Re: new venerability on macosxhints through Safari
Re: new venerability on macosxhints through Safari
- Subject: Re: new venerability on macosxhints through Safari
- From: roncross <email@hidden>
- Date: Wed, 19 May 2004 21:57:23 -0700
I am not trying to be rude. I am only try to inform people of the
venerability's of certain security risk. Sure the first post was a
malicious applescript that someone wrote and hid it in an icon to wipe
out the home directory of suspected users. What did I learn from this
lesson? Backup, backup, backup and don't download from non-trusted and
p2p sites.
Actually, after digging into the helper protocol further, the problem
was not with the OpnApp.scpt. the problem is with the protocol helper
allowing someone to exploit it through writing a script. Apple is
working hard to fix this one by now.
As for rights, what I simply meant is that as long as I follow the
rules - like everyone else, I can post just like all the other members
on the list. As far as I know, I have not broken any rules. If I have
broken any rules, please point it out to me and I will not try my best
to not repeat it. I looked for the list of rules, but I am not able to
find them. Maybe you can point me in the right direction.
thx
RLC
On May 19, 2004, at 8:16 PM, John C. Welch wrote:
On 5/19/04 9:30 PM, "roncross" <email@hidden> wrote:
This is just to point out the fact that applescript can be used in a
malicious manner or used inappropiately. I have a right to post this
whether you agree with it or not. Whether you like it or not. If you
don't agree with it, then don't read it and move on as you would put
it.
The same can be said of ANY programming language from AppleScript to
Assembly and all levels in between.
The implication that AppleScript somehow makes this worse or better of
an
exploit is incorrect. Applescript is a programming language, and as
such is
precisely as dangerous as the person using it. ObjC is quite dangerous
in
the wrong hands, as is a good assembler.
Your 'rights' have nothing to do with anything, and speaking
pedantically,
on a private list, you have no rights other than what the list
management
chooses to give you. That's just communication noise.
I'm just glad that the list serv stripped out the four image
attachements
that you felt everyone on this list needed to download and view.
john
--
"Kill one, terrify a thousand."
- Sun Tzu
_______________________________________________
applescript-users mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/applescript-users
Do not post admin requests to the list. They will be ignored.
thanks
Ronald Cross
_______________________________________________
applescript-users mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/applescript-users
Do not post admin requests to the list. They will be ignored.