Re: [Fed-Talk] Changing Preferences Against Vulnerability
Re: [Fed-Talk] Changing Preferences Against Vulnerability
- Subject: Re: [Fed-Talk] Changing Preferences Against Vulnerability
- From: Rex Sanders <email@hidden>
- Date: Fri, 24 Feb 2006 12:12:43 -0800
Clarifying:
- Changing Safari preferences and moving Terminal closes just two of
several exploit paths.
- The Heise article covers the first evidence and exploit paths of the
vulnerability. Many more exploit paths have been found.
- SANS is a great source of initial information (I read it daily), but they
haven't followed developments on this issue for a few days now. And that's
not their job.
- Other web sites & mailing lists have been playing "whack-a-mole" trying
to configure this or remove that, only to find out within hours that other
exploit paths are available.
The real fix for this will need to come from Apple.
-- Rex
At 2:50 PM -0500 2/24/06, Cole, John (Civ, ARL/CISD) wrote:
>The work around, if you are using Safari, is to disable automatic
>opening in Safari under safari>preferences>general>"open safe files" and
>to move the application "terminal" out of the utilities directory (to
>the applications directory, for example).
>
>The article on the vulnerability and workaround may be read at
>http://www.heise.de/english/newsticker/news/69862
>
>Besides (or better, instead of) looking at Apple, you can consult other
>well-known sites that list vulnerabilities as they become known. For
>example:
>
>http://isc.sans.org/diary.php?storyid=1138
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden