Drive by attacks may be more common than you think. I recently read this article on how speedtest.net was compromised. http://www.invincea.com/2013/02/popular-site-speedtest-net-compromised-by-exploitdrive-by-stopped-by-invincea/ BJ On Tue, 2013-02-05 at 18:33 -0500, Kwiatkowski, Nicholas wrote: > A better question would be -- how often have the done it already today? > > These exploits can be through drive-by advertisements on legitimate sites. They could be from bad sites. They could be from anywhere... > > -Nick > ________________________________________ > From: David McFarlane [[log in to unmask]] > Sent: Tuesday, February 05, 2013 5:29 PM > To: [log in to unmask] > Subject: Re: [MSUNAG] JRE 6 Extended Support > > At 2/5/2013 04:02 PM Tuesday, Cooke, Tony wrote: > >Since the University recommends/requires out of date/unsupported > >software, which has known vulnerabilities, are we not being required > >to put ourselves at risk? If so, is it an acceptable risk? > > My question exactly. Just how dangerous is this JRE to our > users? Doesn't one have to be lured to a malicious website to > trigger this sort of attack? How likely are our users to do this? > > -- dkm