On 10/2/2013 12:24 PM, peasthope@shaw.ca wrote:
From: Joel Rees <joel.rees@gmail.com> Date: Wed, 2 Oct 2013 15:30:26 +0900On MSWindows XP, ... surfing the net as the primary admin user ... was the primary path of ingress and the primary cause of the proliferation of 'bot nets.A flaw in Windows to contrast with Debian?
No more so than running Debian (or any Linux distro) as root instead of another user. But unlike Debian, full admin privileges was the default for WXP.
And accessing your bank logged in as the same user that you use to surf random sites is one of the primary causes of leaked bank account numbers and passwords.The banking information is stored in a cookie. Subsequently a site other than the bank is allowed to read the cookie? A failure of the browser. Correct? Prior to studying this thoroughly, I might stick to personal banking.
Not if your browser is working properly. Cookies can only be sent to the domain which originated them (and, depending on the cookie options, subdomains of the main domain).
But too many people use the same userid/password for multiple sites, and a security problem on one site can expose those userids/passwords. This makes it easy for a hacker to access one's banking account.
I use online banking all the time. But I have a unique userid/password combination on each of my accounts. These are long, non-obvious, known only to me and not stored on any computer.
<snip> Jerry