Evidence Solutions, Inc., (ESI) is a premier forensics company founded in 1982.

ESI Provides Elite Experts in:

Digital and Electronic Evidence, Computer Forensics, Cell Phone Forensics
Trucking, Truck Accident Investigation and Trucking Regulations, Truck Safety Consulting, Heavy Vehicles & Hazardous Materials
Sports and Fitness, Fitness Facility Standard of Care
Real Estate & Land, Real Estate Syndication
Bankruptcy and Corporate Governance
Accident Reconstruction & Product Failure Analysis!

Call Us For A Free Consultation! 866-795-7166

 

 

 

Computer Forensics and Security Expert:
"Stop using Microsoft’s Internet Explorer
RIGHT NOW!"

Digital Evidence Expert / Digital Forensics Articles

By Scott Greene

 

 On the heels of the Heartbleed bug affecting security across the Internet, the Department of Homeland Security's U.S. Computer Emergency Readiness Team, released an advisory on April 28, 2014. It called for all users of the Internet Explorer (IE) to stop using the browser until the vulnerabilities found in versions 6 thru 11 can be fixed.The statement indicated that using IE could lead to "the complete compromise" of an affected system. Versions 6 to 11 have been distributed with Microsoft’s Windows operating system for the past several years.

At about the same time, the recently established UK National Computer Emergency Response Team issued similar advice to British computer users. The UK said in addition to considering alternative browsers, users should make sure their antivirus software is current and regularly updated. IE LogoGovernmental Warnings Unusual

These governmental calls for changing browsers are unusual. But it highlights the severity of the problem found in IE, one of the most popular browsers in the world.This particular problem is considered to be a “zero-day exploit”. A zero-day exploit is defined as a “previously unknown bug or vulnerability in an application which developers have not had time to address”. A zero-day vulnerability could be used by Black Hat Hackers the first day it is discovered and made public.

The Department of Homeland Security's Computer Emergency Readiness Team (CERT) has issued regular browser advisories, this is one of the few times the DHS CERT team has recommended that users avoid using a specific browser.

The Risk

This particular flaw in IE allows attackers to run malicious code remotely. The code could allow hackers to gain full control of the computer on which the browser is running. Security firm FireEye Research Labs said that the flaw has already been used to attack financial and defense organizations in the US via IE versions 9, 10, and 11. These versions of IE were designed to run on Microsoft Windows Vista, Windows XP, Windows 7, and Windows 8. The exploit has been found in versions as old as IE 6.

The Fix

Our recommendation is that you use another browser like Mozilla Firefox or Google’s Chrome. If you can’t switch from IE, then you should disable Adobe Flash in IE or use Microsoft's Enhanced Mitigation Experience Toolkit security app. However, either of these options will not secure your computer as well as switching browsers will.

Adobe, the company that wrote the Flash product, published the following steps to disable the software in IE:

  1. Launch Internet Explorer.
  2. If you see an animation playing, then Flash Player is enabled.
  3. If you don’t see an animation playing, then Flash Player is not enabled. In that case, click on the Tools icon in the top right corner of Internet Explorer. (The icon looks like a cogwheel.)
  4. In the drop-down menu which appears, click Manage Add-Ons.
  5. In the dialog which appears,select Toolbars and Extensions.
  6. In the list of Add-ons,look for “Shockwave Flash Object” – which is another name for FlashPlayer.
  7. In the Status column,check to see whether Shockwave Flash Object is Disabled. If it is, click the row for Shockwave Flash Object to highlight it.
  8. In the bottom right corner of the Manage Add-ons dialog, click the Disable button.
  9. Close the Manage Add-ons dialog.
  10. Go to: and navigate to http://helpx.adobe.com/flash-player/kb/find-version-flash-player.html clickon the Check Now button. If flash is disabled, this page will tell you so.

Evidence Solutions, Inc. recommends that you consult with your computer support team before making any changes to your computers.

 

By Scott Greene

Evidence Solutions, Inc.

Complex Electronic Evidence in PLAIN English.

Call us today with your Computer Forensics Questions: 866-795-7166 or This email address is being protected from spambots. You need JavaScript enabled to view it.

Related Articles and Pages:
Who is Watching You Online?

The heartbreak of Heartbleed: What you need to know.

California Increases Privacy Pressure on Company Websites

Howdy, I'm a Hacker!

Facebook Exposes Personal Data!

 

Complex Electronic Evidence in PLAIN English.

Like Evidence Solutions - Electronic Evidence on Facebook

Follow Evidence Solutions - Digital Evidence Division on LinkedIn

Circle Evidence Solutions - Digital Evidence Division on Google+

Google+ Author

Google+ Publisher