[DM-MUG] Researcher cracks Mac in 10 seconds

Arne Quanbeck dmmug at arnequanbeck.com
Fri Mar 20 10:21:55 CDT 2009 

This "attack" is what used to be standard behavior until malware  
became an issue. A couple of things to note:

Recent versions of Mac OS X prompt when opening program files  
downloaded from the Internet. The user is given the option to view the  
site, cancel, or continue opening the file. Most versions of Windows  
don't have this feature.

It MAY be possible (I'm not in front of a Mac to test this hypothesis)  
to cause Safari to prompt for a download location (and let the user  
cancel) by setting the download folder to a directory where the user  
doesn't have write permissions. Sites could still nag the user by  
putting hundreds of download links on a page. This is the reason IE  
for Windows now uses the information bar. An ActiveX (Windows/IE)  
attack used this method of wearing out a user's resolve to the point  
that they would click "Run".   The key difference here is that the  
ActiveX attack would RUN the malicious code, while the Safari issue at  
its worst only puts the malicious code in the user's downloads folder.

The article could be read to imply the ability of the malicious site  
to put files anywhere on a user's hard drive, but this claim is not  
present in the quoted material. It would also be inconsistent with the  
problem description and proposed solution.

Unless you are running Safari on Windows, it is probably safe to mark  
this one part security, nine parts FUD. This of course assumes the  
article is accurate.




On Mar 20, 2009, at 9:25 AM, David McLaughlin <thorgrim at imaginarytower.org 
 > wrote:

> A ComputerWorld article on the topic.
>
>
> http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9129978%22%20target=%22_blank
>
>
> A carefully crafted website was needed to make it happen.
>
> I assume it was done using Safari 3.2.1 and not the Safari 4 beta.
>
> Looks like its back to Firefox for now <sigh>  I'm not a fan of  
> FIrefox, it's slow and always seems to crash on me.
>
> David D. McLaughlin
> webmaster at dmmug.org
> _______________________________________________
> DMMUG mailing list
> Use this Address to send mail to the list:
> DMMUG at dmmug.org
> Use this page to modify subscription options:
> http://cialug.org/mailman/listinfo/dmmug

More information about the DMMUG mailing list