Hi Logos,
You got your answer here:
http://www.theregister.co.uk/2010/01/15/us_google_china/Google is doing their own form of ad policing at home:
http://www.theregister.co.uk/2010/01/15/google_bans_thirty_thousand_from_adwords/The browser issue - Important is to look at the number of unpatched advisories. Internet Explorer always has a large number still open (highly critical ones) those in Firefox do not take that long to get patched:
source Secunia
IE8 unpatched 4 50% Vulnerability Report: Microsoft Internet Explorer 8.x
Unpatched 50% (4 of 8 Secunia advisories)
Most Critical Unpatched
The most severe unpatched Secunia advisory affecting Microsoft Internet Explorer 8.x, with all vendor patches applied, is rated Extremely critical
Firefox unpatched 0
Vulnerability Report: Mozilla Firefox 3.5.x
Unpatched 0% (0 of 6 Secunia advisories)
Most Critical Unpatched
There are no unpatched Secunia advisories affecting this product, when all vendor patches are applied.
But the used hole in the attacks was for IE6
Our investigation so far has shown that Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4 is not affected, and that Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, and Internet Explorer 6, Internet Explorer 7 and Internet Explorer 8 on supported editions of Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are affected.
And Chinese exploited this hole before:
http://blog.trendmicro.com/zero-day-ie-flaw-being-actively-exploited/How long has this hole been there
unpatched (independent of using UAC and/or DEP that came in as additional solutions with Vista and later with W7) Another conclusion is that users cannot use XP SP3 anymore without additional security measures like a normal user account for using applications on the Internet and/or javascript blocking inside browsers (not available in IE so far)...again a lot of corporations did not make the switch from IE6 or XP on a network scale. Will this and other threats be a way to enforce the mitigation a bit, pure speculation of course on my part, well what is it then?
polonus