I am not saying Safari could not be better - it is my third favorite
browser behind Opera and Firefox / Camino. I want to be asked by my
browser at each step of the way - others do not.
Matthew
On Jun 4, 2008, at 12:59 PM, mike wrote:
I suppose my problem is I'm going by several different experts in
the field
instead of deferring to hobbyists for my information.
Mike
On Wed, Jun 4, 2008 at 9:03 AM, Matthew Taylor <[EMAIL PROTECTED]
>
wrote:
On Jun 4, 2008, at 11:13 AM, mike wrote:
http://www.pcworld.com/article/id,145985-page,1/article.html?tk=synd_macworld
A good explanation of the problem from a mac source. The bottom
line is
this apparently: The problem arises "because the Safari browser
cannot
be
configured to obtain the user's permission before it downloads a
resource,"
This is a feature issue, not a security issue, ie social
engineering. If
the user says "Yes" and downloads the malware including package to
the
desktop, boom, package delivered. The problem is the vulnerability
being
exploited on the Windows side. Can you name any browser that
natively will
not download malware even if the users approves?
The other main sticking point is that even if MS fixes their bug,
and they
are already doing so, the safari bug will STILL AFFECT systems.
The same
problem that works in conjuction with the MS bug, can be exploited
in
other
ways.
How? By downloading malware to another vulnerable location?
Again, this
is Safari's problem?
*************************************************************************
** List info, subscription management, list rules, archives, privacy **
** policy, calmness, a member map, and more at http://www.cguys.org/ **
*************************************************************************
