I’m still in New York for the FISD conference, listening to Team Cymru talk about the state of cybercrime as I wait for my turn at the podium (to talk about information-centric security and DLP). One problem with travel is keeping up with the news, so I pretty much missed the Applescript vulnerability and now have to write it up for TidBITS on the plane before Monday.
I was reading Thomas Ptacek’s post on the vulnerability, and I think it’s time I joined Tom and came out of the closet.
I run as admin on my Mac. All the time. And I’m not ashamed. Why? As Ptacek said, even without root/admin there’s a ton of nasty things you can do on my system. In fact, you can pretty much get anything I really worry about. I even once wrote some very basic Applescript malware that ran on boot (after jailbreaking an improperly configured virtual machine). It didn’t need admin to work.
There. I feel better now. Glad to get that out there.
(If you’re going to criticize this, go read Tom’s post and talk to him first. He’s smarter than me, and not on an airplane.)