[munin]

My wife has a PhD and ran up to date Firefox with noscript, Flash disabled, and ad-blockers, uses webmail, and doesn't install software or download executables in general. She still got hacked, due to a bug in Firefox that was exploited despite having noscript and Flash disabled.

How, exactly, would you have educated her?

[haddr]

It's hard to be "invulnerable" these days. I guess you could avoid the majority of infections by using some "weird" software configuration: such as linux with some nightly built of chromium. I heard that Macs are also quite resistant (still). But these things are very dynamic and change fast. What was good yesterday ("educate" users), may not be relevant any more today.

[xorblurb]

Real question: what kind of website she visited to get such infection? It's quite uncommon (even though theoretically an existing risk pretty much everywhere, and probably even not that hard to do if you control a website)

[munin]

reddit, imgur, news sites. It was via an ad delivered over an ad network, so who knows really.

[janwillemb]

How come the adblocker didn't block the ad network?

[munin]

I blame the ad blocker / ad network arms race.

[williamscales]

Sounds like the kind of thing that could get anybody, even a reasonably paranoid person.

[jsmthrowaway]

By telling her to wait for the man to come home and fix the computer, if I'm reading that comment correctly. (I hope I'm not.)