Sorry... My trackpad slipped down to "Send Now" when I was trying to hit my minimize button. I had a few more sentences of clarification :-)
On 3/7/05 11:08 PM, "Geoff Beier" <[EMAIL PROTECTED]> wrote: > On 3/7/05 2:44 PM, "Lorenzo Perone" <[EMAIL PROTECTED]> > wrote: >> >> I'm not sure I'll be fast enough with a 'killall Camino' or Force Quit >> by the time my favorite fastest browser on Mac OS X has launched and >> opened the url. >> >> Imho, in a world in which a cookie is a potential privacy >> threat, we should consider the open url feature also one. >> > > While you are quite correct that open url could be used to leak information, > and it is a good instinct to consider how a malware author could abuse it, I > think your concern is misplaced. If I'm a malware author and you're running > my code, every application on the system could disable open url, and I could > leak any information I can access without little snitch ever noticing. (I'm > not criticizing little snitch specifically here, but rather all > process/host/port based "firewalls", on all platforms... They are absolutely > a false sense of security in their common operating configurations if you > can't control which software you are running.) > > As long as you are allowing ANY application to hit arbitrary hosts, it's "game over" for any code you run to hit an arbitrary host. Software like Little Snitch identifies process by name, path, and checksum. To get out, then, it's simply a matter of causing a process that Little Snitch trusts to connect to your host. As with most operating systems, you can inject code into any process you launched. So if I get you to run my malware, I can: 1. Check the list of apps little snitch trusts 2. Find one of those that's running and inject code that appears to little snitch to be part of that app. 3. Transmit whatever I can read off the machine :-P Since no one wants to answer a popup every time they visit a web site, it's nearly 100% safe that little snitch will be configured to let a browser hit arbitrary hosts. This style of injection is far superior to open url because it's much less likely to attract the notice of the user, either in browser history or via a flashing window. That's a very long way to say that adding stuff to our open url apple event handler would be extra work that would inconvenience our users, make us more brittle, and buy us absolutely nothing at all in terms of protection against malicious software. Geoff _______________________________________________ Camino mailing list [email protected] http://mozdev.org/mailman/listinfo/camino
