Someone Else

I’ve said it before and I'm sure I’ll say it again. People are fixated on getting root access to a machine, because they think in terms of 0wning the machine. Obviously the is is still a goal for some people, arguably it’s the holy grail of hacking for the sake of hacking.

But… There appears to be a rather large phishing industry that has sprung up and is doing rather well for itself thank-you by *not* being interested in your computer but rather in the user. Can I re-write your bank bookmarks to send you to ‘www.happy-phishing.com/1stBankofPhish’ instead of your normal bank site?

How many people store passwords for things like their bank account in a text file tucked away somewhere in their home folders? The answer is… a lot.How many people are properly ‘equipped’ to evaluate the risks of answering an unexpected popup on their desktop? Not so many.

How many Mac users blindly authenticate when asked to do so by an app installer, without thinking of the consequences? And how many of these would even ‘notice’ if Safari popped up with something like this at an unexpected time?

Who would even notice if something like this dropped its own input manager into ‘~/library/inputmanagers’? Who would even know what that meant? Most of the Mac knowledgeable people who read blogs like this should know or would be able to Google it up easily (especially with the head start in those two links above!), but what about the average person in the street who just got drawn in by the “I’m a Mac” adverts and is still trying to get used to how the dock and menu work, and hasn't even thought about system internals?