Re: [CGUYS] FYI: Safari on the Windows Platform
Mike, slamming Apple's security by quoting security companies who sell security software for Windows is less than creditable to me. They are saying use Windows and buy our security software; don't switch to OS X and ignore us! If they also sold security software for OS X (and had a creditable number of customers, reflecting the market), I might believe them. If their claims that Mac OS X (current versions - 10.4 and 10.5) are true, then why can't they make and sell security software to those users? There are plenty of companies selling software for OS X; why do none of them sell security software? Thank you, Mark Snyder -Original Message- So when mediadefender went to take down rev3 with a DoS attack, if they had been rich snobs they would have gone after only macs to set the attack up? Or would they realize that the DoS attack only works when you have a lot of machines sending data and go after the other 90% of systems out there to launch the attack? I don't have to convince anyone, it's just facts. Look at almost any security firm who measures medium to critical flaws among the os's and they all say the same thing, Apple lags far behind in fixing such flaws. They get away with it because these guys such as mediadefender need as many systems as they can get to attack. This last safari problem is a perfect example, MS was out saying they would fix the issue, Apple said we aren't fixing it. Now after some press articles and pressure from the community and MS, Apple has agreed to fix it. * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] FYI: Safari on the Windows Platform
mike sez: >MS agreed to fix it without incident, Apple was refusing until recently. >According to the researcher who found the issue though, MS fixing their end >still leaves a problem that can be exploited in Safari. You really do have an awful lot of time counting the minutes between when one company decides to change its course (Microsoft points fingers and then will make a change) and then another company decides to change course, too (Apple refusing until recently). Since both have changed, sounds like neither of them win. The customers win. -- Michael Lewis Off Balance Productions [EMAIL PROTECTED] www.offbalance.com * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] FYI: Safari on the Windows Platform
Well if I'm snarky, I think it's clear who is snooty. So when mediadefender went to take down rev3 with a DoS attack, if they had been rich snobs they would have gone after only macs to set the attack up? Or would they realize that the DoS attack only works when you have a lot of machines sending data and go after the other 90% of systems out there to launch the attack? I don't have to convince anyone, it's just facts. Look at almost any security firm who measures medium to critical flaws among the os's and they all say the same thing, Apple lags far behind in fixing such flaws. They get away with it because these guys such as mediadefender need as many systems as they can get to attack. This last safari problem is a perfect example, MS was out saying they would fix the issue, Apple said we aren't fixing it. Now after some press articles and pressure from the community and MS, Apple has agreed to fix it. Mike On Thu, Jun 5, 2008 at 7:24 AM, Tom Piwowar <[EMAIL PROTECTED]> wrote: > > > To make your proposition relevant you would need to establish why > criminals would prefer to attack computers owned by people who have > little to steal instead of attacking those who are wealthy. Good luck > trying to convince us of that. > > > * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] FYI: Safari on the Windows Platform
MS agreed to fix it without incident, Apple was refusing until recently. According to the researcher who found the issue though, MS fixing their end still leaves a problem that can be exploited in Safari. Mike On Thu, Jun 5, 2008 at 7:16 AM, Michael Lewis <[EMAIL PROTECTED]> wrote: > mike sez: > > >Or if Apple fixed it... > > Sounds to me as if either Apple or Microsoft could do something to "fix" > it. Both companies apparently think they have better things to do, so us > arguing from our respective prejudices doesn't do anything. Best to tell > people to change their download folder from the desktop, but I suppose > it's more fun to be misanthropic jerks. > > -- > Michael Lewis > Off Balance Productions > [EMAIL PROTECTED] > www.offbalance.com > > > * > ** List info, subscription management, list rules, archives, privacy ** > ** policy, calmness, a member map, and more at http://www.cguys.org/ ** > * > * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] FYI: Safari on the Windows Platform
