On 20/5/04 2:53 PM, "Shay Telfer" <[EMAIL PROTECTED]> wrote:
>>> I followed the links in the slashdot article to MoreInternet >>> >>> http://www.monkeyfood.com/software/moreInternet/ >>> >>> and then changed the help: protocol helper to Safari. When I try >>> Rob's link above, it just annoyingly opens another browser window, >>> but doesn't do anything malicious. That should do in the short >>> term until the security fix comes out. >> >> actually I get help being launched no mater what I change "help" protocol to. >> >> I located "help" by right mouse clicking the dock "show in finder" >> and gave my self and all users "no access rights" and now It just >> doesn't come up - of course that means I cant launch it for >> legitimate help functions I may need it for like airport config >> issues :( > > Change the helper to something which is unlikely to be able to handle > URLs. Safari is a bad choice :) > > I chose a random app that I don't launch very often (APOD Grabber). > That way if it suddenly launches I know someone's tried to use the > exploit. > > Have fun, > Shay BTW, does this flaw occur when someone with administrator access is logged in, or when anybody is logged in? I figure deleting anything will require some sort of permissions. I guess at worst you can lose the contents of your home folder - which shouldn't be that much of a concern to those who regularly back up ;-) Seeya Rod!