Warning this article may contain opinions of the author that you and iTWire don't necessarily agree with. Don't let them get away with it - have your say with a comment!

No. 1 Story

ACCC clears Optus to scrap HFC network and use NBN instead

The ACCC has cleared, provisionally, the proposed deal between Optus and NBN Co under which Optus is to be paid around $800m to shut down its HFC network and transfer customers onto the NBN. read more

Safari RSS vulnerability: take two

Opinion and Analysis

An effective workaround for the Safari RSS security issue flagged last week turns out to be more complicated than originally suggested.

Just over a week ago, Brian Mastenbrook warned of a vulnerability he had discovered in Apple's Safari web browser.

The problem is that a malicious link (that could be delivered in a web page, an email, an instant message or in some other form) can be the vehicle for an attack that allows files to be read from the user's hard drive.

The vulnerability affects Mac OS 10.5 (but not previous versions) even if users do not use Safari's RSS capabilities.

If you are invited to open a link specifically in Safari, it's probably wise to decline.

"Users of Firefox, Camino, and Opera on Mac OS X are substantially better protected against exploitation by a malicious web page than users of Safari or OmniWeb," Mastenbrook observed.

Both Safari and OnmiWeb use the WebKit framework, which raises the question of whether the vulnerability is in Safari itself or in WebKit.

He originally suggested that using Safari's preferences to associate RSS feeds with another program such as Mail would provide protection until Apple releases a Safari update to fix the underlying problem.

But he overlooked that there are two other URL types associated with RSS feeds, namely feeds and feedsearch.

So how do you get around that? Find out on page 2.