On Mon, 18 Mar 2019 20:36:46 -0000, Mayayana wrote:

"Commander Kinsey" wrote

| Another common attack
| method is Wordpress plugins. People who don't know
| what they're doing decide to have a website. Wordpress
| helps them do that without understanding the process.
| They set up a comment board, a shopping cart, etc. Later
| someone finds a bug in the comment board plugin. But the
| website founder doesn't know. They don't have the slightest
| idea of how their website works and haven't given it a thought
| ever since they set it up. So someone takes over
| their site via that bug and starts serving malware. That's
| not unusual. I get people trying to break into my website
| daily via Wordpress bugs, because a very large number of
| websites are based on Wordpress.
|
| Isn't Wordpress a big enough company to fix these flaws in their own
plugins?
|
I assume that something on Wordpress is probably
fine. But a large segment of the Internet is people
who use Wordpress templates, tools and plugins on
their own site. Wordpress makes it very easy to put
something like a comment board on your site without
knowing what you're doing. So Sam ends up with
commentsPlugin v. 3.1521 on his web sever. He forgets
about it. In 6 months a bug is found. Everyone who's
keeping track updates the plugin. But Sam doesn't even
really know he's using a plugin. so bots from Russia or
China, testing front door locks, discover that Sam's
site can be hacked and they upload malicious code.
Sam's none the wiser.

Shouldn't the plugin get auto-updated? If Wordpress design a system where any old fool can make a website using their tools, the tools should run from somewhere where they're updated, without Joe Bloggs having to know.

| I don't and won't do online banking.
|
| You sound overly paranoid. Banks are pretty secure, and it's their
responsibility if your money disappears.

Up to a point. In the US there are limits on debit cards.
A card used for business isn't covered. A personal card
is only covered if a problem is reported promptly. (Most
people don't know that.) And what if someone gets into
my account and steals money, but it looks like it was me?
How do I make a case that the withdrawal should be
insured?

Maybe it's different in the US, but in the UK, I doubt I could lose anything if someone got into my bank account. It's up to them to make the system secure. Unless they can prove I was stupid enough to leave my password written somewhere everyone could see it.

Another risk connected with that is scam emails that
pretnd to be from your bank. Since I don't do such things
online I can't be tricked by scams.

You have to be really stupid to be tricked by one of those. The first thing I notice is they're full of deliberate spelling errors, designed to circumvent spam filters I guess. That just makes me notice it isn't official. Would anyone really click something that says "Your Amzon account has been compromised"? Even if I used Amazon, I wouldn't read Amzon as Amazon.

| What if the product is faulty? Then you'll want to
| know they actually have an address and phone number.
|
| This is the 21st century, I prefer an email address or an online chat.
|
What's that got to do with the 21st century? human
relationships are out of date?

Convenience. I can webchat with someone in my bank while I'm doing other things. Far easer than trying to old a verbal conversation. With webchat, either party is fine with the other not responding for a few minutes. The bank staff might be looking up some details, I might be grabbing a cup of coffee, etc, etc. And they can chat with more than one person at a time.

| I've actually never in my entire life had anything nasty happen to my
computer or my personal | details. I'm fairly careful but not that careful.
I have AVG running all the time, and I use Opera browser rather than that
buggy M$ ****, and I do a malware scan with Malwarebytes every month (not
the realtime one, that costs money!) and Windows Firewall is running, but
that's about it.

I haven't had trouble, either. I don't use AV or dubious
products like MB.

Why do you call it dubious?

And do you seriously have no antivirus?!

But I'm careful. On the other hand, the
woman I live with got a popup awhile back and before I
was up and awake she had given someone a $390 credit
card payment for a problem the popup said was on her
computer! She's not dumb. She's a teacher. But the
popup was convincing and she didn't know better.

Giving someone you don't know $390 because something pops up on your screen is monumentally dumb. She's a catastrophic failure.

And why did you include "she's a teacher"? Teachers are among the thickest people I've ever known. Hence the phrase "Those that can, do. Those that can't, teach."