Slashdot Mirror

← Back to Stories (view on slashdot.org)

Friday Security Fun

Posted by pudge on from the updating-as-soon-as-i-post-this-story-and-quit-my-browser dept.

rgraham writes "Apple has release a new security update for the Safari cookie bug. 'Security Update 2003-12-05 updates Safari to prevent unauthorized access to a user's cookies.' They also updated the article on how to 'Configure Directory Access to Protect Your Mac From a Malicious DHCP Server.'" We posted that the other day, but this time, pictures!

14 of 52 comments (clear)

  1. Re:Or another fix by SillyWilly · · Score: 5, Informative

    It has been suggested that even disabling Cookies won't help: http://www.securityfocus.com/archive/1/344992 As I understand it, this is because in Safari disabling cookies merely prevents creation of new cookies and not access to old ones. Therefore you should delete all cookies first.

    --
    Online & Feelin' Fine
  2. Re:Needs a reboot... by Rosyna · · Score: 5, Informative

    A lot of apps use WebKit (Help, Sherlock, Safari, Mail) so it's easier to tell users to restart than to tell them to log out or to quit all those applications. A person that knows what they are doing will just force quit the installer.

  3. Re:Needs a reboot... by justMichael · · Score: 4, Informative
    A person that knows what they are doing will just force quit the installer.

    Or run the update from the CLI.
  4. Re:Needs a reboot... by tim1724 · · Score: 3, Informative

    Safari 1.1 (and 1.1.1) uses some new features of Panther which aren't in Jaguar. Hence it is not compatible with Jaguar, and wouldn't work.

    --
    -- Tim Buchheim
  5. Re:Needs a reboot... by Hes+Nikke · · Score: 4, Informative

    The update needs you to reboot the computer. *sigh* Why is that? This is a web browser we're talking about.

    oddly, this update isn't an update to Safari, instead, it's an update to the CoreFoundation framework!

    as the name implies, CoreFoundation is the core of all your aqua apps, or at the very least, all your cocoa apps. one of the things this framework can do is let any app that uses the framework to get data from a URL, so it would make sense that the cookie handling would be there too. yeah, in this case i'd say a reboot is absolutely called for.

    --
    Don't call me back. Give me a call back. Bye. So yeah. But bye our, well, but alright we are on a shirt this chill.
  6. Some links by blb · · Score: 5, Informative

    The knowledgebase article for 10.2.8 and for 10.3.1.

  7. Re:Or another fix by Graff · · Score: 4, Informative
    Just don't allow cookies.
    If by "fix" you mean "break a lot of functionality on sites" then yes, that certainly is an option.

    That's why I love OmniWeb. It allows you to accept cookies, but throw them out when you quit the browser. Sure I lose such nifty "features" as not having to log into some websites but I also cut ads and whatnot of the ability to track me across sites for long periods.

    Honestly, there need to be much better built-in controls on all browsers for limiting a server's access to data on your computer.
    --
    Sapere aude!
  8. Re:Needs a reboot... by bat,+blind+as+a · · Score: 4, Informative

    $ sudo softwareupdate -i -a
    Password:
    Software Update Tool
    Copyright 2002-2003 Apple Computer, Inc.

    Security Update 2003-12-05: 0...10...20...30...40...50...60...70...80...90...1 00
    Optimizing system performance. This may take a while...
    Done.

    You have installed one or more updates that requires that you restart your
    computer. Please restart immediately.

  9. Re:Eerily reminiscent of my Windows days... by Graff · · Score: 4, Informative
    The compositing is done by the video card (remember, Quartz Extreme only accelerates compositing!), but much of the drawing is done by the CPU. The Dock's genie effect, in particular, is drawn by software.

    Both of the Dock minimization effects are handled by the GPU. The window is drawn as normal by the application that owns it and is passed off to Quartz Extreme, which then hands it off to the GPU with the appropriate rendering commands. With the scale effect that is a simple scale command, with the genie effect there is stretching and scaling. All of this is done through Open GL commands.
    --
    Sapere aude!
  10. Re:Needs a reboot... by Graff · · Score: 3, Informative
    BTW software updater was already automaticly fetching the update in the background while I read this. It's really nice when you don't have to wait while downloading them. I don't understand what's the big fuss of letting the OS fetch updates in the background, as long as it doesn't install them. I'm not sure but I think software update does only download the important updates...

    Yep, only critical updates are automatically downloaded and even that is optional. In fact the whole process is optional. You can tell the operating system to never check for updates on its own and you can choose to ignore updates.

    Software Update is pretty flexible and non-obtrusive. The only thing that I wish is that it had an option to allow me to register and de-register other programs for it to check. That way if the author of a program allowed it I could have Software Update automatically check for updates from him in addition to those from Apple.
    --
    Sapere aude!
  11. Re:Or another fix by valkraider · · Score: 4, Informative

    You can do this with Safari as well.

  12. Re:Needs a reboot... by Anonymous Coward · · Score: 4, Informative
    The only thing that I wish is that it had an option to allow me to register and de-register other programs for it to check. That way if the author of a program allowed it I could have Software Update automatically check for updates from him in addition to those from Apple.
    According to ThinkSecret, Apple will provide this capability in a future version of Software Update. It will be limited to select developers, but surely the API will be reenigned in no time.
  13. Site by Site by chigaze · · Score: 3, Informative

    OmniWeb allows this in a site by site basis rather than across the board. So I can tell it to treat Slashdot cookies normally but trash Amazon ones after every session.

    It's the one thing that could drag me back to OW but I also like my Safari tabs.

  14. Re:Needs a reboot... by Aqua+OS+X · · Score: 2, Informative

    To the user Safari doesn't appear to be integrated into the OS (like MSIE); however, its does access a lot global system resources that other applications frequently use.

    Webkit is a fairly major one. Mail, Help, OmniWeb, etc all access this.

    --
    "Things are more moderner than before- bigger, and yet smaller- it's computers-- San Dimas High School football RULES!"