{"id":1156,"date":"2009-11-15T19:17:38","date_gmt":"2009-11-16T03:17:38","guid":{"rendered":"http:\/\/www.podfeet.com\/wordpress\/?p=1156"},"modified":"2024-12-14T20:17:45","modified_gmt":"2024-12-15T04:17:45","slug":"233-wetoku-regator-fluid-for-banking","status":"publish","type":"post","link":"https:\/\/www.podfeet.com\/blog\/2009\/11\/233-wetoku-regator-fluid-for-banking\/","title":{"rendered":"#233 Wetoku, Regator, Fluid for Banking"},"content":{"rendered":"<p>Update on Firefox accessibility on the Mac. In Dumb Question Corner Jacob asks about how to update themes in WordPress.com, and Sam questions the need for SuperDuper! if we can make bootable backups with Disk Utility. Matt and I experiment with wetoku at <a href=\"http:\/\/wetoku.com\">wetoku.com<\/a> for recording video interviews. I review a blog aggregator website I&#8217;m enjoying called Regator at <a href=\"http:\/\/regator.com\">regator.com<\/a>.  In Chit Chat Across the Pond Bart and I go through a pile of security updates in Security Lite for the Mac, Windows, Safari, iPhones and WordPress.  Then Bart explains why you should use Fluid from <a href=\"http:\/\/fluidapp.com\/\">http:\/\/fluidapp.com\/<\/a> to create a separate browser instance for doing your online banking.<\/p>\n<p><a href=\"http:\/\/phobos.apple.com\/WebObjects\/MZStore.woa\/wa\/viewPodcast?id=81677867\"><img decoding=\"async\" style=\"float:none\" src=\"https:\/\/podfeet.com\/NosillaCast\/artwork\/subscribe_w_itunes.jpg\" alt=\"itunes\" \/><\/a><br \/>\n<a href=\"http:\/\/www.podtrac.com\/pts\/redirect.mp3?http:\/\/media.libsyn.com\/media\/nosillacast\/NC_2009_11_15.mp3\">Listen to the Podcast Once<\/a> (1hr 9min)<br \/>\n<!--more-->Today is Sunday November 15th, 2009 and this is show number 233.  We&#8217;ve got a good show today filled with Dumb Questions so let&#8217;s hit it.<\/p>\n<p><b>Update on Firefox Accessibility<\/b><br \/>\nAfter the special Saturday episode where I interviewed Mitchell Baker of Mozilla I got an unexpected email.  I had asked Mitchell how accessible Firefox is, and she pretty much said they&#8217;re all over accessibility.  Dan Eickmeier wrote to me and explained that Firefox is not accessible at <i>all<\/i> on the Mac.  I was perturbed and after verifying with an independent source, I wrote to Mitchell and asked her about this.  I think she was genuinely surprised, and connected me with a man named Marco who is working the accessibility for the Mac.<\/p>\n<p>If Firefox were written in Cocoa, they would get Voiceover support &#8220;for free&#8221;, but Marco explained that their commitment to a platform-independent structure, they can&#8217;t do it in Cocoa, so they have emulate Cocoa themselves, including VoiceOver support.  They have to create custom drawn widgets.  The process is slow and they could use some help, so he asked if we could put the shoutout for anyone who is fluent in Objective C (with experience with Apple&#8217;s APIs as a bonus).  if you fit this skill, or you have contacts who do, please shoot Marco a tweet at \u02da<a href=\"http:\/\/twitter.com\/marcozehe\">twitter.com\/marcozehe<\/a>.  We could really use your help here guys, I&#8217;d love to see the NosillaCast listeners help out our blind brethren on this one.<\/p>\n<p><b>Dumb Question Corner<\/b><br \/>\n=========insert Dumb Question Corner music======<br \/>\nJacob wrote in with some &#8220;dumb&#8221; questions about WordPress.  Let&#8217;s see if I can help him out:<\/p>\n<ul>I have a dumb question about wordpress. I currently have a blog through wordpress for free, and when I went on my voyage through google to find out how to customize it I heard lots about installing it, and themes, but I am entirely unsure how I can do any of this to my blog.<\/ul>\n<ul>Here is a list of my specific WP issues: the included theme I like doesn&#8217;t show the author of the post \ud83d\ude41 and I am unable to make it only show a snipit of the post on the home page, instead it shows the entire post on the home page<\/ul>\n<ul>In my searches I came across this &#8220;theme&#8221; called thesis and it did everything I wish wordpress did, but it costs like $80 and I don&#8217;t want to buy it if i don&#8217;t know how to install it. <\/ul>\n<p><img decoding=\"async\" src=\"https:\/\/podfeet.com\/NosillaCast\/NC_2009_11_15\/wporg.png\" alt=\"wordpress.org logo\"style=\"float:right;margin:5px\" \/>Jacob, you&#8217;ve come to the fork in the road where you might want to start managing your own blog.  