 |
 |
Either you're lucky, or you may be surprised if you replaced that AV with something that's been updated. It's also likely that other measures you're taking are preventing exploitation. If you have Java and/or Flash disabled on that machine, you're reducing your attack surface. If you have NoScript and/or AdBlock+ on your browser, that might not be grabbing the offending code in the first place. Multiple-layers of security and a reduced attack surface does wonders. On Wednesday, February 06, 2013 11:20:42 AM, David McFarlane wrote: > Hmm. This does make me wonder, then, why I never run into these on > the machines that I run. E.g., I have an old XP laptop that I use for > browsing the web at home with practically no AV (subscription expired > many years ago, never renewed, although it is behind a NAT router), > why has that never been compromised? Am I just doing something > "wrong" (i.e., right)? > > Thanks, > -- dkm > > > At 2/6/2013 09:11 AM Wednesday, David Graff wrote: >> Yep, these kind of things are extremely prevalent and dangerous. This >> isn't >> the mid-90's where a user would have to do something silly to trigger an >> attack by opening the wrong attachment. In my environment, I see 3 to 5 >> drive-by Java exploits a day, and that's just from what I can pick up >> with >> the AV definitions and gets past the bad domain blacklist. These >> things are >> coming in through the advertisement banners, usually which go through >> some >> kind of ad channel that is re-sold to third parties multiple times >> destroying any kind of accountability when something bad gets >> propagated; Or >> you have hundreds of thousands of webpages using a common framework >> (WordPress, for example) which has a mass exploit and now all those >> seemingly legitimate sites are silently hosting the latest JRE/PDF/Flash >> 0-day exploit. >> >> Even last night Sundance Chevy's website got blocked because it was >> hosting >> something bad, and a few night before that it was Bible.org, the Central >> Dakota Humane Society, and the National Association of State Boards of >> Accountancy websites. >> >> On Tue, 5 Feb 2013 18:33:43 -0500, Kwiatkowski, Nicholas >> <[log in to unmask]> wrote: >> >> >A better question would be -- how often have the done it already today? >> > >> >These exploits can be through drive-by advertisements on legitimate >> sites. >> They could be from bad sites. They could be from anywhere... >> > >> >-Nick >> >________________________________________ >> >From: David McFarlane [[log in to unmask]] >> >Sent: Tuesday, February 05, 2013 5:29 PM >> >To: [log in to unmask] >> >Subject: Re: [MSUNAG] JRE 6 Extended Support >> > >> >At 2/5/2013 04:02 PM Tuesday, Cooke, Tony wrote: >> >>Since the University recommends/requires out of date/unsupported >> >>software, which has known vulnerabilities, are we not being required >> >>to put ourselves at risk? If so, is it an acceptable risk? >> > >> >My question exactly. Just how dangerous is this JRE to our >> >users? Doesn't one have to be lured to a malicious website to >> >trigger this sort of attack? How likely are our users to do this? >> > >> >-- dkm