Hmm. This does make me wonder, then, why I never run into these on the machines that I run. E.g., I have an old XP laptop that I use for browsing the web at home with practically no AV (subscription expired many years ago, never renewed, although it is behind a NAT router), why has that never been compromised? Am I just doing something "wrong" (i.e., right)? Thanks, -- dkm At 2/6/2013 09:11 AM Wednesday, David Graff wrote: >Yep, these kind of things are extremely prevalent and dangerous. This isn't >the mid-90's where a user would have to do something silly to trigger an >attack by opening the wrong attachment. In my environment, I see 3 to 5 >drive-by Java exploits a day, and that's just from what I can pick up with >the AV definitions and gets past the bad domain blacklist. These things are >coming in through the advertisement banners, usually which go through some >kind of ad channel that is re-sold to third parties multiple times >destroying any kind of accountability when something bad gets propagated; Or >you have hundreds of thousands of webpages using a common framework >(WordPress, for example) which has a mass exploit and now all those >seemingly legitimate sites are silently hosting the latest JRE/PDF/Flash >0-day exploit. > >Even last night Sundance Chevy's website got blocked because it was hosting >something bad, and a few night before that it was Bible.org, the Central >Dakota Humane Society, and the National Association of State Boards of >Accountancy websites. > >On Tue, 5 Feb 2013 18:33:43 -0500, Kwiatkowski, Nicholas ><[log in to unmask]> wrote: > > >A better question would be -- how often have the done it already today? > > > >These exploits can be through drive-by advertisements on legitimate sites. > They could be from bad sites. They could be from anywhere... > > > >-Nick > >________________________________________ > >From: David McFarlane [[log in to unmask]] > >Sent: Tuesday, February 05, 2013 5:29 PM > >To: [log in to unmask] > >Subject: Re: [MSUNAG] JRE 6 Extended Support > > > >At 2/5/2013 04:02 PM Tuesday, Cooke, Tony wrote: > >>Since the University recommends/requires out of date/unsupported > >>software, which has known vulnerabilities, are we not being required > >>to put ourselves at risk? If so, is it an acceptable risk? > > > >My question exactly. Just how dangerous is this JRE to our > >users? Doesn't one have to be lured to a malicious website to > >trigger this sort of attack? How likely are our users to do this? > > > >-- dkm