But before we jump into that, I&#8217;ll explain a few things. For those who aren&#8217;t familiar with WordPress themes, they are a way to change the look and feel of your website without changing any of the actual content.   With WordPress.com they manage everything for you so they have to limit a bit what you can do.  The good news is that you <i>can<\/i> change your theme, but it&#8217;s limited to 70 themes to choose from.  I found a link on <a href=\"http:\/\/en.support.wordpress.com\/themes\/\">wordpress.com<\/a> where they explain how to browse and install a new theme.  70 themes sound pretty good, but it seems like you&#8217;ve outgrown what they have to offer you. You simply can&#8217;t go get a new theme and install it yourself if you stay with WordPress.com.<\/p>\n<p>You probably are out of luck on modifying the theme you have to show the post author, but I can help you with the snipit thing.  The code you want is called the &#8220;more tag&#8221;.  Here&#8217;s how it works &#8211; you write the snipit first, then put in the more tag, and then put in the long text.  Now when your site is viewed, the snipit is all that shows, and then there&#8217;s a link that says &#8220;read the rest of this entry&#8221;.  So now you want to know how to put in the more tag I bet?  If you&#8217;re in the wysiwyg interface there&#8217;s actually a button that says &#8220;more&#8221;.  If you click that, it types in &#8220;<!-- more -- >\" in the html view.  I had to put it in the shownotes with some goofy spaces entered because it was trying to execute the more tag in my notes! That's actually all there is to it!\n\n\nNow I took a look at your site at <a href=\"http:\/\/hellscanyonrc.wordpress.com\">hellscanyonrc.wordpress.com<\/a> and I really like your theme!  it's clean, the remote control car image looks fantastic as your header.  But if you're ready to take off the training wheels, buckle up!\n\n\nFirst you buy a domain, next you make a deal with an ISP, someone to run the physical (or virtual) server for you.  Make sure the ISP you choose has WordPress as one of their offerings (most do).  You pretty much do a one-click installation from their service.  You'll have to keep WordPress up to date yourself from now on but it's not too hard to do.\n\n\nBack on wordpress.com, click on Tools and then Export and you simply download the export file.  This file will then be read into your new installation, but it's pretty easy.  There's some tricky bits with attached files for things like imbedded images but the instructions should walk you through it (yeah, right, famous last words!)  \n\n\nNow let's assume you have this all rigged up, you still have to find a theme you like.  There used to be a site out there where you could browse themes and filter them by color, which ones were widget ready, how many columns they had, and narrow down to just what you wanted.  That site disbanded, so it's a little harder, but there is a free themes directory at <a href=\"http:\/\/wordpress.org\/extend\/themes\/\">wordpress.org\/extend\/themes<\/a>. Now we talked earlier about 70 themes being pretty expansive, but at wordpress.org there are 1042 free themes.  Seriously.  If you can't find something you like in there, you're just too darn picky.\n\n\nSo you just wanted to start a blog, eh?  That's how it starts, but soon you're dragged into our madness, you'll find yourself editing theme files, learning php, modifying cascading style sheets, learning about cool plugins you can download to extend your site...yeah, you'll become one of us before long. \n\n\nSo one of your questions was whether you needed to spend $80 on a theme?  Maybe it's an amazing theme and the developer put a lot of work into it so she should be compensated?  Or maybe you can find something almost as good for free.  If you decide to go on this adventure, let me know and I can help guide you.  I got my start through the kindness of friends and strangers, so I want to pay it forward.  Keep me posted on where you go with this Jacob.