The Lounge is rated PG. If you're about to post something you wouldn't want your
kid sister to read then don't post it. No flame wars, no abusive conduct, no programming
questions and please don't post ads.
It's not exactly a new problem, is it? A key logging trojan? The real crime here is that our systems are so wide open to this kind of abuse. I don't know how you stop it though, without restricting the flexibility that makes it all work for us in the first place. I guess the only solution is user education - and physical extermination for the culprits, of course...
Real men don't use instructions. They are only the manufacturers opinion on how to put the thing together.
Internet capable devices should be secure out of the box.
By and large they are. Install a base version of Windows Server 2008 R2, or Windows 7. Firewalls are on by default, code downloaded from the internet can't be executed (it can't even be downloaded on Server 2008).
The problem is that people want their computers to do things, and they want to do those things, and sometimes don't really understand or care about the consequences. Anything that gets in the way is just an annoyance, to be switched off at the earliest opportunity.
So the moral of this story is: Don't open attachments in e-mails, don't enter credentials into websites without making sure they've got the right URL, yadda, yadda, and yadda.
These friggin' scare stories piss me off.
I have to enter three separate codes to be able to pay money out. "Passing those codes back to the creator" would be pointless, because they're generated on the spot, and are valid for only a few minutes -- but they wouldn't be "passed back to the creator", because I don't open attachments in e-mails, I don't enter credentials into websites without making sure they've got the right URL, yadda, yadda, and yadda.
Web security really ain't rocket surgery.
the one rule to remember is: Don't be f***in' stoopid!