Huge security hole in Internet Explorer for MacOS

Brad Lucier writes "Macintouch is reporting (go down the page a bit) that Internet Explorer 5.1, which comes preinstalled on MacOS X 10.1, has a huge security hole---when it downloads arbitrary programs encoded in the Macintosh's standard BinHex (.hqx) format, it automatically executes them. " Well I guess thats one way to make Unix insecure. Can anyone actually confirm this since it looks kinda sketchy. I wonder what someone's rationale would be for that:"Oh this won't hurt anyone, and saving that extra 'OK' click will be great!".

Sigh.

[DarkZero]

And of course, the media will portray this as "a problem with computers in general" (often used), "a fundamental problem in the structure of the internet" (Code Red), etc. And Microsoft will portray it as "Just one of those unavoidable things that happens when you used a Unix-based operating system".

Fuckin' morons.

Re:Sigh.

[!recycle]

Yeah and now my mom can freak out when her lame job sends out a warning (even though they use windows NT).

i can hear it now "Oh my God, There is a terrible bug in all comuters, you have to shut off and go hide in a bunker. The world is coming to an end!"

Re:IE Flaw

[Daniel+Dvorkin]

The Mac has always played nice on the Web. What are you talking about?

Knowing Microsoft...

[neema]

"Oh this won't hurt anyone, and saving that extra 'OK' click will be great!". "

Knowing Microsoft, even when it does ask you to execute the file, the only option it'll give is "OK".

Re:Security Hole a Hoax

No. It has been verified.

Your claim of a hoax is the only hoax here.

The real reason

After usibility testing with average Mac users explaining how downloaded files need to be stored somewhere and then doubleclicked to execute, Microsoft said "fuck it" and made it automatic.

Design a computer for an moron, and only morons will use it.

Re:Security comparison; reason for insecure code?

[WolfWithoutAClause]

>Microsoft developers (in the words of Ballmer) are only human as well -- and I'm sure they work just as hard as we do.

Harder! Because evil never sleeps... ;-)

Re:Zorak said it best.

Yeah I'm sure MS is scared of a bunch of fat, pimply ugly losers who try and sissy-slap their way into MS headquarters. Get real.

Solution

[KFury]

1. Create script to toggle 'autoexec .hqx downloads' to FALSE
   
2. Insert the file into the X-10 popup banner

Problem solved.

New slogan

[Lumpy]

I'm gonna be maked at -5 flamebait for this...

Microsoft, Helping people root boxes cince 1983 and now with cross platform capabilities built specifically for Macintosh OS 10!

Execution

[garoush]

"...it automatically executes them."

Now if an "executed" program is STILL a security risk -- I don't know how we can ever be secure.

Step back and smell the irony

[1stmammaltowearpants]

We're talking about a Microsoft product running in Unix that came pre-installed with the Mac OS.

These are strange times, my friends.

Re:Intrinsic Security in OS X

[styrotech]

True, but since win2k doesn't have the equivalent of sudo or su, it can be a serious pain in the ass, especially for some luser who can't figure out why they can't do something unless they log out and log back in as admin, not a quick operation.

Not quite, W2K introduced the "Run as..." feature, and the NT Resource Kits have a su in them.
Don't get me wrong, they're still a bit of a PITA to use and not as transparent as sudo (but sudo is a bit of a hack really). They are there though.

I hate MS as much as the next guy, but will correct any incorrect MS bashing (don't worry, there's still plenty of other things to bash).

WHAT??

[Godwin+O'Hitler]

A security flaw in a Microsoft product???? Impossible! I'm not even going to read the article.

I....LOVE....THIS....COMPANYYYYYYYYYY!!!