Skip to Content
1-15-2010 @ 1:36PM
*sigh*I tried an authenticator - twice - found it annoying to deal with each time. Your mileage may vary.I don't put my credentials into a random web site. I'm sorry, but I just can't have any respect for anyone who falls for a phishing scam. It's been publicized. People have been warned. If you fall for one of these it's 100% your fault, because you were just that stupid. Sorry, there's no way to justify falling for these things that doesn't boil down to that.Otherwise, the only way you get hacked is some piece of malware steals your password when you put it in. Well, there are no trojans/keyloggers on the Mac. Quit spouting that everyone needs one until you can show that there are non-theoretical attacks on the Mac. People have been beating the drum of "you're going to get attacked/viruses/hacked" for a decade now, and it hasn't happened.For a trojan or even a web browser or Flash vulnerability to work, the code would somehow have to not only execute, but elevate permissions from the user to root - and that's not happening without the user giving permission. So even if one of these theoretical vulnerabilities was exploited, you're still stuck at user level permissions, and you're not going to get other application's keypresses. Try to do it, and the user will get a prompt that something wants elevated privileges - and unlike UAC, that doesn't pop up all the time. It *never* pops up while web browsing. And as such, we don't have this whole class of problems on the platform.So:1) Phishing scams are platform independent and rely on dumb users.2) There are no trojans or keyloggers on the Mac. Period. Why?3) The UNIX permissions model won't allow even a compromised browser or plugin to gain enough access to install a keylogger. In other words, there is no valid vector for such an attack.A reasonably smart Mac user is immune to account hacking. A reasonably smart Windows user may or may not be. A dumb user is vulnerable to... well, everything.Flood of insecure Windows users downranking me in 3...2...1...
First time? A confirmation email will be sent to you after submitting.
Members enter your username and password.
Enter your AOL or AIM screenname and password.
Please keep your comments relevant to this blog entry. Email addresses are never displayed, but they are required to confirm your comments.
When you enter your name and email address, you'll be sent a link to confirm your comment, and a password. To leave another comment, just use that password.
To create a live link, simply type the URL (including http://) or email address and we will make it a live link for you. You can put up to 3 URLs in your comments. Line breaks and paragraphs are automatically converted — no need to use <p> or <br /> tags.