\n\n\n<b>Sam on Superduper! vs. Disk Utility<\/b><br \/>\nSam from <a href=\"http:\/\/inetsynch.com\/\">iNetSynch<\/a> asked a question that I think fits right in with Dumb Question Corner:\n\n\n<ul>\nAllison there is one issue that keeps nagging at me and comes to the forefront almost every time I listen to Leo. I know I have asked this before but hope maybe you have new information ... why does Leo and others insist Apple users buy a program like SuperDuper to make bootable disk images? I have followed Apple instructions in making a copy of my hard-drive and all content on to a firewire drive and I can boot from it and run an old Tiger install or current backup of Leopard. I do this with my current hard-drive in working order but I set the system to boot from the external image and it seems to work great. All the files and data are were saved during the copy and not more current ones on my internal hard drive suggesting I am booting from the firewire copy independently of my system drive. I am asking because I am relying on this option in the event my system dies. It works as Apple documentation claims yet Leo and others seem to think a third party app is required.<\/ul>\n\n\n\n\n<ul>Have you or others ever tired this and do you really believe I need to use a third pay tool to do what the Apple OS seems to do for nada? Thanks in advance for your sage advice.<\/ul>\n\n\n<img decoding=\"async\" src=\"https:\/\/podfeet.com\/NosillaCast\/NC_2009_11_15\/sdlogo.png\" alt=\"SuperDuper! logo\"style=\"float:left;margin:5px\" \/>Well I'm not sure if the advice I'll give qualifies as sage but let me give it a shot.  You're absolutely right that if you create a disk image of your current disk that's a bit for bit copy of your drive, it will give you the functionality of a bootable backup from SuperDuper! from <a href=\"http:\/\/www.shirt-pocket.com\/SuperDuper\/SuperDuperDescription.html\">shirt-pocket.com<\/a>.  The primary advantage of SuperDuper! is that you do incremental updates to that bootable clone.  With your disk utility method, you have to copy the entire drive every single time.  Now perhaps you have a 2nd backup of your data somewhere that you keep updated regularly, and you're really talking about a snapshot of your OS and applications installations, that might be a practical way to go, but doing this once a month as a backup of your <i>data<\/i> would be really dangerous.  Think about how sad you'd be if you lost an entire month's worth of data?\n\n\nOther advantages of the paid version of SuperDuper! is that you can do timed backups, say at 3am while you're sleeping.  You can also exclude folders.  In my case I don't have my iTunes library backed up because my ipods are essentially backups, AND because my iTunes library includes massive video podcasts that are changing constantly, new ones coming in and old ones being deleted.  Incremental backups of those would take forever.\n\n\nI can attest to the value of having a SuperDuper! bootable backup - twice in the last couple of years I've lost a hard drive and I was able to completely recover from that backup drive.  I'm so happy with it that I brought a drive to work and I run a backup there once or twice a week so I have offsite backups of my laptop.  Hope that answers your question Sam, and was sage enough for you!\n\n\n<b>wetoku<\/b><br \/>\nI keep thinking I've exhausted everything I learned about at Blogworld Expo and then I remember something else.  One cool thing I found is a service called wetoku.  Wait, I forgot to start with a problem to solve.  Let's say you want to record a video interview with someone but you're not equipped with a ton of cool tools for capturing the interview.  Or you know how to use Skype to do video, but how do you get both of your faces the same size to record?  Or maybe you don't want to share your private Skype information with the person you're interviewing.\n\n\nThe solution might just be wetoku from <a href=\"http:\/\/wetoku.com\">wetoku.com<\/a>.  Now let me preface all of this by saying this is a beta, so keep that in mind.  First off create a free account and then log in.  Then click the bright green button \"start your interview\". Since the point of wetoku isn't just to do a video interview where both people can see each other but also to <i>record<\/i> that video, the next step is to set up some information about your recording.  First give it a title, then enter the name of the interviewer (you) and your interviewee. If you click the down arrow for the Advanced options you can choose to keep your video public, or to make it private where your videos can only be viewed by others if you give them the secret URL.\n\n\n<img decoding=\"async\" src=\"https:\/\/podfeet.com\/NosillaCast\/NC_2009_11_15\/wetoku_logo.png\" alt=\"wetoku logo enter place\"style=\"float:right;margin:5px\" \/>If you'd like to put your own logo up on the interview video you can use their logo, or upload one of your own.  You also can put a link to your website with the logo.  Next you can insert a preroll video if you like - this is a way to insert ads into your video which could be a good business model.  I think if they're short enough, say under 15 seconds they're not that annoying.  Everyone's choice though, right?  Next wetoku allows you to put in some notes that are visible to you and your interviewee - perfect for an outline for an interview so you both know where you're going.\n\n\nThat's it for the setup, now it gives you a simple link to send to your interviewee.  This is a great way to do it - you can email it and set a time for the interview, it's not like they have to get in there right that very instant.  While I was writing the review I noticed Matt Hillyer of the Stealth Mac Podcast online and enlisted him to help me test out wetoku.  When we each joined we saw the usual Flash player settings window popup requesting to use our video and audio devices.  then we could mess with the microphones, video sources and set the quality of the video.  \n\n\n<img decoding=\"async\" src=\"https:\/\/podfeet.com\/NosillaCast\/NC_2009_11_15\/wetoku_flash.png\" alt=\"letting flash take control\"style=\"float:left;margin:5px\" \/>The good news is that the video quality was quite good - it auto-selected to medium quality but changing it to high quality didn't make much of a difference.  We both put on iPhone headphones so we wouldn't get feedback, but we did get a really odd effect - we could both hear ourselves a good second after we spoke.  The good part about that is we could tell when the other person was going to respond because they were hearing what was an echo to us.  Hope that makes sense!  Here's how it worked - let's say I said \"ping\". in one second I'd hear \"ping\" very faintly coming from Matt's side, and right after I heard the faint echo he would say \"pong\".  Ok, we didn't say ping pong but you get what I mean now?\n\n\nThe delay and the echo were very disconcerting, and on top of that I could hear all the noises Matt's computer was making coming through loud and clear.  But the worst part was that when we played back the video, the echo came through BEFORE the real voice!  So in my example you'd hear the faint \"ping\", then Matt answer with \"pong\" then you'd hear me loud and clear say \"ping\" again!  \n\n\nI embedded the video in the shownotes so you can see Matt and I blathering away...out of sync and weird.\n\n\n<object width='512' height='224' classid='clsid:d27cdb6e-ae6d-11cf-96b8-444553540000' codebase='http:\/\/fpdownload.macromedia.com\/pub\/shockwave\/cabs\/flash\/swflash.cab#version=9,0,28,0'><param name='movie' value='http:\/\/wetoku.com\/video\/33acshyf\/player' \/><param name='FlashVars' value='bgcolor=FFFFFF&width=256&height=192' \/><param name='wmode' value='transparent' \/><param name='allowFullScreen' value='true' \/><\/object> <br \/>\nBut then I remembered Albert Kim, the founder and chairman of wetoku telling me that they were doing some tricky stuff to resync your audio so that the lag would be gone when you played the recording back.  looks like they have some more work to do on that algorithm.  Remember way back at the beginning of this I explained this is a beta, so I wrote to Albert and he connected me to another founder David Lee.  He and I went back and forth a few times in email on this and he said that he has experienced the same kind of delay when he used iPhone headphones, which is what Matt and I were using when we did our experiment.\n\n\nSo I contacted Kenny Lee today and we ran a new experiment.  We both put on real headphones with real mics (he had a headset mic) and at first the echo was there, but he figured out he had it set to his internal mic, not the headset.  When he fixed that neither of us had any echo at all and we had pretty much a real time conversation with no delay at all.  I put that video in the shownotes too so you can see how it works when it's working well.  <br \/>\n\n<object width='512' height='224' classid='clsid:d27cdb6e-ae6d-11cf-96b8-444553540000' codebase='http:\/\/fpdownload.macromedia.com\/pub\/shockwave\/cabs\/flash\/swflash.cab#version=9,0,28,0'><param name='movie' value='http:\/\/wetoku.com\/video\/in3y6lpc\/player' \/><param name='FlashVars' value='bgcolor=FFFFFF&width=256&height=192' \/><param name='wmode' value='transparent' \/><param name='allowFullScreen' value='true' \/><\/object> <br \/>\nI'm really glad David got back to me so we could help diagnose this.  