A few months ago a young security researcher called Dan Kaminsky found a serious problem in the way most DNS servers handle requests. [DNS is analogous to the "telephone" directory of the internet, and a DNS server is your interface to this global "telephone" directory]. Dan Kaminsky showed how a bad guy could fool any DNS server into giving out wrong numbers to your queries, so that when you thought you were logging onto citibank.com you were actually going to some Russian hacker site that mimicked citibank well enough to fool you.
The interesting thing about Dan's discovery was that a medium-term fix was easy -- all it needed was for most major DNS server software to be updated. However, they all had to be updated simultaneously, otherwise, by looking at how the first one was patched, hackers might figure out how to attack the others which were not yet patched.
The wonderful and amazing thing is that he actually managed this feat of co-ordination: all the major vendors of DNS software went into a huddle for six months, fixed their software, and all of them simultaneously released a patch on July 8th, 2008.
Sadly, July 8th is old history in internet time scales.
Guys and gals, ladies and gentlemen, if you ever do anything on your browser that requires a password, please do the following:
(1) install Firefox -- http://www.mozilla.com/en-US/firefox/
(2) install NoScript (this is a Firefox "addon") -- https://addons.mozilla.org/en-US/firefox/addon/722
NoScript has been keeping me immune from many smaller attacks and security holes for years now. This hole is merely the latest and the most frightening, judging by the secrecy and the dire warnings, but even this does not worry me. And it should not worry you too, if you do this.