*DAMN R6
.:Navigation:| Home | Battle League | Forum | Mac Downloads | PC Downloads | Cocobolo Mods |:.

Welcome, Guest. Please login or register.
November 01, 2024, 02:20:28 am

Login with username, password and session length
Search:     Advanced search
One Worldwide Gaming Community since 13th June 2000
132955 Posts in 8693 Topics by 2294 Members
Latest Member: xoclipse2020
* Home Help Search Login Register
 Ads
+  *DAMN R6 Forum
|-+  *DAMN R6 Community
| |-+  General Gossip
| | |-+  Tech Talk (Moderators: *DAMN Hazard, Civrock, c| Lone-Wolf, BTs_GhostSniper)
| | | |-+  Security Hole: Dashboard
Pages: [1]   Go Down
Print
Author Topic: Security Hole: Dashboard  (Read 2410 times)
0 Members and 1 Guest are viewing this topic.
Civrock
Moderator
God save the Royal Whorealots
*****
Offline Offline

Gender: Male
Posts: 3727



WWW
« on: May 09, 2005, 12:04:46 am »

http://discussions.info.apple.com/webx?128...SOt.2@.68aed1b6

http://forums.macnn.com/showthread.php?t=255388

http://episteme.arstechnica.com/eve/ubb.x/.../m/200006323731


when you download a Dashboard Widget with your browser, it normally gets auto-installed. in these three threads a relatively big security hole is explained and also tested how far it can cause damage if exploited.

although i'm personally not too paranoid about this, i just disabled the feature "auto-open -safe- files after downloading" (directly translated from german, could be slightly different) in the general preferences of Safari. i hope Apple already knows about it and stuffs this security risk asap.
« Last Edit: May 09, 2005, 12:13:18 am by z][t-Civic™ » Logged

~Formerly known as "Civic"
http://steamcommunity.com/id/civrock
BTs_Mysterio
BL Staff
God save the Royal Whorealots
*****
Offline Offline

Gender: Male
Posts: 3676



WWW
« Reply #1 on: May 09, 2005, 01:10:13 am »

I bet on a update within 2 weeks.
Logged

"There's room at the top they are telling you still. But first you must learn how to smile as you kill"
John Lennon
Only suits they'll be wearing are body bags. • Your trial will be held at the city morgue. • I'll return your gun, one bullet at a time.
Mysterio is a registered trademark of Myster
Ethion
Forum Whore
****
Offline Offline

Gender: Male
Posts: 509


2x1.8 G5 at your service


« Reply #2 on: May 09, 2005, 09:45:39 am »

it's not directly a security hole, because when you download an widget, it might install itself.
But it goes directly to the dashboard thingi, so you shouldn't be that concerend about it.
Logged

BTs_Mysterio
BL Staff
God save the Royal Whorealots
*****
Offline Offline

Gender: Male
Posts: 3676



WWW
« Reply #3 on: May 09, 2005, 01:15:44 pm »

You should be generally concerned, however, if you are foolish enough to leave on open safe files.
Logged

"There's room at the top they are telling you still. But first you must learn how to smile as you kill"
John Lennon
Only suits they'll be wearing are body bags. • Your trial will be held at the city morgue. • I'll return your gun, one bullet at a time.
Mysterio is a registered trademark of Myster
Civrock
Moderator
God save the Royal Whorealots
*****
Offline Offline

Gender: Male
Posts: 3727



WWW
« Reply #4 on: May 09, 2005, 01:51:47 pm »

it's not directly a security hole, because when you download an widget, it might install itself.
But it goes directly to the dashboard thingi, so you shouldn't be that concerend about it.

it goes directly into the dashbord and therefore auto-installs itself. check out the links... there is a (harmless) widget that blocks all others when it's only in the widget folder. it has been created just to see the potential in this hole... and if you go further into the threads, people already created pretty evil widgets that can destroy your whole system. basically you can put pretty bad stuff into widgets... shell scripts etc and you can't do much about it without a clue. Apple left too much possibilities open in this case although that's usually a good thing.
Logged

~Formerly known as "Civic"
http://steamcommunity.com/id/civrock
Pages: [1]   Go Up
Print
Jump to:  



 Ads
Powered by SMF 1.1.7 | SMF © 2006-2007, Simple Machines LLC
Page created in 0.059 seconds with 21 queries.