Microsoft: Don't Use Safari Web Browser - Canadian TV, Computing and Home Theatre Forums
 
LinkBack Thread Tools Search this Thread Display Modes

post #1 of 3 (permalink) Old 2008-05-31, 11:57 AM Thread Starter
 
Join Date: Apr 2008
Posts: 1,051
Microsoft: Don't Use Safari Web Browser

http://www.theregister.co.uk/2008/05..._apple_safari/
Quote:
The recommendation comes a week after researcher Nitesh Dhanjani reported that Apple's browser doesn't seek user permission before downloading certain types of files. Even when encountering malicious iframes - a common occurrence these days even on the most trustworthy of sites - Safari obediently does what it's told to do, including downloading a file hundreds of times.

Apple's security pros, upon learning of the so-called carpet bombing vulnerability, said they didn't see it as a significant threat.
granduncle is offline  
Sponsored Links
Advertisement
 
post #2 of 3 (permalink) Old 2008-06-10, 07:07 PM Thread Starter
 
Join Date: Apr 2008
Posts: 1,051
Proof of concept...
http://www.theregister.co.uk/2008/06..._bombing_demo/
Quote:
Clicking on this link with Safari using default settings automatically downloads a booby-trapped file onto a Windows user's desktop with no prompting. The next time the user opens Internet Explorer, the force-fed file automatically causes the notepad.exe application to launch and open a non-existent file. Of course, miscreants could choose far more nefarious code.

...it's interesting to note that Safari is the only major browser that automatically downloads the rogue payload. Gives a whole new meaning to Apple's "It just works" mantra.
granduncle is offline  
post #3 of 3 (permalink) Old 2008-06-10, 09:08 PM
 
Join Date: Nov 2006
Location: Ottawa
Posts: 1,114
Quote:
Apple's security pros, upon learning of the so-called carpet bombing vulnerability, said they didn't see it as a significant threat.
But, but, isn't Apple perfect in every way in everything?

Panasonic TH-42PX60U, Harmony 670, Rogers HD 8300, 3250HD, Denon AVR-591, Chartwell SL3-5A, Venturer SHD-7000, Samsung 1600 BR.
spensar is offline  
Reply

Quick Reply
Message:
Options

Register Now



In order to be able to post messages on the Canadian TV, Computing and Home Theatre Forums forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.

User Name:
Password
Please enter a password for your user account. Note that passwords are case-sensitive.

Password:


Confirm Password:
Email Address
Please enter a valid email address for yourself.

Email Address:
OR

Log-in









Human Verification

In order to verify that you are a human and not a spam bot, please enter the answer into the following box below based on the instructions contained in the graphic.



Thread Tools Search this Thread
Show Printable Version Show Printable Version
Email this Page Email this Page
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode



Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

 
For the best viewing experience please update your browser to Google Chrome