(OT for uk.legal - but may be of interest)
You may have seen the following article:
A flaw in the way the Internet works has prompted the "largest security update" in the history of the web, and fears of millions of people remaining exposed to criminals and malicious hackers.
I am not convinced that the "no evidence" is correct - but I can understand why no-one would want to admit to being affected by it.
Ten days before this article came out - the following happened:
A relative uses a major bank. He noticed that after the first page of on-line banking (after he had input his account number and sort code) - he went to a page which was asking him for his security details in a different way from normal.
He phoned me I asked if he had clicked on a link to go to the site - he hadn't. I asked him if he had the link as a favourite - he hasn't. He actually types in the url of the online bank in to his browser. I asked him to take a screen capture and send to me. I told him to run his (up to date) virus checker - and other mal-ware applications. He did - nothing found
I told him to speak to his bank and tell them. The online help desk just told him that he must have a virus - he told them he had run his up to date virus checker - they said not their problem.
I phoned up help desk and said that this problem had happened to me - they gave me the same story. I insisted that they escalated the call - this they did - the supervisor said that they knew of no problem. I insisted on escalating call to someone in "security" - they said they couldn't. I told them I was not going to go away - and I would close my account if they did not do so. Eventually I was escalated to "security" which I think was a technical rather than security department.
I explained "my" problem. (I am quite IT literate so was able to discuss sensibly). Eventually the guy admitted that a "small" number of their customers in certain areas were affected in this way !!!!! (I assume "small" being the number that they knew about.) I discussed possibility of the problem being on the ISP's DNS machine rather than the bank's. He said they were looking at this. He told me to get my relative to ring back.
They have been looking at the problem for a few days. One day last week the bank spent all day on the phone with my relative
- telling him what to do, sending him links to programmes to run - him sending reports and screen shots back to them. (The problem is repeatable via his machine).
Nothing found.
He has a job to do - he has installed Firefox - no problems - he gets on with his job - lets hope the bank and ISP get on with their's.