

Gaping Face Time security hole - boredguy8
http://www.engadget.com/2010/10/21/psa-facetime-beta-endangers-your-apple-id-password-and-security/

======
tptacek
Uh. Was Engadget under the impression that it would be hard for someone
physical access to your _logged-in unlocked machine_ to get your password
anyways?

I see the bug here and all, but it's not like any other non-Keychain-
integrated app is better. Don't let people you don't trust use your computer.

~~~
mentat
Usually you're not allowed to change a password without showing again, even if
you're logged on, that you know the current one.

~~~
tptacek
Like I said, I get the bug. But it's not like Mac apps do that good of a job
protecting secrets outside Facetime.

