I think that we've all been a bit lazy about security issues since OS X shipped. Despite some some Henny Penny attitudes and details of recent exploits - overblown Trojan Horse scares, the fake Microsoft Office installer silliness, warnings from Secunia over URI (uniform resource identifier) security holes - Mac OS X remains a sturdy platform. But, no operating system with links to the outside world is going to be perfectly secure, and we need to be more diligent - and smarter - about securing our systems.
Lately, there has been a fair amount of FUD (fear, uncertainty, doubt) surrounding OS X security, but a couple of people have really done a good job digging beneath the surface to present a fuller picture of these issues.
John Gruber, who runs the excellent site Daring Fireball, has posted the best online summaries of the recent URI vulnerabilities, explaining why we should care about them, without the "sky is falling" backgrounders. His article, " An Ounce of Prevention," offers thoughtful, sober recommendations for dealing with these security threats; start there and work backwards if you want all the gory details.
If you want an "Inside Baseball"-style vantage point on the Mac market, you can't beat the Macintosh Daily Journal (and its sibling, the similarly named Macintosh Weekly Journal ). With both the Trojan Horse FUD earlier this year and the current URI brouhaha, MDJ has distinguished itself with timely, in-depth coverage and recommendations that removed hysteria from the mix.
I should note that the coverage really isn't daily - it's really more "when stuff's happening" - but MDJ is the best source of extremely detailed, objective reporting in the Mac market. At $30 per month ($10 for MWJ ), it's not for everyone, but you can check out sample issues or sign up for a free trial subscription.
Like I said earlier, I think we've been a bit lax overall with regard to security - we know that the Mac OS has it all over Windows there - but we need to be aware of the potential threats, and remain in control of our systems. At minimum, make sure you've got your firewall up and running.