On CHOW: Cookbooks make great gifts
BNET Business Network:
BNET
TechRepublic
ZDNet
TalkBack 17 of 152:
Next »
« Previous
Then you will be pleased to know...
that Mac users who switch to Firefox and Thunderbird will
be as safe as Windows users from similar exploits.

The exploit is the same as sending a Windows user a file
called 'blah.jpg.exe' where the .exe bit is hidden by default.

The problem comes from Apple following the stupid
Windows idea of using part of the file name to associate a
file with an application and hence assign an icon to the file.
In Mac OS 9 and earlier, the icon was based on the
application that would open the file, not some arbitrary bit
of text in the filename - there was no concept of an
extension.

But since OS X, Apple decided to use the file name as one
of the mechanisms to associate a default icon with a file.
Unfortunately, the application that will open the file is
determined differently and so this exploit becomes
possible. It originated because when users transferred files
from DOS PCs to Macs, there was no application associated
with the files. Applications like MacLink translators
(included with Mac OS after about 8.1 I think) used to add
data to the file's resource fork based on the DOS extension
to associate an application with the file. The finder then
associated an icon to the file based on the application
indicated in the resource fork.

It is that association technique that seems to be broken on
OS X.

The equivalent exploit in Windows was done years ago -
mail attachments like 'AnnaNaked.jpg.exe' tried to trick
users into double-clicking a file based on the idea that file
extensions were hidden by default. The .exe extension was
hidden, but users could see the .jpg bit. They thought they
were opening a .jpg file but were actually running a .exe.

Pity Apple didn't take a bit more notice of that.

The embarrassment here is that Apple will have a really
tough time fixing this, even though the fix is really simple
in principle. I expect that in the near future OSs will be
changed so that the first time any file is opened,
users will get a rundown on exactly what is happening -
which application is being used, whether the file contains
any instructions or executable bits and what it will do if
they run.
Posted by: Fred Fredrickson   Posted on: 02/22/06 You are currently: a Guest | Members login | Terms of Use
Reply to Story Reply to Message

