Comments on: “Aurora” Exploit In Google Attack Now Public

By: default_dev

default_dev — Sat, 23 Jan 2010 06:22:33 +0000

Well, for one thing, it seems to be free speech activists/journalists whose gmail accounts were sneaked on… If it is other that the Government, they went to huge lengths to incriminate it…

By: kakrat

kakrat — Tue, 19 Jan 2010 12:07:34 +0000

Why attack originated from China must be done by a Chinese, or Chinese Gov?

As far as I know many sites in China were not sufficiently protected, and servers of those sites can be exploited by any one from any country to mount the attack.

It looks to me that someone seeem eager at jumping to the conclusion that the attacker is a Chinese or Chinese gov

By: John

John — Mon, 18 Jan 2010 21:08:57 +0000

Whitelisting? That\’s not the solution to zero day attacks. McAfee, Norton, AVG, Trend – they\’re all the same. Thank goodness I have BluePoint Security – its cloud based approach prevents zero day attacks from ever happening and no patches are needed! If you want the best tool in antivirus computer safety, you definitely need BluePoint Security.

By: Secure Web Proxy

Secure Web Proxy — Mon, 18 Jan 2010 19:06:39 +0000

After reading the attacking mechanism, just realized that users can be protected if they are using

By: tim

tim — Sun, 17 Jan 2010 18:13:05 +0000

found it more ironic that someone in G was using IE so that their internal G desktop/laptop was compromised.

By: citizen

citizen — Sun, 17 Jan 2010 13:42:30 +0000

What is \\ ?

It gets added to quotation marks when escaping text to enter it into a database. It is called escaping and it prevents SQL injections.

I guess Mcaffe is doing it the wrong way and that\’s why we see \\ characters added to the text.

\’\'\’ <- you should see three quotation marks.

By: abdel

abdel — Sun, 17 Jan 2010 13:33:17 +0000

@Cynic

Not only Google was hacked, over 30 other companies were in the attack. Google is the one taking action by pulling out from China.

Google Chrome and Firefox are pretty good.

By: Sandro Littke

Sandro Littke — Sun, 17 Jan 2010 10:05:17 +0000

Does McAfee meanwhile offer updated signatures to identify and block that JavaScript-based exploit at client endpoints?

By: aussiebear

aussiebear — Sun, 17 Jan 2010 07:55:35 +0000

Internet Explorer => \

By: mort furd

mort furd — Sun, 17 Jan 2010 00:31:26 +0000

Please comment as to whether McAfee has updated their anti-virus software to protect against this attack.