It is difficult to have a reasonable discussion with someone who's view of reality is so far out of whack. It is even harder when you leap from one distortion to another unrelated distortion while insisting that they are somehow related and mutually supportive. Apple is the 4th largest manufacturer of computers. They have a 14% market share, but that understimates the installed base because Macs last far longer than PCs. Apple has a 66% market share in the non-junk market segment. If you want to relate this to crime it would make the most sense to look at market share numbers for a smaller population: those who own something worth stealing. Here Apple numbers would skew much higher. Busboys and the unemployed skew towards PCs. Doctors, lawyers, and the glitterati skew towards Macs. To make your proposition relevant you would need to establish why criminals would prefer to attack computers owned by people who have little to steal instead of attacking those who are wealthy. Good luck trying to convince us of that. >I can't really say I agree or disagree, I was just reading facts. In >reality do I think the safari exploit matters in real world environment? Of >course not, there is no money (yet) in attacking Apple products. This is if >the tree falls in the forrest...if safari or os x has a vulnerability, does >it matter since no one will exploit it? * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] FYI: Safari on the Windows Platform
mike sez: >Or if Apple fixed it... Sounds to me as if either Apple or Microsoft could do something to "fix" it. Both companies apparently think they have better things to do, so us arguing from our respective prejudices doesn't do anything. Best to tell people to change their download folder from the desktop, but I suppose it's more fun to be misanthropic jerks. -- Michael Lewis Off Balance Productions [EMAIL PROTECTED] www.offbalance.com * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] FYI: Safari on the Windows Platform
This is a good example of a defect that mostly affects the ignorant. I set up my browsers to download to a specific place that I specify for each download. So this would not really get me. I have not used Safari in a while, in either OS X or XP, but at least in OS X, I set up a regular user account that requires administrative account permissions to install anything, so I am not very worried about this exploit in OS X. I do agree that Apple should fix the problem - or stop providing Safari for Windows. Mike, it is more pleasant for the list to make your point without being snarky, snooty, etc. Thank you, Mark Snyder -Original Message- It's snooty, thank you. I can't really say I agree or disagree, I was just reading facts. In reality do I think the safari exploit matters in real world environment? Of course not, there is no money (yet) in attacking Apple products. This is if the tree falls in the forrest...if safari or os x has a vulnerability, does it matter since no one will exploit it? FYI, the safari issue exists on the os x side also, not just windows. * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] FYI: Safari on the Windows Platform
It's snooty, thank you. I can't really say I agree or disagree, I was just reading facts. In reality do I think the safari exploit matters in real world environment? Of course not, there is no money (yet) in attacking Apple products. This is if the tree falls in the forrest...if safari or os x has a vulnerability, does it matter since no one will exploit it? FYI, the safari issue exists on the os x side also, not just windows. Mike On Wed, Jun 4, 2008 at 10:26 AM, Snyder, Mark (IT Civ) <[EMAIL PROTECTED]> wrote: > Don't suppose your problems; examine them. Aside from the nasty > proclivity to interpret expert as 'someone who agrees with me' maybe > branch out a little and examine also your tendency to be unnecessarily > snarky and defensive when you reply to posts on this list. > > Thank you, > > Mark Snyder > -Original Message- > I suppose my problem is I'm going by several different experts in the > field > instead of deferring to hobbyists for my information. > > > * > ** List info, subscription management, list rules, archives, privacy ** > ** policy, calmness, a member map, and more at http://www.cguys.org/ ** > * > * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] FYI: Safari on the Windows Platform
Apologies to you Mark - don't know where my head was. You were not even replying to me, leet alone the author of the below. Time for this old crank to take a nap I think... Matthew On Jun 4, 2008, at 1:26 PM, Snyder, Mark (IT Civ) wrote: Don't suppose your problems; examine them. Aside from the nasty proclivity to interpret expert as 'someone who agrees with me' maybe branch out a little and examine also your tendency to be unnecessarily snarky and defensive when you reply to posts on this list. Thank you, Mark Snyder -Original Message- I suppose my problem is I'm going by several different experts in the field instead of deferring to hobbyists for my information. * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http:// www.cguys.org/ ** * * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] FYI: Safari on the Windows Platform
Or if Apple fixed it.. On Wed, Jun 4, 2008 at 10:49 AM, Matthew Taylor <[EMAIL PROTECTED]> wrote: They all boil down to it was a non problem if Windows did not allow such > arbitrary code execution. > > Matthew > >> >> >> * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] FYI: Safari on the Windows Platform
>http://www.pcworld.com/article/id,145985-page,1/article.html?tk=synd_macworld This article doesn't say much, but dropped enough names that I could Google for the real story. That is at www.dhanjani.com. I used Dhanjani's information to create a carpet bomb page and cgi as described. I tried it in IE, FireFox, and Safari. Safari did download a bunch of files without asking first. Both IE and FireFox did ask first. I agree that this is nasty behavior on the part of Safari, but it is not in itself a security breach. Nothing got executed on my computer. Of course this could be the first step in something bad happening and it was all too easy to do. I hope Apple fixes this. * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] FYI: Safari on the Windows Platform
Snarky? I think your post qualified as you assume you know where and what I read and that it was all hobbyist. I read your suggested article (earlier) and others. They all boil down to it was a non problem if Windows did not allow such arbitrary code execution. Matthew On Jun 4, 2008, at 1:26 PM, Snyder, Mark (IT Civ) wrote: Don't suppose your problems; examine them. Aside from the nasty proclivity to interpret expert as 'someone who agrees with me' maybe branch out a little and examine also your tendency to be unnecessarily snarky and defensive when you reply to posts on this list. Thank you, Mark Snyder -Original Message- I suppose my problem is I'm going by several different experts in the field instead of deferring to hobbyists for my information. * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] FYI: Safari on the Windows Platform
Don't suppose your problems; examine them. Aside from the nasty proclivity to interpret expert as 'someone who agrees with me' maybe branch out a little and examine also your tendency to be unnecessarily snarky and defensive when you reply to posts on this list. Thank you, Mark Snyder -Original Message- I suppose my problem is I'm going by several different experts in the field instead of deferring to hobbyists for my information. * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] FYI: Safari on the Windows Platform
I am not saying Safari could not be better - it is my third favorite browser behind Opera and Firefox / Camino. I want to be asked by my browser at each step of the way - others do not. Matthew On Jun 4, 2008, at 12:59 PM, mike wrote: I suppose my problem is I'm going by several different experts in the field instead of deferring to hobbyists for my information. Mike On Wed, Jun 4, 2008 at 9:03 AM, Matthew Taylor <[EMAIL PROTECTED] > wrote: On Jun 4, 2008, at 11:13 AM, mike wrote: http://www.pcworld.com/article/id,145985-page,1/article.html?tk=synd_macworld A good explanation of the problem from a mac source. The bottom line is this apparently: The problem arises "because the Safari browser cannot be configured to obtain the user's permission before it downloads a resource," This is a feature issue, not a security issue, ie social engineering. If the user says "Yes" and downloads the malware including package to the desktop, boom, package delivered. The problem is the vulnerability being exploited on the Windows side. Can you name any browser that natively will not download malware even if the users approves? The other main sticking point is that even if MS fixes their bug, and they are already doing so, the safari bug will STILL AFFECT systems. The same problem that works in conjuction with the MS bug, can be exploited in other ways. How? By downloading malware to another vulnerable location? Again, this is Safari's problem? * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] FYI: Safari on the Windows Platform
I suppose my problem is I'm going by several different experts in the field instead of deferring to hobbyists for my information. Mike On Wed, Jun 4, 2008 at 9:03 AM, Matthew Taylor <[EMAIL PROTECTED]> wrote: > On Jun 4, 2008, at 11:13 AM, mike wrote: > > >> http://www.pcworld.com/article/id,145985-page,1/article.html?tk=synd_macworld >> >> A good explanation of the problem from a mac source. The bottom line is >> this apparently: The problem arises "because the Safari browser cannot >> be >> configured to obtain the user's permission before it downloads a >> resource," >> > > This is a feature issue, not a security issue, ie social engineering. If > the user says "Yes" and downloads the malware including package to the > desktop, boom, package delivered. The problem is the vulnerability being > exploited on the Windows side. Can you name any browser that natively will > not download malware even if the users approves? > >> >> >> The other main sticking point is that even if MS fixes their bug, and they >> are already doing so, the safari bug will STILL AFFECT systems. The same >> problem that works in conjuction with the MS bug, can be exploited in >> other >> ways. >> > > How? By downloading malware to another vulnerable location? Again, this > is Safari's problem? > > >> > > * > ** List info, subscription management, list rules, archives, privacy ** > ** policy, calmness, a member map, and more at http://www.cguys.org/ ** > * > * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] FYI: Safari on the Windows Platform
On Jun 4, 2008, at 11:13 AM, mike wrote: http://www.pcworld.com/article/id,145985-page,1/article.html?tk=synd_macworld A good explanation of the problem from a mac source. The bottom line is this apparently: The problem arises "because the Safari browser cannot be configured to obtain the user's permission before it downloads a resource," This is a feature issue, not a security issue, ie social engineering. If the user says "Yes" and downloads the malware including package to the desktop, boom, package delivered. The problem is the vulnerability being exploited on the Windows side. Can you name any browser that natively will not download malware even if the users approves? The other main sticking point is that even if MS fixes their bug, and they are already doing so, the safari bug will STILL AFFECT systems. The same problem that works in conjuction with the MS bug, can be exploited in other ways. How? By downloading malware to another vulnerable location? Again, this is Safari's problem? * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] FYI: Safari on the Windows Platform
http://www.pcworld.com/article/id,145985-page,1/article.html?tk=synd_macworld A good explanation of the problem from a mac source. The bottom line is this apparently: The problem arises "because the Safari browser cannot be configured to obtain the user's permission before it downloads a resource," The other main sticking point is that even if MS fixes their bug, and they are already doing so, the safari bug will STILL AFFECT systems. The same problem that works in conjuction with the MS bug, can be exploited in other ways. Apple users have been told for so long they are more secure, common sense eludes them. That last pwn to own contest should have taken some of the air out of these mac zealots...the guy that cracked the mac did so because in his words it was the easiest platform to attack. I'm starting to think that only an all out attack on os x will ever convice some users. But then security by keeping the base users numbers so low that it's not worth an attack seems to work as well. Mike On Wed, Jun 4, 2008 at 6:18 AM, Matthew Taylor <[EMAIL PROTECTED]> wrote: > Is it really a flaw? As I understand it from what I have read on the web, > Safari will download what you tell it to where you have told it to. In the > case of Windows, the default is the desktop, a fairly common choice. > Unfortunately for windows users, the desktop is an unsafe location because > executables on the desktop work differently, read more permissively, than > elsewhere. The flaw in my view is thus on the Windows desktop. Safari > already has a fix available - choose a different location. What would you > have Apple do - code Safari to break the aspect of Windows that allows > executables from the desktop? > > Matthew > > > On Jun 3, 2008, at 2:52 PM, mike wrote: > > They are naive and code badly because of it? You keep spinning and yer >> gonna get dizzy. Apple also said they aren't going to fix the issue. >> Professionalism? Google apple microsoft zero day patch and you'll hit >> articles showing apple is so professional they lag behind in issuing zero >> day patches compared to MS. >> >> So to sum up. Safari has a flaw, that enables a second flaw in explorer >> to >> be exploited. MS is going to patch explorer, Apple has zero plans to >> patch >> even though when MS patches, the safari bug will still have security >> effects >> on the system. And you think MS is less professional then Apple is used >> to >> working with? >> >> Mike >> >> On Tue, Jun 3, 2008 at 9:41 AM, Tom Piwowar <[EMAIL PROTECTED]> wrote: >> >> Comments I've read from Windows programmers suggest that Apple's >>> programmers may be a bit too naive about Windows. Despite hearing all the >>> stories about Windows' foulness they still assume a higher level of >>> quality and professionalism than Microsoft is able to deliver. >>> Consequently problems like this fall through. >>> >>> Still, what is it about the Windows desktop that is particularly >>> dangerous? Should I be concerned about keeping any files on the desktop? >>> >>> The last paragraph is the critical one for Tom to notice. * According to Raff, unless Apple patches the bug, more attacks like the one he found in IE are likely to pop up. "This is not the only issue that can >>> be >>> combined with the Safari vulnerability," he said. "If Microsoft fixes >>> this, >>> Safari users will still be vulnerable." >>> >>> > > * > ** List info, subscription management, list rules, archives, privacy ** > ** policy, calmness, a member map, and more at http://www.cguys.org/ ** > * > * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] FYI: Safari on the Windows Platform
Is it really a flaw? As I understand it from what I have read on the web, Safari will download what you tell it to where you have told it to. In the case of Windows, the default is the desktop, a fairly common choice. Unfortunately for windows users, the desktop is an unsafe location because executables on the desktop work differently, read more permissively, than elsewhere. The flaw in my view is thus on the Windows desktop. Safari already has a fix available - choose a different location. What would you have Apple do - code Safari to break the aspect of Windows that allows executables from the desktop? Matthew On Jun 3, 2008, at 2:52 PM, mike wrote: They are naive and code badly because of it? You keep spinning and yer gonna get dizzy. Apple also said they aren't going to fix the issue. Professionalism? Google apple microsoft zero day patch and you'll hit articles showing apple is so professional they lag behind in issuing zero day patches compared to MS. So to sum up. Safari has a flaw, that enables a second flaw in explorer to be exploited. MS is going to patch explorer, Apple has zero plans to patch even though when MS patches, the safari bug will still have security effects on the system. And you think MS is less professional then Apple is used to working with? Mike On Tue, Jun 3, 2008 at 9:41 AM, Tom Piwowar <[EMAIL PROTECTED]> wrote: Comments I've read from Windows programmers suggest that Apple's programmers may be a bit too naive about Windows. Despite hearing all the stories about Windows' foulness they still assume a higher level of quality and professionalism than Microsoft is able to deliver. Consequently problems like this fall through. Still, what is it about the Windows desktop that is particularly dangerous? Should I be concerned about keeping any files on the desktop? The last paragraph is the critical one for Tom to notice. * According to Raff, unless Apple patches the bug, more attacks like the one he found in IE are likely to pop up. "This is not the only issue that can be combined with the Safari vulnerability," he said. "If Microsoft fixes this, Safari users will still be vulnerable." * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] FYI: Safari on the Windows Platform
Again more misdirection from the apple zealot propaganda department. It had nothing to do with updating quicktime/itunes, it was that the updater previously only used to update already installed apps was installing a completely new one under the guise of being an update. Mike On Tue, Jun 3, 2008 at 3:03 PM, Tom Piwowar <[EMAIL PROTECTED]> wrote: > Gosh look how apoplectic the Windows fan bois got when Apple > starting running a software update application for just their own > iTunes/QuickTime software. * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] FYI: Safari on the Windows Platform
Tom, it's a SAFARI flaw...how about just taking care of their own stuff? Mike On Tue, Jun 3, 2008 at 3:03 PM, Tom Piwowar <[EMAIL PROTECTED]> wrote: > >So to sum up. Safari has a flaw, that enables a second flaw in explorer > to > >be exploited. MS is going to patch explorer, Apple has zero plans to > patch > >even though when MS patches, the safari bug will still have security > effects > >on the system. And you think MS is less professional then Apple is used > to > >working with? > > Should Apple start issuing patches for Windows? I know that in the past > some small security companies have stepped in when MS could not figure > out what to patch, but for Apple to start doing this would be a major > step. Gosh look how apoplectic the Windows fan bois got when Apple > starting running a software update application for just their own > iTunes/QuickTime software. I think Apple is right to stand back and tell > MS to fix its crappy OS. Why should every app developer have to code > around an OS problem that only needs to be fixed once by the owner of the > OS? > > > * > ** List info, subscription management, list rules, archives, privacy ** > ** policy, calmness, a member map, and more at http://www.cguys.org/ ** > * > * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] FYI: Safari on the Windows Platform
