No. 1 Story
ACCC clears Optus to scrap HFC network and use NBN instead
The ACCC has cleared, provisionally, the proposed deal between Optus and NBN Co under which Optus is to be paid around $800m to shut down its HFC network and transfer customers onto the NBN. read moreSafari RSS vulnerability: take two
Stephen Withers
Monday, 19 January 2009 03:11
Page 1 of 2
An effective workaround for the Safari RSS security issue flagged last week turns out to be more complicated than originally suggested.The problem is that a malicious link (that could be delivered in a web page, an email, an instant message or in some other form) can be the vehicle for an attack that allows files to be read from the user's hard drive.
The vulnerability affects Mac OS 10.5 (but not previous versions) even if users do not use Safari's RSS capabilities.
If you are invited to open a link specifically in Safari, it's probably wise to decline.
"Users of Firefox, Camino, and Opera on Mac OS X are substantially better protected against exploitation by a malicious web page than users of Safari or OmniWeb," Mastenbrook observed.
Both Safari and OnmiWeb use the WebKit framework, which raises the question of whether the vulnerability is in Safari itself or in WebKit.
He originally suggested that using Safari's preferences to associate RSS feeds with another program such as Mail would provide protection until Apple releases a Safari update to fix the underlying problem.
But he overlooked that there are two other URL types associated with RSS feeds, namely feeds and feedsearch.
So how do you get around that? Find out on page 2.
You think you have a disaster recovery plan?
Think again. Most businesses only have PART of a DR plan - and this spells business disaster in the event of an IT disaster.
Download The Seven Sins of Disaster Recovery White Paper now and find out how you can prevent this happening to you.
