Anonymous Title
Dear Sir/Madam,
Your claims of being an El Reg Hack are currently being put into doubt. In order to re-establish your good name, I hereby require you to respond to the following question:
Why aren't you at the pub?
A moment of narcissism by a blogger who covers kink, multiple sex partners and other topics has uncovered a sophisticated attack that secretly installed malware on end user machines by compromising thousands of websites maintained by a large webhost and ginning search results on Google. Ipower, a US-based webhost at the center …
Only do critical (i.e., related to money) work on a machine that doesn't cruise unfamiliar websites. Use that old dusty obsolete box for searches, then you (mostly) don't care if it is infected-- image the drive and re-install every now and then, no reason to waste money on antivirus for the dustbox.
Or use Knoppix or another read only media OS. There is no real reason to have only 1 physical machine anymore.
You can also use a brouter / EtherReal (or Snort/Ntop) and sniff what back alleys your PC is really visiting when you aren't watching! A TB drive will store a couple of years of trace information for most people if you aren't hooked on youtube or BitTorrent or such.
The only reason most of us haven't had our identities stolen yet, is that there are just soooo many easier targets... totally unprotected machines waiting to be plucked, or machines manned by children, while we all have at least antivirus, firewall, and don't promiscuously share admin/superuser privileges right? Eh... I don't see too many hands raised out there....
Some of us have actually bred and (and even live with a significant other), have neither the time, money or inclination to play Mr (or Ms) security expert at home
Also when it's your day (and fecking takes up too many nights too) you really will not be pouring over such items in what little spare time one actually has.
I do agree with the need for something like smoothwall (& a proxy) like rather than the pretty useless so called software firewalls.
Also your "May contain highly technical ...." icon / avatar was just embarrasing (but then there isn't one for "Lives at home with Mum and still plays Magic the Gathering")
I was doing some testing on my internal website using ie7 and scoped the traffic to try and find a bug. I was surprised to find that packets containing my typed data were being sent to an external IP address registered to MS, even while the real web dialogue was going on between the internal machines.