Alert moderator to an offensive message

Subscribe to this discussion via Email or RSS

OSX  bd048 | 02/21/06
Did you RTFA?  Jeff the god of biscuits | 02/21/06
i agree.......  waylander | 02/21/06
i Agree  pjones | 02/21/06
as previously stated  glocks out | 02/21/06
Are you serious?  ajole | 02/21/06
Oh ye of the low IQ  Rick_K | 02/22/06
Actually, um, you are wrong  NonZealot | 02/22/06
I wonder how it is...  A_Pickle | 02/22/06
A sad day....  IT Scion | 02/21/06
Rude awakening for Mac users  aetherjoy | 02/21/06
Oh yeah - "several" "vulnerability"  metavurt | 02/21/06
Welcome to our world.  A_Pickle | 02/22/06
Two is 'several? (nt)  s_gamgee | 02/22/06
Mac v Microsoft  Sonoma54 | 03/18/06
Heh.  A_Pickle | 02/21/06
Then you will be pleased to know...  Fred Fredrickson | 02/22/06
Stupid follower  whats the point | 02/23/06
Two is a barrage? (nt)  s_gamgee | 02/22/06
Don't underestimate how easy this is  NonZealot | 02/21/06
I expect only a few people have the required feature enabled on Safari tho  hipparchus2001 | 02/21/06
huh?  toadlife | 02/21/06
I thought a bunch of people said it wasn't  hipparchus2001 | 02/21/06
Read the advisory (diary) at SANS  toadlife | 02/21/06
THE ONE REAL COMPLAINT! (NT)  s_gamgee | 02/22/06
yes and no...  doh123 | 02/22/06
Mac's are easy to atack  IceTheNet@... | 02/21/06
Yes, it's a snap  Fred Fredrickson | 02/22/06
No big deal  NonZealot | 02/22/06
You Missed It  Nick_Gravelyn | 02/22/06
Vital System Files  dragosani | 02/22/06
You understood, he didn't (NT)  NonZealot | 02/22/06
impossible  corticus | 02/21/06
Take your troll elsewhere  tic swayback | 02/21/06
Don't you recognize a joke?  jrbeaman | 02/21/06
Even so...  evanwood | 02/21/06
well as a mac and pc user he sounds triumphant to me  hipparchus2001 | 02/21/06
Immune to viruses  alcedes | 02/21/06
Even if they don't gain market share  IceTheNet@... | 02/21/06
Market share plays a role. A big role.  Qbt | 02/21/06
Wake up!  TheCrow_z | 02/21/06
Hello!  Qbt | 02/22/06
Nice troll  Jeff the god of biscuits | 02/21/06
Impossible Indeed.  metavurt | 02/21/06
how is this an OS X flaw?  doh123 | 02/21/06
why its a MAC flaw  waylander | 02/21/06
Microsoft disagrees with you  tic swayback | 02/21/06
OOF! Score one for you!  ajole | 02/21/06
I don't understand how his post was wrong  NonZealot | 02/21/06
You have to ask yourself who made safari  IceTheNet@... | 02/21/06
Re-read for meaning  tic swayback | 02/22/06
Sure you did...  brichter | 02/21/06
It is an OSX flaw  tic swayback | 02/21/06
it's an oSX Flaw  pjones | 02/21/06
yep, it is an OSX flaw  doh123 | 02/21/06
Deafult settings are decided by idiots.  jrbeaman | 02/21/06
It's off  j.m.galvin | 02/21/06
Yeah kind of like firefox (NT)  ju1ce | 02/21/06
how do you figure  IceTheNet@... | 02/21/06
Because  baggins_z | 02/22/06
Not True  joeyp770 | 02/23/06
Who cares?  d1@... | 02/21/06
people with OSX should.  glocks out | 02/21/06
You need to grow up.  jrbeaman | 02/21/06
and yours is any better?  IceTheNet@... | 02/21/06
Those who don't want to see it become a trend  Boot_Agnostic | 02/24/06
Better Fix  tic swayback | 02/21/06
And what's to stop the exploit from running a different app  Lfraz | 02/22/06
Deny or not  Boot_Agnostic | 02/21/06
Wisdom in Star Trek  ITTech001 | 02/21/06
but but but  IT Scion | 02/21/06
Ha  ITTech001 | 02/21/06
Why "transparent"?  jrbeaman | 02/21/06
are you speaking of anoying the user to death  IceTheNet@... | 02/21/06
RE: Wisdom in Star Trek  richdave | 02/21/06
Simple  IT Scion | 02/21/06
So's Windows 3.1  Rodney Davis | 02/21/06
no viruses for my Altair 8800 either  hipparchus2001 | 02/21/06
And totally unsupported.  jrbeaman | 02/21/06
hate to burst your bubble  IceTheNet@... | 02/21/06
How so?  toadlife | 02/21/06
And how would they enter?  toadlife | 02/21/06
re: Wisdom in Star Trek  strawbrn | 02/21/06
If it exists in Linux or BSD  richdave | 02/21/06
Confusing kernel with OS  NonZealot | 02/21/06
I would tend to agree  IceTheNet@... | 02/21/06
I hope the corporation gave Apple time to fix the flaw before publicising  hipparchus2001 | 02/21/06
Give them time, since when?  ajole | 02/21/06
what?  doh123 | 02/21/06
it's twice as slow as current technology  glocks out | 02/21/06
Think again  IceTheNet@... | 02/21/06
Actually  IT Scion | 02/21/06
You must be...  A_Pickle | 02/21/06
or, "you must be..."  glocks out | 02/21/06
Not necessarily  j.m.galvin | 02/21/06
that's true  glocks out | 02/21/06
not correct Core Duo speeds check intel.com  hipparchus2001 | 02/21/06
Hah.  A_Pickle | 02/21/06
yeah...  doh123 | 02/23/06
As far as I understand it the Intel Core Duo is new tech, and 2.0Ghz is it  hipparchus2001 | 02/21/06
intel.com  glocks out | 02/21/06
The fastest core duo on intel.com is 2.16GHz  hipparchus2001 | 02/21/06
2 Ghz is fast.  jrbeaman | 02/21/06
OS X flaw exposes Macs  Loverock Davidson | 02/21/06
Me too.  A_Pickle | 02/21/06
Nothing is perfect.  jrbeaman | 02/21/06
Wake Up  Richard Flude | 02/21/06
Exactly...  ju1ce | 02/21/06
Do you eat pablum too?  jrbeaman | 02/21/06
Remember the IBM PC?  dgari | 02/22/06
The mighty Tiger is meowwing...  TrueSpeak | 02/21/06
They're getting bored...  TonyMcS | 02/21/06
Wait a minute....  IT Scion | 02/21/06
Here we go again...  Jeff the god of biscuits | 02/21/06
My TRICORDER is HACK PROOF  Jeff the god of biscuits | 02/21/06
I hacked your tricorder  IceTheNet@... | 02/21/06
It is only a matter of time folks  Jeff the god of biscuits | 02/21/06
But right now  hipparchus2001 | 02/21/06
Really??  Kid Icarus-21097050858087920245213802267493 | 02/21/06
If .net is heavily used in writing vista  hipparchus2001 | 02/21/06
Not that exposed  fingal | 02/21/06
You are right  NonZealot | 02/21/06
Who's not a zealot?  fingal | 02/21/06
Dunno. You certainly are one.  A_Pickle | 02/21/06
You are just so right!  NonZealot | 02/22/06
Annoy hardly...happy for ya! However like it or not guys  Laff | 02/22/06
Why did you reply?  NonZealot | 02/22/06
Noted and I will keep this in mind in out future exchanges.  Laff | 02/22/06
You underestimate how serious this is  Richard Flude | 02/21/06
THE FIX -- stop worrying  kray_z | 02/21/06
Too bad...  brichter | 02/21/06
Not Important  plokoonpma | 02/21/06
Guess Firefox is the best bet for mac too  DarthRidiculous | 02/21/06
Two weeks ago, there was a serious flaw with Firefox on OS X  george_ou | 02/21/06
Windows 3.1 security  dickrichard | 02/21/06
All talk...NO ACTION...  Anon_ymous | 02/21/06
Well I guess on the BRIGHT side now the Mac and OSX  Laff | 02/21/06
Action  brichter | 02/21/06
A more mature response!!!!  Anon_ymous | 02/22/06
Allow me to inject my ignorant observations  JCitizen | 02/21/06
JC... Just another c-unit  hackmeifyoucan | 02/22/06
Safari  s_gamgee | 02/22/06
Ha ! Ha ! So OS suX isn't Perfect??  jpr75_z | 02/22/06
My Left Shoe  Nick_Gravelyn | 02/22/06
Hmmm.....  IT Scion | 02/22/06
If I can change my homepage  s_gamgee | 02/22/06
FINALLY.....!  Hard Cider | 02/22/06
All that bragging about how good your os is  zmud | 02/22/06
INVINCIBLE!  Anon_ymous | 02/22/06
Good one!  zmud | 02/22/06
Bring them on  minardi | 02/22/06
Here we go again.  papatator | 02/22/06

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads