back USING INTERNET EXPLORER IS A RISKY BUSINESS – 22 November 2012
A lot of people are aware that Internet Explorer is not a good browser to use, but not everyone understands exactly why.
Aside from the fact that it is slow, buggy and cripples the development of the internet with its refusal to follow basic web standards, the absolute number one reason why you should never use Internet Explorer is because it’s ridiculously insecure.
A good example of this is a recently released vulnerability in the form of an exploit module for the Metasploit Framework. Metasploit is an open source framework used by security professionals to test the strength of networks. The thing about Metasploit is, anyone can download it and use it, even bad guys. The module is called ‘ie_execcommand_uaf’ and is one among many exploit modules for Internet Explorer.
This security hole effects IE versions 7, 8 & 9 on Windows XP, Vista & 7.
Using this exploit, a hacker can run a webpage that when viewed in Internet Explorer, will give the hacker full control of your computer.
How hard is this to do?
Stupidly easy. In our test setup I only had to enter 7 commands before the exploit was up and running. All I had to do was send a link to the infected page to my coworker and within minutes I was taking pictures through his webcam and capturing every single word he was typing.
The scary part is, that’s only a fraction of the things you can do. There are tools built into Metasploit to make collecting your passwords, downloading your files, and recording your webcam and microphone as easy as entering a simple command.
How to stay protected
The very best way to avoid this problem is to stop using Internet Explorer! There are many browsers available for you to download and use on Mac or PC for free. The top four we’d reccommend are;
If you still want to use IE or you have no control over the browser you use (workplace politics) then make sure you follow these simple steps to avoid being hacked;
1. Install a good anti-virus program, and keep it updated
2. NEVER click on a link in a spam email or social media message
3. Don’t disregard an anti-virus warning message (unless you know what you’re doing)
4. Keep your operating system up to date