What It Is

The vulnerability affecting Internet Explorer version 6-11 is being called “Operation Clandestine Fox”. As of right now, IE 9 and IE 10 are being targeted the most heavily. The flaw allows malicious hackers to get around security protections in Windows OS and infect computers when visiting a compromised website. Once infected, the hacker has the same rights as the current user. If the current user has administrator rights, the hacker can install more malware, create and access user accounts and change passwords, and change or delete data from the machine.

*By default, Internet Explorer on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2 runs in a restricted mode that is known as Enhanced Security Configuration. This mode mitigates this vulnerability.

How It Works

The flaw is exploited using remote code execution. When a user visits a website that has been compromised, the page loads a corrupted Flash SWF file that allow code to be run on the computer granting the attacker access to the computer memory and bypass security features such as ASLR (Address Space Layout Randomization) and DEP (Data Execution Prevention). Once the file is in place, the hacker can then act as the current user and grant access to everything on the computer.

To Protect Your Computer

*Only the first option on this list will ensure your safety from this vulnerability without affecting your online browsing. Other methods can cause unexpected consequences to your online experience and should only be used if the use of Internet Explorer is necessary for application compatibility.

  • Disable Adobe Flash Plugin
    • Since the vulnerability requires a Flash file to work, disabling Adobe Flash on your browser prevents the attack (This method can have unintended consequences as many websites require Flash to run properly and can ruin a user’s online experience).
    • To disable Flash
      • Go to Start and open the Control Panel
      • Select Internet Options
      • Go to the Programs tab and select Manage add-ons
      • Under Toolbars and Extensions, find the program called Shockwave Flash Object under Adobe Systems Incorporated and click on it
      • At the bottom of the window, click the button labeled Disable
  • Use Internet Explorer in Enhanced Protection Mode (Only available in IE versions 10 and 11)
    • This method could also cause a poor online experience as it will block any add-ons that are not compatible
    • To enable Enhanced Protection Mode
      • In Internet Explorer settings open Internet Options
      • Select Advanced and then navigate to the security section
      • Choose Enable Enhanced Protection Mode
      • Select OK and restart Internet Explorer
  • Set Internet and Local intranet security zone settings to “High” to block ActiveX Controls and Active Scripting in these zones
    • Blocking ActiveX and Scripting can prevent the Flash file from being installed without prompting the user (This method can cause websites to work incorrectly, if you are sure the site is safe, add it to your Trusted sites)
    • To set security zone settings to High
      • In Internet Explorer Tools menu, select Internet Options
      • Go to the Security tab and click Internet
      • Under Security level for this zone, move the slider to High
      • Click Local intranet
      • Under Security level for this zone, move the slider to High
      • Click OK to save settings
    • To add a website to your Trusted Sites
      • In Internet Explorer Tools menu, select Internet Options
      • Go to the Security tab
      • In the Select a web content zone to specify its current settings box, click Trusted Sites and then click Sites
      • In the Add this website to the zone box, insert the url of the site you would like to add and then click Add
      • Repeat for each website you wish to add
      • Click OK twice to make changes

What Microsoft Is Doing

Microsoft is working on a patch to fix the vulnerability; however, it may not be released until May 13th. This patch will not be released for Microsoft XP users as support for XP ended April 8th of this year, which means the vulnerability will exist for these users indefinitely.

 

For additional information from Microsoft regarding the vulnerability in all versions of Internet Explorer, visit this page.

Written by Krysti Jansen

{ 0 comments }

At the very end of May, on CBS This Morning, Google’s Marissa Mayer launched Google+ Local, a symbiosis between Google+ and Google’s Local Business Pages. You can see the interview here:

Why Does Google Plus Local Matter?

It matters because Google is doing something drastically different than most of the other social platforms that exist today. Typically, social platforms try to find a niche and exploit it. LinkedIn is incredibly popular among business users, and for good reason. Pinterest has captured the visual bookmarking space handily. In each of these platforms, there are “thought-leaders” or “gurus” or “experts” – people who latch onto the particualr zeitgeist of the platform and garner the most attention/followers/interactions. In their respective spheres, these users are kings and queens, and their words take on great value. Some of these folks can even leverage their influence from one platform to others, so that they can grow their audience outside the spheres in which they first grow their name recognition.

Social Platforms Allow Users to Store their Influence in Silos; Google Takes This Influence and Makes a Giant Corn Pile.

Google though, is doing what it has always done: taking information on the web, categorizing it, and integrate it into their databases so that it can be used to deliver future search results. They’re treating content produced on social platforms as searchable material …. which it is. Google doesn’t care if you have a thousand followers on Pinterest, or 2,000 connections on LinkedIn; Google wants to know what other users on the platform think you’re influential about and then use this data to deliver relevant content to other Google users. The holy grail of search for the next few years is figuring out which social interactions imply excellent content, and then adjust the search engines’ algorithms accordingly.

Categorizing the traffic on social platforms isn’t a departure for Google at all. As Danny Sullivan points out in this most excellent post about the importance of hard link-building, Google’s algorithm originally valued directories because the early directories were monitored and pruned by actual human beings with good online trust – virtual husbandry, if you will. Eventually,  people who wanted their businesses at the top of search results got wise and began to spin up automated directories to game the system & Google subsequently devalued the general importance of directories. Google has always used social signals to deliver search results. Utilizing content from social networks will allow Google to take the  next step in search and deliver relevant content quickly.

Unfortunately, the issues that surrounded the gaming of search also surround the gaming of social. It’s easy to quickly get a number of shares on any social platform, while not achieving any type of long-term engagement – if Google is to continue to use social signals as an element of how it delivers search results, the company must gain a greater understanding of how social systems function, of the interconnected networks of people across both oceans and  platforms, and of the psychology that goes into making content interesting, relevant and shareable.

Google Plus Local Pages Are a Must-Have for All Businesses.

It’s important because Google+ Local forces – maybe “force” is too strong of a word, perhaps it’s better to say “strongly suggests that” – businesses to be social, to take a marketing approach to social. It’s always been easy for business owners to laugh off Twitter as the place where people talk about the peanut butter sandwiches they had for lunch, and Facebook as a place to gossip, but this is Google. This is localized map search. This is all happening in an arena that’s already won over business owners – most have realized the importance of ranking highly in search results for years. Higher in rankings=more traffic=more potential customers=more money. And while it’s always been relatively hard to rank highly in the general Google search, it’s been somewhat easier to rank on the localized map search, which shows up high in the general search rankings.

Now if a business wants to assure their dominance in localized map search, they have fill out their Google+ Local page appropriately, making sure that they understand how the platform works & working within the best practices of that platform. They just have to be social, according to Google’s rules. And these social business users are the people with money to spend on ads, which positions Google very well as they continue to improve their mobile advertisement offerings,  which is predicted to be a major source of revenue in the next few years.

Give Google Your Data How They Want It and Reap the Rewards.

Google+ Local is conditioning businesses to think about presenting data in a certain way, a way that fits Google’s architecture. Google’s not just changing the conversation with this release, but it’s modifying the semantics of how we speak about our businesses. Google is teaching us to create content that is keyword-rich, but not keyword-stuffed. To post dazzling pictures that captures your business doing what it does to make it stand out from all of your other competitors. Videos that explain to your prospective customers how it is you do what you do. Gathering reviews on Google platforms from customers who have Google accounts. Google’s making it very difficult for any other company to come along and take their place, not by throwing up barriers and telling users what they can’t do, but by making it so rewarding for users operate within their architecture.

 

Written by Joe Robb

{ 8 comments }

Ban Someone From a Facebook Page Permanently

May 10, 2012
Thumbnail image for Ban Someone From a Facebook Page Permanently

I had to preemptively block a Facebook user… This post was updated on 2/10/2014 to reflect the new format implemented by Facebook. Why I needed to block this user is neither here nor there, but when I tried to figure out how to do it, I couldn’t find an answer anywhere. I knew I could [...]

Read the full article →

7 Lucky Facebook Business Page Changes

April 17, 2012

On March 30th, Facebook automatically changed the structure of Facebook Business Pages to the “Timeline” setup. The structure of these pages now reflects the Timeline structure that Facebook had rolled out for users a few months ago, featuring a “cover” image and a profile image at the top of the page. The content you have [...]

Read the full article →

Five Best Stories From the Second Week of 2012: Security Edition

February 1, 2012

Alright, I’m feeling sheepish. Three weeks into my 2012 blogging resolution, I slipped and didn’t post on Friday. I had this post almost done, but I just … couldn’t … finish it (Before the end of the day.) But instead of beating myself up over it, I figured better late than never. So here goes, [...]

Read the full article →

Five Best Stories From the First Week of 2012

January 13, 2012

The best stories from last week were best stories of 2012 so far. If you saw last week’s post: 2011′s Best Stories and a Resolution for 2012*, you know that I have made a resolution to blog  consistently this year. While this is an ongoing, yearly resolution that always falls through the cracks, this year I’ve decided [...]

Read the full article →

2011’s Best Stories and a Resolution for 2012*

January 6, 2012
lego man on the beach

  Today is the last day of the first work week of 2012 & I have resolutions.   Lots of them. And like every year, many of these resolutions will be forgotten by February. Dropping resolutions is part of the human condition. So I may not write as many blog posts as I promised myself I [...]

Read the full article →