Is loaning your laptop to nefarious characters something you do frequently? Pretty much the only time I've ever "loaned" my laptop to someone, it was a co-worker who used it for a presentation, projected on the wall, with me and a room full of other colleagues watching everything they do. When it's not a co-worker presenting, it's my wife.
I can verify that running random executables you receive in email is a bad idea, as is downloading apps from untrusted sources. I don't think this is groundbreaking or worthy of publishing in a reputable journal.
It's almost like malicious code can come from trusted or unexpected sources. (Yes, the examples of infection paths in the article aren't very creative, that doesn't mean local exploits are irrelevant)
It's been possible to dump passwords from the current user's Login Keychain via "security dump-keychain -d login.keychain" or "sudo keychaindump" for a long time:
16 comments
[ 0.96 ms ] story [ 50.1 ms ] threadYou should publish.
It sure would be nice if gaining a foothold on my computer didn't instantly mean gaining complete control over al my credentials.
If you disagree with his argument perhaps you could give an actual counter argument?
It's been possible to dump passwords from the current user's Login Keychain via "security dump-keychain -d login.keychain" or "sudo keychaindump" for a long time:
https://tinyapps.org/blog/mac/201211030700_recover_keychain_...