What a security expert calls "reality".



Since Windows NT 6.x (Vista, W7...), it is (for a badly / not configured PC) pretty solid security IF the user does not do the dangerous manually (open the email attached exectuable etc.).



The greatest danger there is careless usage of some WiFi access point.

The whole point of SSL is that that is not a danger. Unless of course you're in the habit of ignoring certificate warnings while banking online.

I forgot the details but the trick seems to be to construct a man in the middle attack with which the encrypted part of the communication is circumvented, i.e. the middle man has some CA stuff and pretends to be the recipient.

That is an attack, but that is exactly why you have certificates. The bad guy can of course sign his own, but then your browser will warn you (because he doesn't trust "Random Guy CA Inc."), which i hinted at in the second part. And your bank pays money to get a real one from a company listed in the trusted certificate authorities section of your browser.

The reason I didn't get an iPad 2 was the resolution staying the same...

No, there's almost no market. A few months ago, McAfee declared that there were no reports of malware didn't even list malware on non jailbroken iOS devices on their survey of mobile malware (because it was so limited in comparison to other platforms).

There's a combination of things: iOS is harder because of sandboxing and the app store, and the majority of devices are up to date which makes the rare exploits less valuable. It's much like the situation involving Windows where the growing popularity of Windows 7 has not yet led to it catching up with Windows XP in malware.

Edit: a probably unnecessary clarification added.

_________________
Occupy Babel!

Ah, then you're just out of luck. Looks like you have to buy the new one.

A security expert would do enough research on the device to know the answers to the basic questions you asked about the device prior to getting paranoid.

Paranoia without the slightest bit of research is just unfounded.

_________________
be immersed

The people who do this won't be targeting your bank account, but the more I learn about certificates, the less safe I feel: http://www.computerworlduk.com/news/sec ... sl-spying/.

_________________
Occupy Babel!

That is hilarious. I especially like the part about it being the industry standard to betray their customers. But effectively it's not much different from CA's being compromised, which has happened before. There is only so much you can do from a technical side, when you cannot place your trust in these authorities either, and being at home or on some random starbucks wifi won't make a difference.

That's what security experts did before concluding: It hardly matters whether one uses Windows, Android or iOS. Whichever OS one uses, one has to do the best effort to learn and understand security aspects and then configure the computer as securely as possible.

I'm not sure, but can't an OS that only runs Tor traffic help? https://tails.boum.org/

_________________
Occupy Babel!

Depending on why you're concerned about security, this article could be either comforting or really scary: http://www.forbes.com/sites/andygreenbe ... gure-fees/.

_________________
Occupy Babel!

But in any case, the user has to do something. It's not like my iPad is sitting here in the ground and the bad guys are just stealing my data. They have to trick the user into doing something (opening an email, opening a webpage...). Of course, emails are always risky. If you are over the top with security, just don't ever open an email and always type your URLs. Of course, make sure your router is completely secure, and all traffic is encrypted. And that your ISP is not tinkering with MITM schemes. And then you just forget to close the window and the spies just make photocopies of your papers. Meh.

_________________
Geek of all trades, master of none: the motto for my blog mostlymaths.net

It suffices to view emails as plain text and not open-execute any executable attachment.

Nothing guarantees your mail client does not have an exploit even when viewing only as text.

_________________
Geek of all trades, master of none: the motto for my blog mostlymaths.net

Ah, you have meant security protection against email reading by third persons? I see.

No. An HTML email can exploit your mail app. But nothing guarantees switching to text mode does prevent it. Just like opening a PDF can exploit Adobe Reader.

_________________
Geek of all trades, master of none: the motto for my blog mostlymaths.net

Exploit type I: the contents' source code is interpreted. This is possible for (java)script language in HTML but not for simple markup HTML or for plain text.

Exploit type II: the application is attacked. This is possible if it has some bug that is not fixed yet. The attacker can then read all (non-encrypted) emails and (subject to security measures outside the application) attack the PC.

Robert, I don't want to sound like a know-it-all, but there are more things in heaven and earth, Horatio, than are dreamt of in your philosophy. http://en.wikipedia.org/wiki/Buffer_overrun would be an example. Software is a complex thing.

_________________
Geek of all trades, master of none: the motto for my blog mostlymaths.net