Follow the Australian Telecommunications scene NEWSLETTER- FREE TRIAL
Core Dump
Core Dump RSSStephen Withers turns his gaze on the world of Apple, with detours into other aspects of IT and communications as they catch his attention.
Technology news and Jobs arrow Our Blogs arrow Core Dump arrow Uh-oh: Safari, IE flaws combine to put Windows at risk!
Uh-oh: Safari, IE flaws combine to put Windows at risk! E-mail
by Stephen Withers   
Monday, 02 June 2008
Page 1 of 3
Human imagination is a wonderful thing, but unfortunately some have a tendency to use it to use it to devise nasty scenarios. A researcher has mashed up flaws in two different browsers to trigger the execution of remote code on Windows. Let the finger pointing begin!

Featured Whitepaper

5 Best Practices for Smartphone Support
The bittersweet taste of two-in-one tech terror combines serious flaws in the Safari and IE browsers, and in a nutshell, works by using the recently disclosed 'carpet bomb' flaw in Apple's Safari to get executable code onto the victim's computer, then exploiting an old and unpatched Internet Explorer bug to run the files without the user's involvement.

Carpet bombing was disclosed last month by Nitesh Dhanjani after (he says) Apple told him that his private report would not be treated as a security issue.

Apple: what a shame it has taken an attack devised by a researcher to prove that there’s no flaw worth leaving unpatched?

The problem concerns the action a browser should take when it receives a file that cannot be rendered. Safari assumes that it was something the user requested, and downloads it to the default folder (Downloads on Mac OS X, Desktop on Windows). The alternative is to ask the user if the file should be downloaded - shades of Vista's much-criticised UAC.

How you feel about that depends on how often you download files that won't open in the browser. If you rarely do it, the confirmation dialogue wouldn't appear very often and you would neither find it irritating nor habitually click the OK button without thinking.

However, if you frequently download files that need to be opened in a separate program, such as Office files, then you'll quickly become accustomed to accepting the download and may click OK even when you haven't explicitly requested a file.

Frankly, I don't think it makes much difference whether the browser asks for confirmation when downloading begins, or when a downloaded file is first opened (as happens in Mac OS X). Once you get into the habit of clicking OK, it's not easy to stop and think each time the warning dialogue appears unless it is in particularly unusual circumstances.

So, what is the IE flaw in question, and how should it be dealt with? Please read on to page 2.


<< First page <   1 2 3 Next page > Last page - Post your comment >>
 
< Next story in category   Previous story in the category >
iTWire user statistics Visitors last 30 days
 694,279
Subscribers 15,210
#1 independent technology news advertise here
  •   *  
  • Search
  • AdvSeach
  • Login
  • Events
  • FreeStuff

- Advertisement -

Featured Whitepapers

...More

Today on iTWireToday on iTWire

Latest news
Follow iTWire on Twitter

About iTWire

iTWire is all about technology news, information, jobs and community for the IT and telecommunications industry professional. Subscribe to our free ICT daily newsletter

iTWire and you

Contact , Register , Links , About iTWire , Feedback , Post your jobs , Events , iTWire site map , Start Blogging , MyBlogLog page , Advertise with iTWire , Subscribe to SMS headlines , White Papers