Monday, April 28, 2014

IE's zero day and the Sewol tragedy

The news of this exploitable "zero day" Internet Explorer bug, coming on the heels of the Heartbleed bug, is the latest realization that the common technologies - in this case, the internet - that have become interwoven and basic to our lives have also made us vulnerable to hidden, potentially ruinous dangers.

At the same time, the revelation that systemic factors were at least contributing causes in the Sewol ferry tragedy is an actualization of the fear that the growing advances of our systemic environment have not been coupled adequately with corresponding protections.

We're learning that we can't trust the things we depend on to adapt to the changing world nor the authorities to keep us safe from new and evolving dangers, including and especially the harms we don't know about. It turns out that the system authorities we rely on, such as the captain of the Sewol and the programmers at Microsoft, are only human and as vulnerable to structural fragilities as the rest of us. Good faith, best efforts, and assurances are not enough to prevent bad-faith exploitation nor stop hidden or unknown systemic weaknesses from breaking.

Progress is inputting dangerous structural fragilities inside our lives. Safety is exposed as an illusion, yet stripping our trust doesn't change our dependency. We're trapped like prey in blinds by the modern things we've incorporated for convenience.

FYI from the guys who uncovered the IE bug:
Mitigation

Using EMET may break the exploit in your environment and prevent it from successfully controlling your computer. EMET versions 4.1 and 5.0 break (and/or detect) the exploit in our tests.
Enhanced Protected Mode in IE breaks the exploit in our tests. EPM was introduced in IE10.
Additionally, the attack will not work without Adobe Flash. Disabling the Flash plugin within IE will prevent the exploit from functioning.
01MAY14 update: Microsoft issued a patch for the bug.

Eric

700

Labels:

0 Comments:

Post a Comment

Links to this post:

<< Home

<< Newer
Older >>
HOME

Powered by Blogger