Forgot? Register


Serious flaw on OS X

Published: 2006-02-21, Last Updated: 2006-02-21 22:15:27 UTC     -     by Kyle Haugsness (Version: 3)

… a serious vulnerability has been found in Apple Safari on OS X.  “In its default configuration shell commands are execute[d] simply by visting a web site – no user interaction required.”  This could be really bad.  Attackers can run shell scripts on your computer remotely just by visiting a malicious website.

Full text of the article: http://www.heise.de/english/newsticker/news/69862
Proof of concept from the original discoverer (Michael Lehn): http://www.mathematik.uni-ulm.de/~lehn/mac.html

The problem is due to a feature that is activated by default: Open Safe Files after downloading.  A zip file is considered safe and so they will be opened automatically.  Subsequently, a shell script with no #! at the beginning of the script will be executed automatically.  No user interaction!

Social Engineering

Router security hole threatens Web

Robert Vamosi CNET News.com

Published: 03 Mar 2003

http://news.zdnet.co.uk/internet/0,1000000097,2131302,00.htm

eBay cracks down on Romanian fraudsters

Brett Winterford ZDNet Australia

Published: 28 Jun 2007 12:11 BST

http://news.zdnet.co.uk/security/0,1000000189,39287770,00.htm?r=1

Phishing

An attacker soliciting for sensitive personal data that would enable the attacker target user access.


Hacking

Unauthorized access

Categories