[ale] nailing down firefox security and privacy - PT 1

Jim Kinney jim.kinney at gmail.com
Thu Oct 13 22:35:07 EDT 2011


mal·ware Noun: Software that is intended to damage or disable computers and
computer systems.

I note the definition does not refer to delivery or activation methods.
On Oct 13, 2011 9:34 PM, "planas" <jslozier at gmail.com> wrote:

> **
> On Thu, 2011-10-13 at 20:41 -0400, David Tomaschik wrote:
>
>
> On 10/13/2011 06:23 PM, Pat Regan wrote:
> > On Thu, 13 Oct 2011 17:16:50 -0400
> > David Tomaschik <david at systemoverlord.com> wrote:
> >
> >> On Thu, Oct 13, 2011 at 3:58 PM, Pat Regan <thehead at patshead.com>
> >> wrote:
> >>> If the malware in question here were using an exploit, why would it
> >>> bother trying to get the user to click on it?
> >>>
> >>> Pat
> >> You've never seen "AntiVirus 2009" (and I imagine there is 2010, 2011,
> >> etc., but I stopped doing any Windows support in 2009).  It's malware
> >> that pretends to do an AV scan, finds a list of things, and tells you
> >> it can remove them... for $39.99.  You go to their website, put in
> >> their credit card details, and you're toast.  I'm not sure if they
> >> actually charge you $39.99, just capture your CC info, or both.  Never
> >> tried it to find out.
> >>
> > I understand the concept.  What I'm saying is that any malware that
> > has to trick someone into installing it is almost certainly not making
> > use of any exploits.  If it were, it wouldn't need to attempt to
> > socially engineer the user.
> >
> > Pat
> >
>
> It's not socially engineering anyone into installing it.  It's socially
> engineering you into pulling out your credit card and giving them your
> details.  Last I checked, malware can't reach into my pocket, take out
> my wallet, and read my credit card.  I hope.  (USB RFID reader + "tap to
> pay" ?)
>
>
>  If a phone homing keylogger is installed you could be giving someone your
> credit card number.
>
>   --
> Jay Lozier
> jslozier at gmail.com
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20111013/9c362407/attachment.html 


More information about the Ale mailing list