Previous 1 7 8 9 10 11 Next 162 Replies Latest reply: Jun 1, 2015 5:52 PM by Kurt Lang Go to original post Branched to a new discussion.
  • laverne's mom Level 2 Level 2

    that's true.  I hadn't thought about that but my email tabs do refresh themselves when I'm not on them.  what a pain!   Just another one of things we have to learn to put up with, I guess.  I'm going to probably have to start making some of the changes that I was putting off - switching to a standard account and other advice I have read much about.   Since I am the only one who uses the mac, if anything goes wrong I am the only one I can blame!

     

    thank you,

    laverne's mom

     

     

    interesting.  I just checked and gmail is a secure site (https).  do you think that makes a difference.  the comcast email site isn't.  just wondering what you thought about that.

     

    Message was edited by: laverne's mom

  • babowa Level 7 Level 7
    expertise.ipad
    iPad

    interesting.  I just checked and gmail is a secure site (https).  do you think that makes a difference.  the comcast email site isn't.  just wondering what you thought about that.

     

    I'm sure you could get a really good technical explanation to this question; my gut instinct (which has saved my bacon untold times throughout my life!!) is telling me to be extra cautious and don't trust anything at the moment. If they haven't found a way to infiltrate an https site, they probably will. As for Comcast, I have them but I try to avoid their website (email or anything else) at all costs - don't need them, takes too many clicks to check mail, and I have to endure ads (I am allergic to ads    ).

  • g_wolfman Level 4 Level 4

    I highly doubt they could affect a fully SSL compliant page without causing a certificate error.  Plus, such pages are unlikely to use third-party components which would be vulnerable to cross-site shenanigans.

     

    Partially SSL compliant pages (the ones that some browsers report as "secure with some insecure elements" or something similar) may be fair game, however...and unfortunately it's entirely possible that people may tend to trust pages reached via https more, regardless of whether it's entirely deserved.

  • laverne's mom Level 2 Level 2

    just one more question and then I will stop bothering you.  Do you also browse etc from a standard account instead of an administrative account.  I have read alot about this and conflicting ideas.  I am leaning towards a standard account but its sounding like this thing still needs to have you install it.  and with Firefox I ought to be able to prevent it from downloading, much like you did.  I was following that thread with a lot of interest.

     

    laverne's mom

     

    Message was edited by: laverne's mom

  • thomas_r. Level 7 Level 7
    expertise.applewatch
    Apple Watch

    I haven't been keeping a close eye on this topic anymore - it's just strayed too far off topic and had the conversation go off in some ridiculous directions.  However, I noticed you and babowa talking about logging in and out of e-mail and tabs refreshing, and thought you probably ought to be aware of a security exploit called tabnabbing:

     

    http://krebsonsecurity.com/2010/05/devious-new-phishing-tactic-targets-tabs/

     

    This could potentially be used by this malware, though it would more typically be used to steal an account password.  I haven't heard anything about this exploit being used with the MacDefender trojans, but it's possible.

  • laverne's mom Level 2 Level 2

    that's what happens when this site logs me out.  not that its nabbed.  but I have to relog in periodically.  and from what I understood from the article above (and granted I just read it very quickly), that is the type of thing that would occur, for example on the gmail site.  Looks like I've been logged out, but really haven't been, and they get my gmail password.  that one wouldn't be awful.  i don't use it for much, but could be on other sites.  I do routinely close not just the tabs, but also the browser whenever I am doing finances since I really don't want anyone getting those passwords. 

     

    have you added something about this on your website?

     

    laverne's mom

  • thomas_r. Level 7 Level 7
    expertise.applewatch
    Apple Watch

    have you added something about this on your website?

     

    Not yet, but I'll have to review some of the things that have been written about tabnabbing and, if I feel I can say something useful to clarify or condense or whatever, then I'll add that to the list of topics I'm planning to write articles about.

  • babowa Level 7 Level 7
    expertise.ipad
    iPad

    you probably ought to be aware of a security exploit called tabnabbing:

     

    Yes, Thomas, I had read that, thank you.

  • babowa Level 7 Level 7
    expertise.ipad
    iPad

    Do you also browse etc from a standard account instead of an administrative account.  I have read alot about this and conflicting ideas.

     

    I've been using one account only for years (except a severaly restricted test account for trouble shooting purposes or if I have to take it in for repair - only access to some necessary system files, nothing else). So I've been complacently relying on the fact that I have to enter my admin password for installs no matter what..... hopefully that won't slap me in the face...

  • Mj662 Level 1 Level 1
    expertise.ipad
    iPad

    Screen Shot 2015-06-01 at 4.23.20 PM.png

     

    Someone needs to do something about these low lives!

  • Kurt Lang Level 8 Level 8

    Unfortunately, the majority of them are outside the U.S. Many countries (the Mid East in particular) do little to track down and arrest these people.

  • Mj662 Level 1 Level 1
    expertise.ipad
    iPad

    They are using an 800 number, why can that be blocked?

  • Kurt Lang Level 8 Level 8

    I assume you meant can't be blocked, rather than can.

     

    Mostly because it's a constantly moving target. Here's just one page showing the block of numbers they're using in (Korea?). Scroll down a bit. There's hundreds.

     

    http://www.fpsjzx.cn/hd/18008714.html

     

    If enough scam complaints come in and a number gets blocked, they just use another one, and create more as needed.

     

    And as WZZZ noted, that's not even the real originating number.

Previous 1 7 8 9 10 11 Next