Microsoft admits IE vulnerability used in Google attack
Based on Microsoft's investigations the software giant has admitted Internet Explorer was one of the vectors used in targeted attacks against Google recently.
In a company blog posting Mike Reavey, Director of the Microsoft Security Response Center admits "based upon our investigations, we have determined that Internet Explorer was one of the vectors used in targeted and sophisticated attacks against Google and possibly other corporate networks."
Microsoft has issued further guidance to companies in order to mitigate a Remote Code Execution (RCE) vulnerability in Internet Explorer.
Google said, that in mid-December, they, along with a number of other large companies in the Internet, finance, technology, media and chemical sectors, were targeted in a sophisticated cyber-attack. This attack on their infrastructure originated in China, and resulted in the theft of intellectual property. Due to this attack, and the background behind it, Google is now taking a second look at their operations in China, particularly Google.cn, where they currently offer censored search results as part of an agreement with China's government. Google took the big step of informing the government of China that it is no longer willing to provide censored results, and will be entering into discussions regarding how it can do this without breaking Chinese law. Should Google find themselves unable to reach an agreement, they may shut down Google.cn, and close their offices in China.
Yahoo supported Google's announcements and said it would stand by the company. "We stand aligned that these kinds of attacks are deeply disturbing and strongly believe that the violation of user privacy is something that we as Internet pioneers must all oppose" said a Yahoo representative earlier this week.
China responded to Google's claims in a brief statement yesterday, stating "The Chinese government administers the Internet according to law and we have explicit stipulations over what content can be spread on the Internet." iDefense researchers at Verisign were able to trace the source of the control servers that distributed the malware which gained access to private customer and corporate Google data. Verisign's initial findings suggest the source of the servers consisted either of agents of the Chinese state or proxies thereof.
Microsoft: Google's Nexus One plan is "very, very difficult"
With the recent release of the Nexus One, some have been rather critical of Google. It's a company that licenses its mobile OS software to other companies, but has now introduced a competitor to those exact phones. Microsoft is one such criticizer, stating Google's scheme is very difficult.
In an interview posted on Business Week, Microsoft's head of mobile development, Robbie Bach, stated, "Google's announcement sends a signal where they're going to place their commitment. That will create some opportunities for us and we'll pursue them." He noted the fears that Google will prioritize its own phone over other vendors offering Android based devices, continuing with, "Doing both (selling the Nexus One whilst offering its software to others) in the way they are trying to do both is actually very, very difficult."
Bach isn't the only one with this frame of mind. An analyst at the research firm Interpret LLC, Michael Gartenberg, said, "No one has ever succeeded in selling their own device while trying to license to partners simultaneously. As much as Google can say it's not a Google phone, the phone says Google on it. They're going to have to convince their licensees they're not in competition with them." Whether or not you're a fan of Google, the pair make a rather good point; it's hard on partners when a company offers a product that directly competes with other products packing software developed by the very same company. Bach predicted that some companies may even give up using Android and switch to another operating system. Regardless, the coming months (and even years) will be very interesting and exciting ones for the mobile industry.