[GovernmentIsTheProblem]

“That ‘vulnerability’ required the user to click on a link that the user had no way to know whether it was trustworthy or not.

Only the stupid do such clicking.”

That’s a silly assumption. Thanks to XSS you can click without clicking, or have a trustworty link rewritten to go to a fake one. Or fall victim to a phishing attack. Calling people who those (and more) things happen to, stupid, is well... uninformed.

[savedbygrace]

I was referring to that particular vulnerability that YOU mentioned. It required the user to purposely click on the link.

At least that’s the way it was described in the tech article I read at the time. Do you have contrary info about that?

[zeugma]

That’s a silly assumption. Thanks to XSS you can click without clicking, or have a trustworty link rewritten to go to a fake one. Or fall victim to a phishing attack. Calling people who those (and more) things happen to, stupid, is well... uninformed.

Indeed. Hiding behind the "don't click unknown links" banner is a completely bogus tactic IMO. Sure, you're much  more vulnerable when surfing the 'seedy' sides of the intenet, but there is just no way to tell where a link will take you to sometimes. Suppose you go to foxnews.com and their page has been hacked in a subtle way unbeknownst to you. You click on a link thinking that it should be safe since Foxnews is a reputable site. *P00F* you've been p0wned through no fault of your own...