MAJOR SECURITY FLAW JUST DISCOVERED IN INTERNET EXPLORER (IE)

Users are urged to switch immediately! The problem was discovered about 36 hours ago. The flaw allows thieves to steal your password. I work with information technology and my password has been stolen before. It’s a huge hassle to say the least since I had to estimate the severity of the damage after several of my passwords were stolen. May I recommend a free application that has done a great job of protecting me since then? The application (or program) is called “Spybot.” There’s a link to it at the end of this posting.

This post was updated on Dec. 17.

The security flaw allows hackers to steal passwords. Some 10,000 websites have code that can exploit the flaw.

Here are links to several stories:

Microsoft: Microsoft Security Advisory (961051)

Microsoft is continuing its investigation of public reports of attacks against a new vulnerability in (the web browser) Internet Explorer. Blah, blah, blah... (It continues in very sterile language. The other links state the severity and urgency of the problem in plain language.)

BBC News: Serious security flaw found in IE

Users of Microsoft’s Internet Explorer are being urged by experts to switch to a rival until a serious security flaw has been fixed.

The flaw in Microsoft’s Internet Explorer could allow criminals to take control of people’s computers and steal their passwords, internet experts say.

Microsoft urged people to be vigilant while it investigated and prepared an emergency patch to resolve it.

Computerworld: Microsoft preps emergency IE patch for Wednesday release

December 16, 2008 (Computerworld) Microsoft Corp. announced today that it will issue an emergency patch tomorrow to quash a critical Internet Explorer bug that attackers have been exploiting for more than a week.

The advance warning came less than a week after Microsoft acknowledged that exploit code had gone public and was being used by hackers to hijack Windows PCs running IE.

Microsoft will deliver the out-of-cycle patch Wednesday at 1 p.m. Eastern time via its normal update mechanisms, including Windows Update, Microsoft Update and Windows Server Update Services.

The update will be pegged “critical,” the most serious ranking in Microsoft's four-step scoring system.

Even as it declared that it would release an emergency fix, Microsoft continued to downplay the threat. “At this time, we are aware only of attacks that attempt to use this vulnerability against Windows Internet Explorer 7,” said company spokesman Christopher Budd in an e-mail today.

Initially, Microsoft and other security companies believed that only IE7 was vulnerable to attack, but on review, the company confirmed that all versions of its browser, including IE5.01, IE6 and IE8 Beta 2, contain the bug.

Last weekend, Microsoft researchers said that they had seen a “huge increase” in attacks, and that some were originating from legitimate Web sites. Another researcher added that about 6,000 infected sites were serving up exploits that target the IE vulnerability.

Also today, Microsoft confirmed that attacks could be launched through Outlook Express, a free e-mail client bundled with Windows XP. Because Outlook Express renders HTML-based messages using IE’s engine, attackers could exploit the bug by getting users to open or view malicious messages.

New York Times: Microsoft Issuing Emergency Fix for Browser Flaw

REDMOND, Wash. (AP) -- Microsoft Corp. is taking the unusual step of issuing an emergency fix for a security hole in its Internet Explorer software that has exposed millions of users to having their computers taken over by hackers.

The “zero-day” vulnerability, which came to light last week, allows criminals to take over victims’ machines simply by steering them to infected Web sites; users don’t have to download anything for their computers to get infected, which makes the flaw in Internet Explorer’s programming code so dangerous. Internet Explorer is the world’s most widely used Web browser.

Microsoft said it plans to ship a security update, rated “critical,” for the browser on Wednesday. People with the Windows Update feature activated on their computers will get the patch automatically.

Thousands of Web sites already have been compromised by criminals looking to exploit the flaw. The bad guys have loaded malicious code onto those sites that automatically infect visitors’ machines if they’re using Internet Explorer and haven’t employed a complicated series of workarounds that Microsoft has suggested.

