[Taskmage]

Originally Posted by Phanex

Ok, this was just a joke that was what the "lol" was for, sorry i even said it. I forgot only a certain amount of peopel on this form can say something like that and people find it funny.

Usually when someone says they were just kidding, it's half true. It's a hyperbole; I get it. It's not funny to be because I believe the underlying attitude of projecting your own responsibility onto someone else is not a joke to you.

Originally Posted by Phanex

In that link you gave us about the realplayer risk, they said they became "aware" of it on 10-18, and they released a patch on 10-23. Woot, that's real quick and real nice of them, but who's to say that the problem hasn't been out since 9-15? and then there were them 5 days of them working on the problem. Now if someone was infect those 5 days, then are they stupid cause they didn't know to download a patch that didnt' exsist until the 23rd?

The somepage iframe didn't surface until 12-12. At that point the security issue had been patched for nearly two months.

Originally Posted by Phanex

This is my point, hackers are working 24/7 to exploit everything and the ppl who make the patches probley won't find it until "crap hits the fan" days later. That is my whole point. But no I must be wrong right? I'm sure someone will come up with some other excuse and what not. But that dosn't mean that there is always a certian amount of time that even windows update can not protect ur computer from what is out there UNTIL someone knows it's out there.

In most cases patches are released for major security issues long before we hear about major exploitation of them. Heck, security patch notes are probably how a lot of hackers discover new vectors of infection. That's why it's so important to stay up to date on that stuff. But in some cases you're right and there's a small window in which the exploit exists without a fix as I believe was the case with the recent flash player issue, which is why it's so important for end users to do their due diligence to minimize their risk of infection. Most of this stuff requires little technical know-how or investment/

• Don't visit frequently infected sites. Somepage and ffxi-atlas have been infected twice. Don't use them. The convenience isn't worth your account.
• Secure your browser. In short, don't use IE and make sure the browser you do use blocks the most common modes of infection. There's a great guide on this here: GUIDE: Protecting your web browser. - Windower
• Use the security tools SE gives you. Maiev advice: the Star★Onion | Login Verification (Account Security) Mhurron advice: Heightened Security on the Windows PlayOnline Viewer
• If you want to be absolutely sure, don't browse the internet on the same machine that contains your sensitive information, or run the browser in a sandbox. For the latter you'll need someone more savvy than me to explain.

Look dude, I'm sorry your friend got hacked. Really I am. I know three people whose accounts got hijacked in this last round. All good, intelligent people for whom I have much respect. But that doesn't change the fact that ultimately each of them was the only person responsible for making sure they weren't vicitimized and they did an inadequate job of that.