Hacker News new | past | comments | ask | show | jobs | submit login

I personally run chrome and block all plugins by default, and enable them when I think I have a good idea what the plugin is doing. You can then set specific sites that may always run plugins, so it's not overly annoying when on a few flash-heavy sotes. Presumably Safari has a similar option.

Unfortunately Chrome only allows you to "run all plug-ins" on a site or "block all plug-ins", so there's still a possibility of enabling Java when you meant to enable flash to view a video. However, it's probably a good first step against attacks like these.

I also run under a regular user account without direct sudo access, so any action that modifies system files should request an admin password. Jeff Atwood (codinghorror.com) had a good post about this for Windows: http://www.codinghorror.com/blog/2007/06/the-windows-securit...

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact