What would be the best method for those of use who have been surfing without these updates and performing such tasks that require a higher security level? Currently I would assume that if an attacker has struck, he probably has some cookies that pretty much render any password changes or such obsolete. Would a user be stuck to just waiting until the cookies expire and watch account balances carefully or is there something a user can do?