Use a different web browser

While not a huge surprise, it's a bit vindicating to see an agency like CERT recommending (VU#713878, VU#652452, etc.) against using IE. The part that I found most interesting though was the MSFT response. In a press release Microsoft said they were “unaware of any widespread customer impact based on Download.Ject” and noted that the site involved in the attack had been taken down. First, judging by the number of times I have seen this in the wild and based on the fact that a couple large sites were supposed affected, I find it hard to believe that microsoft is unaware. If they are really unaware that say a lot in and of itself. Second, the fact that they see the site being taken down as a mitigating fact shows how blase they are when it comes to security related matters. The hole is still there and someone else will exploit it. Wake up!
–jeremy