TechWhirl (TECHWR-L) is a resource for technical writing and technical communications professionals of all experience levels and in all industries to share their experiences and acquire information.
For two decades, technical communicators have turned to TechWhirl to ask and answer questions about the always-changing world of technical communications, such as tools, skills, career paths, methodologies, and emerging industries. The TechWhirl Archives and magazine, created for, by and about technical writers, offer a wealth of knowledge to everyone with an interest in any aspect of technical communications.
> On 1/11/13 11:16 AM, Combs, Richard wrote:
> > The CERT VN you linked to says the vulnerability can be exploited by
> "convincing a user to visit a specially crafted HTML document." So be
> careful. Disable the browser plugin to be extra careful. Then move on.
> :-)
>
> I absolutely *hate* scare tactics, but in this case, it may be
> justified.
>
> I may be totally making this up (I'm not), but, servers of web ads for
> some ad networks may have been compromised, and along with the ads they
> are serving, may be some malicious payload. And, these may be ad
> networks that are used by legitimate websites, totally unaware of
> what's
> going on. Even if you use ad-blocking, you may still be at risk.
Well, yes. But the critical component is "convincing the user to visit." I can't remember the last time I clicked on an ad.
Risk isn't binary. And you can't avoid all risk. If you have a computer and it's connected to the Internet, you're at risk to some degree.
Richard G. Combs
Senior Technical Writer
Polycom, Inc.
richardDOTcombs AT polycomDOTcom
303-223-5111
------
rgcombs AT gmailDOTcom
303-903-6372
------
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Writer Tip: Create 10 different outputs with Doc-To-Help -- including Mobile and EPUB.