Microsoft said it has seen attacks targeting the flaw only in Internet Explorer 7, the most widely used version, but has cautioned that all other current editions of the browser are vulnerable.

Microsoft rarely issues security fixes for its software outside of its regular monthly updates. The company last did it in October, and a year and half before that.

Cnet: Critical IE 7 exploit making the rounds

Microsoft issued a critical security warning Tuesday that a malicious exploit is making the rounds and attacking vulnerabilities in Internet Explorer 7.

The risk is believed to be widespread, given that IE 7 is the latest version of Microsoft’s browser and is bundled with XP service pack 3 and also Vista, said Dave Marcus, director of security research and communications for McAfee's Avert Labs.

The AZN Trojan, which has been making the rounds since the first week of December, has the potential of infecting users’ system with a Trojan horse, or “downloaders” that can download other forms of malware onto a user’s system.

Microsoft announced it will release a security patch Wednesday via its automatic update system to patch users computers.

Users can potentially get infected two ways, Marcus said. One is to visit a malicious Web site that already has the malware installed on the site, or visit a legitimate site, in which the attacker has inserted the malicious script to run in the background, leaving visitors unaware their systems have been compromised.

“A lot of Web sites are pushing out this exploit,” Marcus noted. Some of the infected sites include Web sites that offer free wallpaper for mobile phones to sites that feature property to product-related sites.

Microsoft is encouraging users to update their systems once the patch is released Wednesday at 10 a.m. PDT.

A SUGGESTION

If you still use IE, stop using it until you learn that it’s safe once again. On the other hand, why not just switch to another web browser? It wouldn’t be a bad idea to make any of these other browsers your primary browser and use IE only as your secondary browser.

These browsers are listed in order of popularity. All of them are safer, relatively speaking, than Internet Explorer. Another bonus: all of them work faster than IE.

1. Firefox
2. Opera
3. Google Chrome
4. Apple Safari

Earlier, I mentioned my bad experience with stolen passwords. I looked around for an anti-spyware program and found Spybot. I recommend Spybot. I find it so useful that I donate to it. The application is free and it serves me well.

HOW MUCH DO PHYSICIANS EARN?

If you’ve ever wondered what doctors make, your curiosity will be satisfied with this post.

In general, physicians earn the most of any occupation. The occupation covers a broad range of specialties and the average compensation of a physician depends heavily on his or her area of specialization.

These 2008 figures came from the American Board of Medical Specialties (1). Seventy specialties are listed. Alphabetically the list starts with Allergy & Immunology and ends with Vascular Surgery. Dollar-wise, the specialists who earn the most money are Orthopedic Surgeons (spine specialists) who averaged $612,000. The “paupers” are Pediatricians who specialize in pulmonary diseases. They only averaged $173,000.

The “n.a.” means that the data was “not available.” Also, you can click on the charts to enlarge them. To return to this window, click on the [back arrow] key of your keyboard.

Before you send your kid to medical school, realize that doctors do earn their keep, i.e., they work hard and, before that, they trained hard, for a long time, to get to their position. And the education doesn’t stop. Make sure your kid realizes that also! Still, in the context of today’s compensation for some business executives (mostly CEOs of large US corporations, I think doctors are more deserving of their compensation than many of these executives.

FORMAL EDUCATION

Nearly all students that enter medical school have a bachelor’s degree. In fact, many of them have graduate degrees. Their first two years are spent in classrooms and laboratories. Their last two are spent working “hands-on” with patients under supervision. After four years of medical school, graduates begin their “residency.” This is on-the-job training at a hospital. During residency, students begin their post-graduate education in a specialty of their choosing. Residency can range from three to five years depending upon the chosen specialization. For those seeking to specialize even further, there are “fellowships” that take more years. Internal medicine, pediatrics, and general family practice require three years of residency. If the doctor chooses to specialize further—for example, gastroenterology, which is a subspecialty of internal medicine—another one to three years will be required (2).

