Slashdot Mirror

← Back to Stories (view on slashdot.org)

Friday Security Fun

Posted by pudge on from the updating-as-soon-as-i-post-this-story-and-quit-my-browser dept.

rgraham writes "Apple has release a new security update for the Safari cookie bug. 'Security Update 2003-12-05 updates Safari to prevent unauthorized access to a user's cookies.' They also updated the article on how to 'Configure Directory Access to Protect Your Mac From a Malicious DHCP Server.'" We posted that the other day, but this time, pictures!

7 of 52 comments (clear)

  1. Or another fix by Doc+Squidly · · Score: 1, Interesting

    Just don't allow cookies. (Yes, it seems too simple)

    --
    I think I think, therefore I think I am.
  2. Needs a reboot... by Fulkkari · · Score: 3, Interesting

    The update needs you to reboot the computer. *sigh* Why is that? This is a web browser we're talking about. Shouldn't it be enough quitting Safari + all applications that uses it's content rendering engine? As far as I know, Safari isn't integrated to the OS in any way like IE to Windows, so it shouldn't be neccesary to reboot the *whole* OS. On the other hand they effectively stop applications to interfere while updating and cause problems that way. Maybe it's some precautionary measure, but I don't think this should be neccesary...

    BTW software updater was already automaticly fetching the update in the background while I read this. It's really nice when you don't have to wait while downloading them. I don't understand what's the big fuss of letting the OS fetch updates in the background, as long as it doesn't install them. I'm not sure but I think software update does only download the important updates...

    --
    I demand the Cone of Silence!
  3. Re:Eerily reminiscent of my Windows days... by transient · · Score: 2, Interesting
    CPU-crunching

    BZZZT. Try again. Unless that Powerbook of yours is dreadfully old, the UI is rendered by your graphics card.

    --

    irb(main):001:0>
  4. Re:Eerily reminiscent of my Windows days... by tim1724 · · Score: 3, Interesting

    The compositing is done by the video card (remember, Quartz Extreme only accelerates compositing!), but much of the drawing is done by the CPU. The Dock's genie effect, in particular, is drawn by software.

    Even on my G5 the CPU does quite a bit of work to draw that effect. Not enough to slow anything down, but enough to be visible in the Activity Monitor.

    The scale effect ought to be done all in the video card, although I'm not sure how it was implemented. In any case, it doesn't use much CPU at all, so if CPU usage is a concern, tell the Dock to use the scale effect instead of the genie effect.

    --
    -- Tim Buchheim
  5. Re:Eerily reminiscent of my Windows days... by tim1724 · · Score: 2, Interesting

    Upon further experimentation, it looks like you're right. The CPU slowdown I was seeing appears to be from the Dock resizing icons (to make room for the new minimized window) rather than from the genie effect ... I only see CPU usage jump when the Dock needs to scale icons to make everything fit. (Unfortunately, the Dock appears to scale and draw its icons itself, rather than keeping the 128x128 icon in a buffer and allowing the GPU to scale it.)

    --
    -- Tim Buchheim
  6. 'Only from sites you navigate to' by rixstep · · Score: 5, Interesting

    'For example, not from advertisers on those sites'

    So reads the third cookie option in Safari, but it's not true. You'll find '.doubleclick.net' in there all the time, and I doubt any of you are wandering over to DoubleClick to check out the action.

    And any domain for a cookie beginning with a '.' means 'any URL in that domain' - and that is NOT just 'from sites you navigate to'.

  7. Replace Cookies.plist with a folder by Anonymous Coward · · Score: 5, Interesting

    ...and the cookies only last for the current session.