Safari Vulnerability

[rom]

Hackers hacked a Macbook via a Safari vulnerability.

This is a good thing - to gauge how fast Apple responds with a fix. However, things are not clear as to whether or not the last Security Update was applied. Regardless, I think Apple should release a statement about this issue - even without providing any details, just an admission of the vulnerability would do.

The hack requires user stupidity.

The fix - use Camino or Firefox.

[mdmunoz]

Firefox has known vulnerabilities, too...

[GadgetComa]

Quote:

Originally Posted by rom

The hack requires user stupidity.

Unfortunately, there are far too many stupid users out there - as anyone in tech support will tell you.

[mdmunoz]

Quote:

Originally Posted by the article

CanSecWest organizers relaxed the rules Friday after nobody at the event had breached either of the Macs on the previous day.

Wow. Kinda reminds me of MOAB.

[Jugger Grimrodd]

I will take Safari's security issues over Firefox's memory leaks any day.

[houltmac]

Quote:

Originally Posted by GadgetComa

Unfortunately, there are far too many stupid users out there - as anyone in tech support will tell you.

Hoorah! Yes, sadly there are too many nieve and uninformed users, but they really shouldn't need to be informed (it's boring and besides the point for them) and in their defence they have a few things in their favor:

• Apple, Mozilla, Symantec etc. are all on their side, making the internet world as good a place as they can for "normal" users.
• Hackers are not threats by definition. They can only reveal and exploit a vunerability without using it for a purpose negative to those being attacked.
• Real crackers (not hackers) will be targetting the uber-rich (maybe), large corperations, banks (maybe) and federal/political organizations. They don't care out you and me.
• Script kiddies may get at them, but it's usually a small attack which is easily fixed and does little damage. This is a fairly rare occurance anyway.
• Insurance, the worst legal fraud since the inception of the combined political-legal system, is on their side. Very rarely is data stolen (if indeed anything is stolen aside from email address'), it's mostly money from these people which is always recoverable.

[GadgetComa]

Agreed. It's just sad that so much effort has to go into fighting and recovering from this kind of crap. I've known people who have been victims of identity theft and, while they have been able to recover, it wasn't without a lot of pain first.

[houltmac]

@GadgetComa: Agreed also. I have been a victim of identity theft myself and it wasn't a big deal really... just a major pain in the ***. It was a long winded process to get through all that and the cops were always 10 years behind. That said, I was a victim through the old "check the trash" method rather than digitally (althout that came about later of course).

All in all though, I haven't suffered any long term damage.

[llamame]

Houltmac, do you have a shredder now? Perhaps now I will get one.

[GadgetComa]

I highly recommend getting a shredder. You'd be surprised how easy it is to get enough information to steal someone's identity. The old fashioned ways seem to be easier paths than hacking sometimes.

If you get a shredder, make sure it's cross-cut - it's more secure.