I think Wetoku is a really interesting service and might be very useful for some fun conversations.  go check it out at <a href=\"http:\/\/wetoku.com\">wetoku.com<\/a>.\n\n\n<b>ScreenSteps<\/b><br \/>\nIf you love helping people with documentation of how to do things on the Mac and Windows and the web, check out ScreenSteps at <a href = \"http:\/\/screensteps.com\">screensteps.com<\/a>.  Download the free trial then when you buy remember the coupon code NOSILLA for 25% off the purchase price!\n\n\n\n<br \/>\n<b>Regator<\/b><br \/>\nI'm not very good at focussing as you may have noticed, and I find it really hard to subscribe to RSS feeds and keep up reading them.  I try from time to time whenever a new client comes out but after a while it eventually fades away.  What I do like to do is take a break now and then and just look around for something interesting to read.  At Blogworld I found out about an interesting site called regator at <a href=\"http:\/\/regator.com\">regator.com<\/a>.\n\n\nregator is a search engine of, quote, \"the web's best blog posts from the web's best blogs\".  Now it's not completely clear how they decide what the best blogs are, especially since podfeet.com isn't in the list, but we'll forgive them for that for now.  You can use regator to filter by subject using the  limited categories down the left column.  There's one for Technology, and when you select it, it shows subcategories for Gadgets, Hardware, Industry News, Internet, Mobile and Programming.  I could keep going because most of these have sub-sub categories. As you drill down you'll see blog posts from all different blogs all within that narrow topic area. There's also a nice big search bar in the top center if you're looking for some particular information. \n\n\nThey've got trending topics that update to reflect the category you're viewing at the time.  Shockingly when i drilled down to Technology\/Internet\/Blogging, Twitter came out on top of the Trends!  go figure...\n\n\n<img decoding=\"async\" src=\"https:\/\/podfeet.com\/NosillaCast\/NC_2009_11_15\/regator.png\" alt=\"My Regator screen\"style=\"float:right;margin:5px\" \/>If you create a login to regator, you can get some enhanced features.  The left column has a new tab now that will take you to My Regator, where you can enter some favorite blogs (a good way to enter podfeet.com if you're looking for something to put there) and Favorite Channels.  Channels are the categories and subcategories I was talking about, so you KNOW I added Technology as a channel right away, along with a bunch of the subcategories within there.  now I can just click right to gadgets and get my latest fix on the latest and greatest.  \n\n\nIf you still have My Regator clicked in the left column, your right sidebar will change from saying Trends to let you enter some key words.  Once you've put the keywords in you can just click to do an instant search of all blogs to find your content.  They also let you save posts for articles you want to come back to later.\n\n\nIf you like the way Regator filters things for you but you really are an RSS junkie, you can get a personalize RSS feed of your favorite blogs, favorite channels, keywords, and saved posts.  I found the behavior of the RSS feed a bit unpredictable, I selected only Macintosh and OSX for keywords but the RSS for keywords insisted that I was looking at tech in general, kept showing me an article about the Palm Pixie that showed up only if Technology was selected.  Looks like this part needs a little bit more work.\n\n\nAlso when you're in My Regator, the center area changes to show you All posts, Audio Posts, Video Posts and Unviewed posts. This didn\u2019t work quite as well as I'd hoped, if I used one of my keywords to search their \"best blog posts\" I would find audio posts when i clicked on that tab, but if I had my blog selected it didn't recognize it as an audio post, even though the mp3 file is imbedded right in the synopsis section of the post.  I clicked on my Macintosh keyword and then on the Audio Posts tab and the Real Deal with Tom Merrit and Rafe Needleman came up.  cool, love those guys.  There was a listen button so i clicked it but rather than getting to hear it, a screen gracefully came down from the top telling me it had added this to my playlist.  I poked around a bit and found a little white icon on it with black lines and clicking that opened up my playlist.  Ok, that's cool, but when i clicked play it still didn't play.\n\n\nOther than the finding and playing of audio posts issue, and the irregularities in RSS feeds, everything else worked great.  I think the folks at Regator have done an excellent job of allowing you to tailor the interface to give you just the subjects in which you're interested.  The interface is clear and moves nicely.\n\n\nI have to tell you though that reviewing Regator was really hard because as I poked around, these amazingly interesting articles kept coming up and I'd wander off and read for a while and then realize I'd never get ANYTHING done if I kept reading!  I'd get back to work and then I'd find even more fun stuff and again 10 minutes were gone.  In fact, I tried to finish this article, only to notice OOH they have a free iPhone app!  There's some more hours of my life gone!  Check all this out at <a href=\"http:\/\/regator.com\">regator.com<\/a>.\n\n\n<b>Honda Bob<\/b><br \/>\nCheck out Honda Bob's new website at <a href=\"http:\/\/hdabob.com\">hdabob.com<\/a>.  If you live in the LA or Orange County areas, give Honda Bob a call at (562)531-2321 or send him an email at <a href=\"mailto:hdabob@aol.com\">hdabob@aol.com<\/a>.  HDA Bob's Mobile Service is not affiliated with Honda, Acura or Honda Worldwide.\n\n\n\n<b>Chit Chat Across the Pond<\/b><br \/>\n\n\n\n<p>Busy week this week:<\/p>\n\n\n\n\n<ul>\n    \n\n<li>Last Tuesday was Microsoft Patch Tuesday, so fire up those VMs and update them!<\/li>\n\n\n    \n\n<li>Apple released OS X 10.6.2 &amp; Security Update 2009-006 for OS X 10.5 - NOTHING for 10.4, time's up for Tiger I guess -<a href=\"http:\/\/support.apple.com\/kb\/HT3937\">http:\/\/support.apple.com\/kb\/HT3937<\/a><\/li>\n\n\n    \n\n<li>Apple release Safari 4.0.4 for Windows &amp; Mac (am I the only one who finds it hillarious that a browsers is numbered 404?) - this is security update, so don't wait! -<a href=\"http:\/\/support.apple.com\/kb\/HT3949\">http:\/\/support.apple.com\/kb\/HT3949<\/a><\/li>\n\n\n    \n\n<li>Bad week for Jailbroken iPhones - first a work that Rick Rolls Jailbroken iPhones with default root passwords, then one that steels your data. Bottom line, don't jailbreak if you don't know what you're doing - it's dangerous!<\/li>\n\n\n    \n\n<li>WordPress updated to 2.8.6 - it is a security update, but not a catastrophic issue - only allows logged in users to do bad stuff. You should still update though.<\/li>\n\n\n<\/ul>\n\n\n\n\n\n<h3>Main Topic - Why you should use a separate browser for Internet Banking<\/h3>\n\n\n\n\n\n<p>We've discussed many security issues, but one we haven't touched is the related pair of XSS (Cross Site Scripting) and CSRF (Cross Site Request Forgery). The two are related and one can be used to facilitate the other.<\/p>\n\n\n\n\n\n<p>XSS is a fancy name for flaws in user input validation that allow users of a website to insert their own JavaScript code into that website. E.g. when ever you tweet Twitter has to sanitise your input so that you can't enter JavaScript into your posts - otherwise that would execute when ever anyone looked at your post! We mentioned this a few months back when Twitter HAD an XSS flaw. It's REALLY easy to badly validate user input, and Web2.0 is all about user input. Every single piece of data coming from a user being displayed on a website needs to be sanitised. Annoyingly, that sanitation is not straightforward. The end result - there are a lot of XSS flaws on the net.<\/p>\n\n\n\n\n\n<p>CRSF is even more dangerous. When you log into a site your browser remembers that fact through the use of cookies. It is your browser that holds that cookie, not any particular window or tab. So, if any other web page anywhere issues a HTTP request to a server you're logged in to, that request will execute. Worst-case, you are logged into your bank's website, you then visit a site that has an XSS flaw of some sort, and that site issues a request for the URL that your bank uses to transfer money, and since your browser is logged in to your bank, the request happens. You would see NOTHING - but your money is GONE!