So let’s add that up. The least specialized doctors have a bachelor’s degree (four years), a graduate degree (four years), and several years of residency (at least three years). Incidentally, the first year of residency is typically called “internship.” Compare this to an academician. A college professor must have a graduate degree—a master’s or a doctorate. That means that s/he spent four years earning a bachelor’s degree and another two to four or even five years earning a graduate degree. Comparing the two, the least specialized doctors have at least 11 years of formal education while the least specialized college professors have at least six years of formal education (seven years is more realistic). These same doctors, on the other hand, make at least $170,000 on average, while college professors earn about $75,000 on average (3). All things being equal, those extra four years earn the doctor almost an extra $100,000 a year on average! Consider, however, that many college professors work only ten months of the year and many doctors work 50 to 60 hours a week (and 12 months a year)! At a minimum, I think someone thinking of becoming a physician should look beyond the money and consider the lifestyle choice as well.

SPECIALIZATION — AND YOU, SIR, ARE YOU A PROCTOLOGIST?

Like any technical discipline, medicine has a vocabulary of its own. There are a couple of obscure terms for specialties. One is “Intensivist.” This is the term for a physician who specializes in the care of critically ill patients, usually in an intensive care unit (4). “Perinatology” is another one. According to John Hopkins Medicine, one of the most prestigious medical institutions in the world, “perinatology is a subspecialty of obstetrics. Physicians specializing in this area are called Perinatologists, these are doctors who have had extensive training in the field of high risk obstetrics. Perinatologists are concerned with the care of the mother and fetus at higher-than-normal risk for complications” (5).

You should also know that Intensivists make an average of $296,000 and Perinatologists, $357,000. Now you know...

The average (i.e., mean) compensation of these 70 specialties is $301,000. The starting compensation for physicians is usually significantly lower than their average compensation. For example, the group whose average compensation is closest to $301,000 is the specialist in Hematology & Medical Oncology. Their average starting compensation was $222,000. These doctors work with disorders related to the blood and cancer. Laymen will recognize anemia, blood transfusions, bone marrow transplantation (ouch!), hemophilia, and leukemia. Hemophilia, incidentally, has a nickname. It's called “the royal disease” because it altered European history beginning with Great Britain’s Queen Victoria (6).

Finally, what are Proctologists? Well, Proctologists are surgeons. Specifically, Proctologists are surgeons that specialize in the colon and rectum. The colon and rectum are serious body parts. According to the Mayo Clinic, over 150,000 cases of colorectal cancer are diagnosed every year (7). “Colorectal” refers to cancer of the two organs: the colon and rectum. Worldwide, colorectal cancer is the third leading cancer among men and the fourth, among women (8). There is a sub-specialty of medicine devoted to them. Proctologists belong to either the American Board of Colon & Rectal Surgery or the American Osteopathic College of Proctology.

REFERENCES

(1) - “Setting the Standard for Medical Care.” Retrieved December 8, 2008 from http://www.abms.org. (The exact webpage is available to subscribers only.)

(2) - Your Doctor’s Education. (2000). Journal of the American Medical Association. JAMA Patient Page, 284 (9).

(3) - [Type “Professor” in the keyword field] Retrieved December 2, 2008, from http://swz.salary.com.

(4) - “Definition of Intensivist.” Retrieved December 2, 2008, from http://www.medterms.com/script/main/art.asp?articlekey=23392.

(5) - “What Is Perinatology?” Retrieved December 5, 2008 from http://womenshealth.jhmi.edu/perinatology/index.html.

(6) - Hemophilia: “The Royal Disease.” Retrieved December 11, 2008 from http://www.sciencecases.org/hemo/hemo.asp.

(7) - “Colon Cancer” Retrieved December 11, 2008 from http://www.mayoclinic.com/health/colon-cancer/DS00035.

(8) - “What is cancer of the colon and rectum?” Retrieved December 11, 2008 from http://www.medicinenet.com/colon_cancer/article.htm.