|
|||||||||
|
Thread Tools | Search this Thread |
May 19th, 2004, 07:14 AM | #1 |
Major Player
Join Date: Dec 2002
Location: Princeton, NJ
Posts: 363
|
slight OT - SAFARI Vulerability warning - A MUST FIX
This page has a good link and good, simple information on this critical problem with Safari that everyone using it or Firefox needs to fix IMMEDIATELY.
http://mamamusings.net/archives/2004...ty_problem.php I clicked the " the scary but harmless example." and it scared the hell out of me. All mac users should follow this and pass it on to any and all friends, clients, co-workers. Some people have found that this also affects the FIREFOX browser as well. ((PS: this is covered on a number of different websites so you can check the validity of this warning if you wish - www.macifxit.com is probably the most informed site around about any problem issues and they are covering it as well )) |
May 23rd, 2004, 09:23 PM | #2 |
Major Player
Join Date: Dec 2002
Location: Princeton, NJ
Posts: 363
|
Just so everyone knows, Apple has a fix for this and all you have to do is run Software Update to get it.
You might also want to check out Paranoid Android from Unsanity as well (since it's free and they know their stuff) but don't know if it's neccessary. |
May 23rd, 2004, 09:26 PM | #3 |
Warden
Join Date: Mar 2002
Location: Clearwater, FL
Posts: 8,287
|
Thanks for the update Kevin.
__________________
Jeff Donald Carpe Diem Search DVinfo.net for quick answers | Where to Buy? From the best in the business: DVinfo.net sponsors |
May 26th, 2004, 12:41 PM | #4 |
Major Player
Join Date: Dec 2002
Location: Princeton, NJ
Posts: 363
|
There are a lot of people saying a lot of different things as to whether the problems have been fixed or not and most of the opinions is that it has not been fixed by the security update.
I would suggest people go to the MacFixIt link above and read there. They are recommending two options to protect your system, one of which is Unsanity's "Paranoid Android" program they wrote to specifically defend against it. It's not worth losing your system over a couple of minutes to read and install a fix. |
May 26th, 2004, 02:58 PM | #5 |
Warden
Join Date: Mar 2002
Location: Clearwater, FL
Posts: 8,287
|
I use Little Snitch, which, while not free, does much more than the freeware Paranoid Android.
__________________
Jeff Donald Carpe Diem Search DVinfo.net for quick answers | Where to Buy? From the best in the business: DVinfo.net sponsors |
May 26th, 2004, 03:00 PM | #6 |
Major Player
Join Date: Dec 2002
Location: Princeton, NJ
Posts: 363
|
I bought Little Snitch too but it does nothing against these exploits. LS is great, it keeps any and all programs or applications from communicating out from your computer without your permission.
These exploits are somehow coming in through browsers and kicking off help scripts and things like that. These fixes are to prevent these webpages / codes from kicking off the command to erase your HD or things like that, it's not trying to communicate out. |
May 26th, 2004, 03:59 PM | #7 |
Warden
Join Date: Mar 2002
Location: Clearwater, FL
Posts: 8,287
|
They have to dial out to the URL in order to run the script, is my understanding. Little Snitch can block them from dialing out. A Firewall can prevent incoming commands, etc.
__________________
Jeff Donald Carpe Diem Search DVinfo.net for quick answers | Where to Buy? From the best in the business: DVinfo.net sponsors |
May 26th, 2004, 07:20 PM | #8 |
Major Player
Join Date: Dec 2002
Location: Princeton, NJ
Posts: 363
|
I need to look at it again but my understanding of the first couple of exploits were that they were triggered by a webpage loading code in a browser which initiated a script which used the HELP system to launch a script which does something... and usually something nasty.
When this first was announced the page I linked to above has the " the scary but harmless example" of this exploit and when I tried it I had Little Snitch active at the time and it still launched Help and ran a script which only produced a list of files on my hard drive. Is this a new exploit? |
May 26th, 2004, 07:40 PM | #9 |
Warden
Join Date: Mar 2002
Location: Clearwater, FL
Posts: 8,287
|
I think we have Little Snitch configured differently. I just did the same test and all it could do was launch. However, I also installed OS 10.3.4 tonight and maybe it's stopping the executable.
__________________
Jeff Donald Carpe Diem Search DVinfo.net for quick answers | Where to Buy? From the best in the business: DVinfo.net sponsors |
May 26th, 2004, 08:37 PM | #10 |
Major Player
Join Date: Dec 2002
Location: Princeton, NJ
Posts: 363
|
I haven't had a chance to read what all 10.3.4 does but it might fix it.
I'll look around tomorrow and see what info I can find. |
| ||||||
|
Thread Tools | Search this Thread |
|