>So to sum up. Safari has a flaw, that enables a second flaw in explorer to >be exploited. MS is going to patch explorer, Apple has zero plans to patch >even though when MS patches, the safari bug will still have security effects >on the system. And you think MS is less professional then Apple is used to >working with? Should Apple start issuing patches for Windows? I know that in the past some small security companies have stepped in when MS could not figure out what to patch, but for Apple to start doing this would be a major step. Gosh look how apoplectic the Windows fan bois got when Apple starting running a software update application for just their own iTunes/QuickTime software. I think Apple is right to stand back and tell MS to fix its crappy OS. Why should every app developer have to code around an OS problem that only needs to be fixed once by the owner of the OS? * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] FYI: Safari on the Windows Platform
They are naive and code badly because of it? You keep spinning and yer gonna get dizzy. Apple also said they aren't going to fix the issue. Professionalism? Google apple microsoft zero day patch and you'll hit articles showing apple is so professional they lag behind in issuing zero day patches compared to MS. So to sum up. Safari has a flaw, that enables a second flaw in explorer to be exploited. MS is going to patch explorer, Apple has zero plans to patch even though when MS patches, the safari bug will still have security effects on the system. And you think MS is less professional then Apple is used to working with? Mike On Tue, Jun 3, 2008 at 9:41 AM, Tom Piwowar <[EMAIL PROTECTED]> wrote: > Comments I've read from Windows programmers suggest that Apple's > programmers may be a bit too naive about Windows. Despite hearing all the > stories about Windows' foulness they still assume a higher level of > quality and professionalism than Microsoft is able to deliver. > Consequently problems like this fall through. > > Still, what is it about the Windows desktop that is particularly > dangerous? Should I be concerned about keeping any files on the desktop? > > >The last paragraph is the critical one for Tom to notice. > >* > >According to Raff, unless Apple patches the bug, more attacks like the one > >he found in IE are likely to pop up. "This is not the only issue that can > be > >combined with the Safari vulnerability," he said. "If Microsoft fixes > this, > >Safari users will still be vulnerable." > > > * > ** List info, subscription management, list rules, archives, privacy ** > ** policy, calmness, a member map, and more at http://www.cguys.org/ ** > * > * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] FYI: Safari on the Windows Platform
Comments I've read from Windows programmers suggest that Apple's programmers may be a bit too naive about Windows. Despite hearing all the stories about Windows' foulness they still assume a higher level of quality and professionalism than Microsoft is able to deliver. Consequently problems like this fall through. Still, what is it about the Windows desktop that is particularly dangerous? Should I be concerned about keeping any files on the desktop? >The last paragraph is the critical one for Tom to notice. >* >According to Raff, unless Apple patches the bug, more attacks like the one >he found in IE are likely to pop up. "This is not the only issue that can be >combined with the Safari vulnerability," he said. "If Microsoft fixes this, >Safari users will still be vulnerable." * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] FYI: Safari on the Windows Platform
http://www.pcworld.com/businesscenter/article/146537/safari_flaw_worse_than_first_thought_microsoft_warns.html The last paragraph is the critical one for Tom to notice. * According to Raff, unless Apple patches the bug, more attacks like the one he found in IE are likely to pop up. "This is not the only issue that can be combined with the Safari vulnerability," he said. "If Microsoft fixes this, Safari users will still be vulnerable." *So I'd say it was both. Mike On Mon, Jun 2, 2008 at 4:41 PM, Tom Piwowar <[EMAIL PROTECTED]> wrote: > > > Perhaps the question should be: why is the Windows desktop so unusually > vulnerable? Is that Apple's fault? > > * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] FYI: Safari on the Windows Platform
>At the present time, Microsoft is unaware of any attacks attempting to >exploit this blended threat. But we will scream about it anyway, just like Henny Penny. >Mitigating Factors: >Customers who have changed the default location where Safari downloads >content to the local drive are not affected by this blended threat. MS doesn't want to give away any information. It appears that all you have to do is change the download location from the desktop to any other folder. Perhaps the question should be: why is the Windows desktop so unusually vulnerable? Is that Apple's fault? * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *