I suppose my problem is I'm going by several different experts in the field instead of deferring to hobbyists for my information.
Mike On Wed, Jun 4, 2008 at 9:03 AM, Matthew Taylor <[EMAIL PROTECTED]> wrote: > On Jun 4, 2008, at 11:13 AM, mike wrote: > > >> http://www.pcworld.com/article/id,145985-page,1/article.html?tk=synd_macworld >> >> A good explanation of the problem from a mac source. The bottom line is >> this apparently: The problem arises "because the Safari browser cannot >> be >> configured to obtain the user's permission before it downloads a >> resource," >> > > This is a feature issue, not a security issue, ie social engineering. If > the user says "Yes" and downloads the malware including package to the > desktop, boom, package delivered. The problem is the vulnerability being > exploited on the Windows side. Can you name any browser that natively will > not download malware even if the users approves? > >> >> >> The other main sticking point is that even if MS fixes their bug, and they >> are already doing so, the safari bug will STILL AFFECT systems. The same >> problem that works in conjuction with the MS bug, can be exploited in >> other >> ways. >> > > How? By downloading malware to another vulnerable location? Again, this > is Safari's problem? > > >> > > ************************************************************************* > ** List info, subscription management, list rules, archives, privacy ** > ** policy, calmness, a member map, and more at http://www.cguys.org/ ** > ************************************************************************* > ************************************************************************* ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *************************************************************************
