And now MacWorld has weighed in: <http://www.macworld.com/news/2006/02/21/safari/index.php?lsrc=mwrss> I'd suggest also checking out the web safety suggestions at Apple's site referenced in the MacWorld article: <http://docs.info.apple.com/article.html?artnum=108009> Norm --- Norman A. Cohen nacohen at mac.com "The enemy is anybody who's going to get you killed, no matter which side he's on." Joseph Heller On Feb 21, 2006, at 13:12 PM, Norman Cohen wrote: > And on that note, there does appear to be a new security threat > associated with Safari, where downloading a "safe" file that > actually hides a certain type of shell script can lead to the shell > script automatically running. A malicious shell script could do all > sorts of bad things, like, say, erasing your whole user directory. > I'd say that this is probably a fair bit worse than the Oompa > Loompa worm. I would expect Apple to address this fairly quickly, > but in the meantime would suggest that everyone turn off "Open > "safe" files after downloading" option in the General Pane of > Safari preferences. Then check the file information for the > downloaded file before opening it. In the case of a sample exploit, > the filename indicates that the file is a picture; however, under > file preview in Column View in the Finder, the file is described as > a Unix Executable File. This exploit can also occur with Mail.app, > but there is not an easy fix for that at this point. > > <http://www.heise.de/english/newsticker/news/69862> for more > information.