No. 1 Story
ACCC clears Optus to scrap HFC network and use NBN instead
The ACCC has cleared, provisionally, the proposed deal between Optus and NBN Co under which Optus is to be paid around $800m to shut down its HFC network and transfer customers onto the NBN. read moreMore From
Safari vulnerable to remote file-stealing attack
Stephen Withers
Tuesday, 13 January 2009 02:37
Page 1 of 2
A newly revealed vulnerability in Apple's Safari web browser allows a remote site to read files stored on a Mac or Windows system. According to the discoverer, the vulnerability has been acknowledged by Apple."[T]his vulnerability could be exploited by a phishing site in a way that would not cause affected users to suspect their information had been stolen," he added.
Although Mastenbrook did not disclose details of the vulnerability, it may involve the use of malformed feed: URLs. History suggests that the underlying problem is either a buffer overflow or a format string issue.
The vulnerability is said to affect Safari on Windows as well as Mac OS X 10.5.
According to Mastenbrook, an interim workaround for Mac OS X users is to set a program other than Safari as the default RSS reader in Safari's preferences.
Users of other Mac web browsers are vulnerable unless they make this change. Presumably an exploit would involve a feed: link in a web page or email that would still be directed to Safari unless that preference was altered.
Does Mastenbrook have a track record that adds credibility to his claim? See page 2.
You think you have a disaster recovery plan?
Think again. Most businesses only have PART of a DR plan - and this spells business disaster in the event of an IT disaster.
Download The Seven Sins of Disaster Recovery White Paper now and find out how you can prevent this happening to you.
