We have our own small security thread here .
http://www.rpgwatch.com/forums/showthread.php?t=11806
Every now and then i look into this site for security-related news :
http://www.heise.de/security/
This is the English-language edition of the same site :
http://www.h-online.com/security/
And if you REALLY want to learn how exploits get into computers, then please read this series - although it might make you become a bit more paranoid
:
http://www.h-online.com/security/fea…1-1050609.html
I learned a *lot* by reading this series.
And I would blindly recommend it to others - even if most of that stuff isn't understood, you'll get a glimpse of how trojan work, anyway.
The reason why I came to the thought of a keylogger is reltively simple : A password is reset. No-one should be able to even KNOW it is reset.
Only viable possibility : A "man-in-the-middle" kind of attack - of which the keylogger is the most simple yet most effective form.
Here, criminals have even begun physically install tiniest cameras ( ! ) on cash dospensers - and yes, they even replace the keyboards ? - On top they place fake keyboards which look *exactly* like the original ones - and under them are the "real" keyboards from which key pressings get directly to the criminals' devices …
They replace this usually deep in the night.
More brutal criminals take the whole cash dispensers, though.
And this here seems to be the newest thing regarding Java :
http://www.h-online.com/security/fea…d-1677789.html
So far the ONLY REALLY safe way is to simply - stay offline.
And I'm sure that this will become a common policy among professionals within the next 10 years.
And to reduce the connctions to the absolute bare minimum, like point-to-point connections.