When Google warned that it might not be able to provide secure email within China, a number of people considered it an indictment of the cloud computing model. However, it now appears that the security hole is in Microsoft’s IE browser, not Google’s security layer.
The WindowsSecrets tip site has the story on this Internet Explorer exploit which is known as Aurora. It is far from ground-breaking. Aurora is just another form of the well-known trick of delivering an email attachment that carries a virus.
Yardena Yar writes that the exploit is based on tricking the recipient with an email that appears to be from a trusted source. Typically, the attachment appears to be an Adobe PDF or Flash file.
Microsoft is planning to release a fix through the Windows Update service; it announced the patch through its normal security alert bulletin.
The attack became an international incident when Google made a public statement that it may not be able to continue doing business in China. Google implied that the attacks were coming from a government source.
If this is the case, it can lower the anxiety level of those who believe that the Chinese government has uncovered an exotic new computer security weapon. The question of whether a cloud platform will be more secure than a single corporations’ servers is still open to debate. At the very least, it illustrates the importance of making sure that your servers are being monitored by a security team that is able to keep the software protected with the latest security updates.
It also illustrates once again that the biggest security threats come from those who are playing a confidence game.