steal certain types of car? Because they are common, cheap, and purely protected. Lowest common denominator.

Once any OS achieves a reasonable market penetration it will very quickly come under the same level of attack as Windows. But given Windows has ~87% of the market, who'd go chasing anything but Windows.

I'm not defending MS - their stuff is leaky as hell and needs fixed or replaced. But don't be under the illusion that other OSs are bug and vulnerability free. If the same effort was focused on finding faults, far more would be discovered.

Ironic that Open Source Linux is essentially Security by Obscurity since it has such a limited user base :)

0
2
Troll

Chinese?

Who? I am in Hong Kong as sundry web services insist on reminding me with unwanted content.

What does that make me? Chinese?

I'm from Liverpool and as they say there as a farewell parting to an unwanted acquaintance : "Have an accident".

0
0
FAIL

«Accidentally leaked to Chinese hackers» ?

This is how Michal Zalewski himself sums up the matter : «[t]he pattern is very strongly indicative of an independent discovery of the same vulnerability in MSIE using unrelated tools, eventually leading the discoverer to my site; other explanations for this pair of consecutive searches seem extremely unlikely». I am aware that the US military and that country's foreign ministry, not to speak of legislators seeking votes and certain economists seeking brownie points, tend to portray the Chinese as their favourite bêtes noires, but do Reg columnist have to join the chorus ?...

Henri

1
0
Stop

@mhenriday: Don't Worry, China has Nukes

Even if much of these allegations are fabricated, it won't matter too much because since Mao the Chinese have a functioning military the U.S. won't want to mess with. (see Korea)

From what I know out of non-government sources, Chinese IT equipment is indeed often laden with some sort of malware features. Think of IP-connected cameras streaming images home to their manufacturer and the like. Simple logging at the gateway will give them away, so their methods are still quite rough...

0
0
Go

"accidentally leaked"

Is a frelling oxymoron moron.

0
0
This topic is closed for new posts.