Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- Mike Easter
December 2, 2009, 5:58 pm
rate this thread
Your browser's alerts (or the lack thereof) are not a reliable security
measure or an adequate compensation for dumb/insecure behavior.
Here is an 'angle' on in the insecurity of such behavior as your
allowing spam/scam/phish/malware into your inbox and then also reading
the subject/from receptively and then also opening the
spam/scam/phish/malware and then also rendering the html and then also
clicking the link to go to the spam/scam/phish/malware site with your
browser however insecure it may be configured in however insecure your
particular operating system may be configured, including mac.
Snipped from an article^1 in sophos, a security/malware help site:
"IT security and control firm Sophos is warning Apple Mac users to wake
up to the threat of websites hosting malicious code which can infect
their systems, following the discovery of two new separate attacks in 24
hours. The advice follows the discovery of a new version of the Jahlav
Trojan horse that is being distributed via a site posing as a portal for
adult videos. -- "Although there is much less malware for Mac OS X
than there is for Windows, that's going to be little consolation if your
shiny new MacBook gets infected. Many in the Mac community have had
their heads buried in the sand for too long about the real nature of the
The business of being secure is even more reliant on 'smart' behavior
than on the presence or absence of alleged security features of a
browser. Safari added its antiphishing feature as a 'response' to
negative reports by such as Consumer Reports and by a threat from PayPal
to not allow transacting with Safari in favor of such as firefox or
opera or even IE7&8 because of Safari's insecurity compared to others.
Just because Safari has some kind of alleged protection and just because
mac OS has less number of malware exploits than insecure windows systems
with insecure browser configurations doesn't mean that a mac user should
behave very stupidly and insecurely by misusing their browser's
relationship with their mailagent and open spam and click spam links.
That is a decidedly unsafe-hex behavior and the fact that you are
'flaunting' your 'stupidity'/insecure behavior here is a very strong
indication of how little you understand about secure behaviors and
Malware strategies have all kinds of tactics. If you get a spam which
looks like a phish and you are curious about how the phish is supposed
to work and so you go to the site to look at the phish, but instead you
are actually 'lured' in to hitting the site for some other purpose such
as installing malware instead of the presumed phish.
It is 'dumb' to think that you are so smart and so invulnerable that you
can behave stupidly.
^1 ttp://snipr.com/tixx2 11 June 2009 - More Mac OS X malware
Re: Phishing site - Warnings from Google: Are YOU warned?
Mike - I do thank you for your comments and concern. Have no fear,
though, I am fully aware of the dangers lurking just beneath the surface! ;)
More dangerous, I think, are the links posted in the 'signature' blocks
of the likes of David H. Lipman. Have you ever clicked on them? What
happened when you did? Most folk would *never* know, would they?
Just a thought!
Dave (Sometimes man stumbles over the truth ...... Sir Winston Churchill)
- » Re: Phishing site - Warnings from Google: Are YOU warned?
- — Next thread in » Computer Software Security
- » ssh on command line: force using a group size (prime size) of 1024 (and no...
- — The site's Newest Thread. Posted in » Secure Shell Forum