The Norman Transcript

May 4, 2014

New bug attacks Internet; AOL gets hacked


The Norman Transcript

NORMAN — It had to happen, and now, it has: the first unfixable security flaw that attacks users of Microsoft’s outdated Windows XP operating system has hit the Internet with a vengeance. The official word from Microsoft? “Too bad for you; you were warned.”

If you have read this column for any length of time, or paid attention to the news for the past six weeks or so, then you know that Microsoft dropped support for its Windows XP operating system on April 8.

The consequences of that lack of support are dire: no more patches, no more security updates and no more bug fixes. As of April 8, it was no longer safe to put a Windows XP computer on the Internet. The same holds true for users of Microsoft Office 2003 (Word, Excel, PowerPoint, etc.), and versions of Office prior to that.

Microsoft had been warning people about the coming death of XP for two years. I first warned readers of the danger in November and December of last year, and again on March 23.

The story has been repeatedly told by all major news outlets. In spite of all that, estimates are that up to 25 percent of all Windows-based computers in the world are still using Windows XP. Now, those who ignored the warnings are in big trouble.

The problem relates to Microsoft’s Internet Explorer browser and the way it uses Adobe’s Flash Player multimedia software. The Internet bad guys discovered a serious flaw in the way those two programs function together and turned it into a way to control people’s computers, with those people being none the wiser.

The problem is so bad that the Department of Homeland Security issued an alert, warning people to stop using Internet Explorer and use a different browser, such as Mozilla Firefox.

For computer users who have Windows Vista, 7 and 8, there is hope: update Windows, update Flash Player and the problem is solved. For XP users, there is no fix; it’s simply time for a new computer.

The other big safety/security story of the week is the AOL hack. Internet criminals managed to bypass AOL’s lax security measures and steal the personal information of millions of AOL users.

According to AOL (formerly known as “America OnLine”), the stolen information included, “AOL users’ email addresses, postal addresses, address book contact information, encrypted passwords and encrypted answers to security questions that we ask when a user resets his or her password, as well as certain employee information.”

In an email sent this week to AOL users, AOL advised, “We strongly encourage you to reset your password used for any AOL service and, when you do so, you should take the time to change your account security question and answer.”

If you are an AOL user, I urge you to heed that advice. Security breaches like this are not to be ignored or taken lightly, and, until Internet users as a whole begin to take safety and security more seriously, problems like the AOL hack will be more common.

Until then, changing our passwords and security questions frequently will continue to be the Internet’s price of admission. It’s still a pretty good deal.

News flash: About three hours after I sent my column to The Transcript, Microsoft recanted their former hard-line “XP is dead” stance and issued a security patch to fix the above-mentioned Internet Explorer/Flash Player bug; a patch that also includes Windows XP. They have stated, though, that this is the final, we’re not kidding this time, no more fixes forever support for Windows XP. I will, again, take them at their word.

Dave Moore has been performing computer consulting, repairs, security and networking in Oklahoma since 1984. He also teaches computer safety workshops for public and private organizations. He can be reached at 919-9901 or davemoorecomputers.com.

Breaking news, severe weather alerts, AMBER alerts, sports scores from The Norman Transcript are available as text messages right to your phone or mobile device. You decide which type of alerts you want to receive. Find out more or to signup, click here.