<\/p>\n\n\n\n\n\n<p>How could this happen? JavaScript is one very easy way it can happen. But ANY user content that can trigger a browser to fetch a URL could do it. If a site allows users to add an image to the content they enter onto a webpage that could do it. The src attribute in the image specifies a URL that the browser will dutifully fetch. If that URL is not sanitised to be sure it really is a URL to an image it could be the URL to your bank's transfer submission page, and it could contain the parameters to make a transfer happen. All you would see is a broken image icon - since your bank's web site is not a valid image. However, the URL would be called, the server would send the response, and the money would be gone!<\/p>\n\n\n\n\n\n<p>Is there protection? Yes, there are three kinds.<\/p>\n\n\n\n\n<p>1) sites that take user input can protect the rest of the web by validating their input.<\/p>\n\n\n\n\n<p>2) sites that could be targeted can ALSO protect themselves. The simplest way would be to change all form submissions from GET to POST, which prevents image tags from triggering them, BUT PROVIDES NO PROTECTION FROM JAVA SCRIPT, and hence from XSS. A more complex way is with tokens. Each time the page that renders the form is generated a random token is inserted. That token HAS to be returned when you hit submit. It the submission is by CSRF there is no way for the attacker to know the token, so the transfer would fail. This is a lot of work for website owners.<\/p>\n\n\n\n\n<p>3) THE simplest thing to do is to ALWAYS IMMEDIATELY log out of your bank and other sensitive sites the moment you're done. HOWEVER, if you have other tabs or windows open at the same time as you are logged into your bank you are still not safe.<\/p>\n\n\n\n\n<p>4) If you NEVER log into your bank or other sensitive sites (like your router's admin interface) from the same browser you surf the web with, your won't HAVE a cookie for your bank in there, so CSRF will always fail.<\/p>\n\n\n\n\n\n<p>The best way to prevent having a cookie is to have a separate browser you only use for banking. You could do this by say using FireFox for browsing and Safari for internet banking, but THE simplest way is to install Fluid (<a href=\"http:\/\/fluidapp.com\/\">http:\/\/fluidapp.com\/<\/a>) and set up a site specific browser for your banking site. I do this and give it a dock icon of the bank's logo. Makes it look like my bank has a dedicated app - though it is of course just the web interface wrapped by Fluid.<\/p>\n\n\n\nIt's time to call it a day I'm afraid, but I hope you'll join me again next week - same bat channel, same bat time!  We're in the live chat room at <a href=\"https:\/\/podfeet.com\/live\">podfeet.com\/live<\/a> every week at 5pm GMT-8 on Sundays.  Join us won't you?  If you have dumb questions of your own that you're convinced everyone else knows the answer to but you've been too shy to ask, send them over to me at <a href=\"mailto:allison@podfeet.com\">allison@podfeet.com<\/a>.  Enjoy my brilliance all throughout the week on Twitter at <a href=\"http:\/\/twitter.com\/podfeet\">twitter.com\/podfeet<\/a>.  Thanks for listening, and stay subscribed. \n<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Update on Firefox accessibility on the Mac. In Dumb Question Corner Jacob asks about how to update themes in WordPress.com, and Sam questions the need for SuperDuper! if we can make bootable backups with Disk Utility. Matt and I experiment with wetoku at wetoku.com for recording video interviews. I review a blog aggregator website I&#8217;m [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_post_was_ever_published":false},"categories":[147,173,1],"tags":[],"class_list":["post-1156","post","type-post","status-publish","format-standard","hentry","category-blog-posts","category-nosillacast","category-podcasts"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/1156","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/comments?post=1156"}],"version-history":[{"count":4,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/1156\/revisions"}],"predecessor-version":[{"id":32647,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/1156\/revisions\/32647"}],"wp:attachment":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media?parent=1156"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/categories?post=1156"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/tags?post=1156"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}