Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Urges Windows Users To Shun Safari

Posted by CowboyNeal on from the big-surprise-there dept.

benjymouse writes "The Register has picked up on a recent Microsoft security bulletin which urges Windows users to 'restrict use of Safari as a web browser until an appropriate update is available from Microsoft and/or Apple.' This controversy comes after Apple has officially refused to promise to do anything about the carpet bombing vulnerability in the Safari browser. Essentially, Apple does not see unsolicited downloads of hundreds or even thousands of executable files to users' desktops as being a security problem." Now while downloading a hundred files to your desktop won't automatically execute them, Microsoft's position is that a secondary attack could execute them for you.

19 of 502 comments (clear)

  1. Re:Accidentents. --lol by Vectronic · · Score: 4, Funny

    Time for bed.

  2. Oh Microsoft... by Raian++3 · · Score: 4, Funny

    Talk about the stove calling the kettle black.

    1. Re:Oh Microsoft... by slaingod · · Score: 2, Funny

      Why does it always have to be about race?

      --
      http://blog.slaingod.com
  3. MS says shun Safari? by DrHackenbush · · Score: 5, Funny

    Finally, something I we can agree on.

  4. Re:Wow. Just wow. by Zontar+The+Mindless · · Score: 4, Funny

    May I be the first to say:

    Whooosh

    --
    Il n'y a pas de Planet B.
  5. Re:Accidentents. by Hal_Porter · · Score: 5, Funny

    This won't give admin rights to the app. UAC to the rescue. If the Aliens in Independence Day had used Vista instead of OS X then UAC would have stopped the human virus running and they would have been able to complete their conquest of Earth.
    --
    echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
  6. Re:Wow. Just wow. by Hal_Porter · · Score: 2, Funny

    Anything but IceWeasel.

    --
    echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
  7. Re:doesn't work? by that+this+is+not+und · · Score: 5, Funny

    Since I voted for George Bush (twice) and Bill Clinton (twice!) I classify MYSELF as a terrorist. I've certainly done enough damage to the country to sit the next election cycle or two out. heheh I need to be careful since whichever lame tool I vote for gets elected....

  8. Re:Accidentents. by thegnu · · Score: 4, Funny

    First, imagine how many people would just blindly click on a new desktop icon just to "see what it does". Well, if the icon is boobies, then about 49% of the population. If the icon is bunnies, however, I think it's much closer to 51%.
    --
    Please stop stalking me, bro.
  9. Re:Accidentents. by Firehed · · Score: 5, Funny

    What about bunnies with boobies?

    --
    How are sites slashdotted when nobody reads TFAs?
  10. Denial of Service by Inf0phreak · · Score: 3, Funny

    It certainly opens the possibility for some "fun" denial of service attacks. How many files do you need on your desktop before explorer.exe croaks? I presume the number is well under 100,000?

    --
    ________
    Entranced by anime since late summer 2001 and loving it ^_^
  11. Re:prefs by recoiledsnake · · Score: 2, Funny

    You can tell Safari to put downloaded files where ever you want. So they don't have to be on the desktop How can I tell Safari to put downloaded files in /dev/null ?
    --
    This space for rent.
  12. Re:Accidentents. by billcopc · · Score: 5, Funny

    The world ends.

    --
    -Billco, Fnarg.com
  13. Re:Accidentents. by c0ol · · Score: 3, Funny

    http://www.flickr.com/photos/johnmcnicholas/2199035401/

  14. Re:Accidentents. --lol by recoiledsnake · · Score: 4, Funny

    Please note that we are not treating this as a security issue, but a further measure to raise the bar against unwanted downloads. This will require a review with the Human Interface team. You mean Apple actually has a HIG team for Windows applications like Quicktime, iTunes and Safari?????
    --
    This space for rent.
  15. I found this a bit more interesting by TubeSteak · · Score: 4, Funny

    I'd like to thank the Apple security team for ... and for letting me discuss these issues with the security community. ::raises hand::
    Teacher, may I go to the bathroom?

    What if Apple's security team had said no?
    --
    [Fuck Beta]
    o0t!
  16. My experience by Swift2001 · · Score: 1, Funny

    I had this experience with Safari in OS X 10.5.3: I went to a web site, forget which one, and got injected. I could tell monkey business was going on. My downloads folder started to dance, and I went to it just as an .exe plopped into it.Hmm. A danger if I was on my Intel computer, running Parallels. Since double-clicking on the exe would have launched Windows. And then run the exe and screwed up that virtual machine. So I'd have to go back to the snapshot I made when I made the installation. And trash the virtual machine that got hacked.

    But I was on the G5, so it was like getting a marriage proposal from a Venusian.

    It's so nice, getting security lectures from Microsoft.

  17. Happy days at Microsoft by wicka · · Score: 3, Funny

    I guarantee you someone at Microsoft had to bake cupcakes when they found out they could justifiably classify an Apple product as a security risk.

  18. Dangerous vulnerability in all existing browsers! by elizium23 · · Score: 2, Funny

    I know some may be embarrassed that I am revealing this crippling exploit, but I just think that it cannot be covered up any longer. I was astonished to discover, after running many, many tests in my parents' basem...secret lab... that all browsers have this horrible bug. Clicking on any link will cause dozens of files to be downloaded automatically!!! That's right: any link you visit on the Web actually causes a complete download of its content to your computer! Think of the unwitting copyright violations! Think of the children! What's worse, these files are not in an obvious location such as your desktop. No, they are stashed away in such cryptic locations as "~/.mozilla/firefox/znf60w9b.default/Cache"
    Let's analyze these components one by one.
    The tilde ~ is an unusual character - many people do not even know its name, so it is difficult for tech support to help you with this over the phone!
    The next part - .mozilla - is doubly insidious. Any file beginning with '.' is HIDDEN from view, you don't even need to set an extended attribute on it, most utilities are actually TRAINED to hide these files. Many of them have the ability to control all of your softwares! Secondly, 'mozilla' must be a reference to some sort of ancient mythical beast. Perhaps the virus writers are religious and do not wish to invoke the name of G-d, so instead they call him by the epithet "Moz."
    The next component is obviously gibberish with a seemingly innocent '.default' tacked on for respectability!
    And then "Cache" - what is this? Some mispelling of the word "cash?" As in, they want our money as ransom to fix these crippling bugs?
    Nay, I say, we must rise up! Rebel against these secretive 'hackers' before they can control our desktop!