On May 30, 2011, at 2:46 PM, Michael Brian Bentley wrote:
> In this instance of malware, the consequences to the machine haven't been bad
> at all. So Far.
>
> I wonder if browsers can be set up to detect code poisoning and just shut
> down the window when it happens? Checksum dynamic page content?
umm... what? The problem is that the server has been changed so that it
provides a page that includes links to malware (sometimes in auto-fire
javascript). And a dynamic page, by definition, can't be checked against a
fixed checksum. Other than sandboxing the browser, and black-listing code
fragments (always a step behind), there have been no good measures to take
against this sort of attack. And user education (did you mean to install
something?) is always going to be tragically flawed by some users.
--
Karl Kuehn
[email protected]
_______________________________________________
MacOSX-talk mailing list
[email protected]
http://www.omnigroup.com/mailman/listinfo/macosx-talk
