Roj Bash Kurdistan

[Anthea]

BBC Technology

Many users of the internet think that by not replying to 'phishing scams' - false invitations encouraging you to hand over personal information - they are safe online.

But hackers use increasingly sophisticated techniques to trick more savvy web users and gain control of their computers.

Trustwave Spider Labs of London is a professional penetration tester, hired by companies to test vulnerabilities in their cyber security.

Michele Orru, a senior security consultant at the firm, demonstrated to LJ Rich how by simply clicking on a single malicious link, you can fall prey to the control of a hacker, because of security issues connected with common browsers.

This is the second video in a series about penetration testers - in the first, LJ Rich learned how hackers can get control of webcams.

Link & Video:

http://www.bbc.co.uk/news/technology-22598028

PLEASE NOTE:

The BBC video recommends NoScript as probably the best protection against such an attack.

The NoScript Firefox extension provides extra protection for Firefox, Seamonkey and other mozilla-based browsers: this free, open source add-on allows JavaScript, Java, Flash and other plugins to be executed only by trusted web sites of your choice (e.g. your online bank).

NoScript also provides the most powerful anti-XSS and anti-Clickjacking protection ever available in a browser.

NoScript's unique whitelist based pre-emptive script blocking approach prevents exploitation of security vulnerabilities (known and even not known yet!) with no loss of functionality...

You can enable JavaScript, Java and plugin execution for sites you trust with a simple left-click on the NoScript status bar icon (look at the picture), or using the contextual menu, for easier operation in popup statusbar-less windows. Watch the "Block scripts in Firefox" video by cnet.

http://noscript.net/