Re: [OT] When will Apple learn?
Re: [OT] When will Apple learn?
- Subject: Re: [OT] When will Apple learn?
- From: Sander Tekelenburg <email@hidden>
- Date: Tue, 10 May 2005 02:38:27 +0200
At 01:55 +0200 UTC, on 2005/05/10, Sander Tekelenburg wrote:
[...]
> Safari's current 'security' model allows for attacks like this:
> <http://64.70.134.217/widgets/zaptastic/>, which shows that all you need to
> do is clickelty-clik a link (like for instance right here in your email
> client), and you've got some widget installed on your system without even
> knowing it. As soon as you innocently hit F12, it will execute.
That last bit is not correct, obviously. The widget is installed, but not yet
actively on the Dashboard. To execute it, the user will still need to drag it
there (from whatever that cheese grater at the Dashboard's bottom is called).
But given that the user will be completely unaware of having installed a
third-party widget, he has no reason to suspect malicious intent - he's quite
likely to assume the widget came bundled with Tiger and is thus safe.
--
Sander Tekelenburg, <http://www.euronet.nl/~tekelenb/>
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Applescript-users mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden