As usual Paul is correct, thought the URL he provided doesn't have the information to back this up. I completely retract what I said, in ignorance, about Paranoid Android. Unsanity's whitepaper on the subject is a much more informative read:
<http://www.unsanity.com/haxies/pa/whitepaper> Most of the "fixes" (including the one I offered and Apple's newly released update) focus on fixing the problem for the "help:" protocol handler. Unsanity offers a Proof-of-Concept page that demonstrates how a new protocol handler can be registered with LaunchServices in Panther to bypass even Apple's current security update. Their product "Paranoid Android" appears to be an excellent way to guard yourself from this security hole until Apple *really* patches it. -Remo Del Bello -- "It is wisdom to recognize necessity, when all other courses have been weighed, though as folly it may appear to those who cling to false hope." - Gandalf the Grey in "The Lord of the Rings: The Fellowship of the Ring" > From: Paul Berkowitz <[EMAIL PROTECTED]> > Reply-To: "Entourage:mac Talk" <[EMAIL PROTECTED]> > Date: Fri, 21 May 2004 20:02:30 -0700 > To: Entourage Mac Talk <[EMAIL PROTECTED]> > Subject: Re: [off] First major security exploit in OS X > > You remember incorrectly, Remo, and offer a solution that's worse. Go read > this link, as Peter recommended: > > http://www.euronet.nl/~tekelenb/playground/security/diskURLscheme/ > > > As Peter says, it's the best explanation on the subject. > > -- > Paul Berkowitz -- To unsubscribe: <mailto:[EMAIL PROTECTED]> archives: <http://www.mail-archive.com/entourage-talk%40lists.letterrip.com/> old-archive: <http://www.mail-archive.com/entourage-talk%40lists.boingo.com/>
