[X4U] Malware for Mac...
Matt Gregory
vdub.grego at gmail.com
Mon May 9 12:55:19 PDT 2005
For newbies, like me, what kind of possible malware widgets could be
downloaded in 10.3.9? I thought what was being pointed out was a risk in
using dashboard, which is a 10.4 thing. I understand the "Open safe files"
vulnerability now and will turn it off as soon as I get home, but I didn't
think much of it because none of the "safe" file types seemed like possible
vulnerabilities. So what kind of files can be auto-opened by Safari in
10.3.9 that can sneak malware into OS X?
Thanks,
matt.
On 5/9/05, Stephen Mackenzie <stephen.mackenzie at connectfree.co.uk> wrote:
>
>
> On May 9, 2005, at 17:21, Hector Luna wrote:
>
> >> Wouldn't just unchecking the "Open safe files" box in Safari also do
> >> this?
> >
> > Yes. If you're a computer admin you could take it a bit further and
> > make ~/Library/Widgets read-only as well...
>
> Still automatically downloads the widget (even in 10.3.9) cos of a http
> refresh header. Another page (full of "evil" widgets) does it with
> iframes.
>
> People are (rightly) getting excited about widgets executing arbitrary
> code, but I'd be quite happy for Safari NOT to download random things
> like zip files without telling me!
>
> SM.
>
> (Never approved of that newfangled Dashboard thing anyways...)
>
> _______________________________________________
> X4U mailing list
> X4U at listserver.themacintoshguy.com
> http://listserver.themacintoshguy.com/mailman/listinfo/x4u
>
> Listmom is trying to clean out his closets! Vintage Mac and random stuff:
> http://search.ebay.com/_W0QQsassZmacguy1984
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://listserver.themacintoshguy.com/pipermail/x4u/attachments/20050509/19ff70f0/attachment.html
More information about the X4U
mailing list