|
|
|
|
|
|
by jerf
5507 days ago
|
|
|
On Linux, even if the Twitter app on your desktop launches a browser, it can still do a very effective job of sniffing your password simply by asking the desktop environment for the relevant events. It only works in the browser because everything is sandboxed, with a particular focus on sandboxed-by-domain. See http://theinvisiblethings.blogspot.com/2011/04/linux-securit... , for instance. There are ways to do that on all the desktop environments, I presume, with varying degrees of officialness and popping up administrator password dialogs. |
|
|