Drive by attacks may be more common than you think. I recently read this
article on how speedtest.net was compromised.
http://www.invincea.com/2013/02/popular-site-speedtest-net-compromised-by-exploitdrive-by-stopped-by-invincea/
BJ
On Tue, 2013-02-05 at 18:33 -0500, Kwiatkowski, Nicholas wrote:
> A better question would be -- how often have the done it already today?
>
> These exploits can be through drive-by advertisements on legitimate sites. They could be from bad sites. They could be from anywhere...
>
> -Nick
> ________________________________________
> From: David McFarlane [[log in to unmask]]
> Sent: Tuesday, February 05, 2013 5:29 PM
> To: [log in to unmask]
> Subject: Re: [MSUNAG] JRE 6 Extended Support
>
> At 2/5/2013 04:02 PM Tuesday, Cooke, Tony wrote:
> >Since the University recommends/requires out of date/unsupported
> >software, which has known vulnerabilities, are we not being required
> >to put ourselves at risk? If so, is it an acceptable risk?
>
> My question exactly. Just how dangerous is this JRE to our
> users? Doesn't one have to be lured to a malicious website to
> trigger this sort of attack? How likely are our users to do this?
>
> -- dkm
|