Anyone who uses Internet Explorer deserves to be exploited! -- graywolf http://www.graywolfphoto.com http://webpages.charter.net/graywolf "Idiot Proof" <==> "Expert Proof" -----------------------------------
Doug Franklin wrote: > Tim Øsleby wrote: >> Ann. Most likely your system already has XP service pack 2 installed. That's >> the one update you will need if it isn't. Without it your computer is very >> vulnerable. > > As someone who works on security software for Windows and Linux, I'd > strongly urge keeping up with Windows updates, even post XP SP2. You > only have to get "owned" once to have large amounts of your money > disappear from your bank account or get added to your credit cards or > your identity get stolen. I do review the updates that they try to > send, I keep good backups, I only install critical updates, and I always > refuse to let Windows Genuine Advantage or its updates install. But if > Microsoft is issuing a patch for it, there's a good reason. > > Some of the vulnerabilities, especially some of the ones in Internet > Explorer, are positively frightening, allowing "drive by" exploitation > of your system. That means the attacker plants the malware in such a > way that you get infected by simply going to a reputable web page that > has ads on it from a poorly defended or less than reputable ad system. > > It's happened, too. A year or two ago, the online IT technology (IT > geek) newspaper "The Register" (http://www.theregister.co.uk or > http://www.theregister.com) was using an ad service provider that got > exploited. Just going to "The Register" web page and being unlucky > enough to get one of the infected ads got your computer infected, IIRC, > by a password stealer or spam engine (if you didn't have the proper > patches installed). > > A lot of the "virus" hype /is/ hype. Shameless hype. But some of it > isn't. Over the past couple of years there's been a definite and > obvious shift in the motives of the purveyors of malware. It's gone > from more like graffiti or other vandalism to more like business (profit > motive). > > At the moment, there seems to be another shift underway, toward more > focused attacks rather than the "shotgun approach". The idea being to > get the malware "under the radar" of the security monitoring folks. > That means that, for example, the A/V engines don't get signatures for > them because either the "virus sensors" out in the Internet never see > the actual malware, or because the number of folks affected is "too small". > > There have already been several of these sorts of targeted attacks in > England and Scandinavia against specific banks. Through a partnership > with some customers, my development team is seeing a lot of this sort of > activity right now. > -- PDML Pentax-Discuss Mail List [email protected] http://pdml.net/mailman/listinfo/pdml_pdml.net
