Updated: 6/13/2008; 9:24:48 PM.
Browsers
news, views and tips on internet browser usage and security issues and related technology and activities for personal, residential, soho and small organization users.
        

Friday, June 13, 2008

Safari Carpet Bombing

from the SANS OUCH Newsletter Volume 5, Number 6 June 2008

Serious vulnerabilities in Safari have spawned a troubling attitude from Apple about them. It has been known for years that the Safari browser does not warn users before downloading files to their system. It's a simple trick to get Safari to download a file to the user default file location with no user intervention or notice from the browser. For users who install the Windows version of the Safari browser, that default location is the desktop, so the attacker could fill up your desktop with unsolicited files. The next step is for the Bad Guys to load up your desktop with malware in files named "My Computer"-thus the name "Carpet Bombing" for the attack. On the Mac, the files end up in the Downloads folder. Apple has decided to treat this as a normal product enhancement request and not a security problem.

More information:

http://blogs.pcmag.com/securitywatch/2008/05/safari_carpet_bombing.php

http://www.dhanjani.com/archives/2008/05/safari_carpet_bomb.html


9:24:40 PM    comment []

© Copyright 2008 iWay-Safety.com.
 
June 2008
Sun Mon Tue Wed Thu Fri Sat
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30          
May   Jul
iWay-Safety.com
Links & Tools
Main News Page
SEARCH
NEWS CHANNELS
BROADBAND
SECURITY
CRIME
BROWSERS
MAIL
eCOMMERCE
INTERNET LIFE
MALWARE
MULTIMEDIA
PRIVACY
SITE SECURITY
SMALL BUSINESS
WIRELESS
Click here to visit the Radio UserLand website.

Subscribe to "Browsers" in Radio UserLand.

Click to see the XML version of this web page.

Click here to send an email to the editor of this weblog.