SECURITY ALERT

Kent Harris ksh at vine.com
Sat May 22 14:22:41 PDT 2004 

Since you guys use Mac's...

Do NOT browse the internet with your Macintosh, there is a HUGE 
security hole!  You need to do the following four things until Apple 
releases some kind of fix.  Right now you could merely view an HTML 
page and a program could be run that does anything, including erasing 
your hard drive.

1.  Install Apple's latest security update, this will fix only part of 
the problem.

2. Go to www.rubicode.com/Software/RCDefaultApp/ and download the 
application.  It is a System Preference pane and will allow you to 
change the default application for URL schemes (you can do this other 
ways but this will take far far far less time.)  Change all of the 
URL's you don't need to "disabled".  You can keep http, https, etc but 
make sure you disable telnet, disk, disks, etc. (full list below).

3. Go to http://www.unsanity.com/haxies/pa/ and download "paranoid 
android".

4. In safari preferences, uncheck the "open safe files after 
downloading" option.

Right now, I believe these steps are ABSOLUTELY NECESSARY to protect 
yourself from a malicious web page.  If you want to know the details, 
you can follow the links on MacNN.com.  The full original discovery (a 
lot of reading required) is in the MacNN forums:

	MacNN Fourums > Software- Troubleshooting and Discussion > Mac OS X >
	  Serious Security Flaw in Mac OS X/Safari/Help Viewer

The details are really quite interesting but the bottom line is this is 
a MAJOR security hole.  We're talking RED ALERT, DEFCON 5, you name it!

Here is a list of URL schemas that are potentially usable to mount a 
downloaded disk image (part of the exploit).  Make sure you use 
RCDefaultApp to disable all of these except for those you absolutely 
need.

code:
afp:            Finder, afp.URLMounter
cifs:           smb.URLMounter (NB: not from Safari)
disk:           DiskImageMounter
disks:          DiskImageMounter
file:           Finder, Safari, RealOne Player, Opera
ftp:            Finder, ftp.URLMounter, VLC, Opera
ftps:           ftp.URLMounter (NB: not from Safari)
nfs:            nfs.URLMounter (NB: not from Safari)
smb:            smb.URLMounter (NB: not from Safari)
ssh:            Terminal


Http and https are protected by step 4 above.

- Kent

More information about the Titanium mailing list