Featured Article: Editorial - Mac's Market Share and the Cascade Failure of Windows
StopBadware.org Urges Apple to Deal with Safari Carpet Bombing Issue
by , 4:45 PM EDT, May 20th, 2008
A security researcher, Nitesh Dhanjani, has recently discovered that Apple's Safari browser is susceptible to what's been coined "carpet bombing," an unwelcome barrage of downloaded files. Apple has said that the issue is not of immediate concern, but the StopBadware.org site is urging Apple to take action now in its blog.
The issue was recently described by TMO and relates to the fact that Safari cannot be configured to ask for the user's permission before it downloads a resource. As a result, a maliciously crafted Web page could clutter the user's download destination with hundreds of unwanted files.
Apple's response was:
We can file that as an enhancement request for the Safari team. Please note that we are not treating this as a security issue, but a further measure to raise the bar against unwanted downloads. This will require a review with the Human Interface team. We want to set your expectations that this could take quite a while, if it ever gets incorporated.
"Assuming Nitesh’s analysis is accurate," wrote Laureli Mallek, in the blog," 'unwanted downloads,' as Apple calls them, represent a serious security threat to users, who can be easily tricked into executing a malicious file. StopBadware.org believes that users should have control over software being downloaded to their computers, and we encourage Apple to reconsider its stance and treat this as the security issue that it is."
Observer Comments
Recent Headlines - Updated Tuesday, July 8th, 2008
- Tue., 6:55 PM
- User Friendly Blog by Ted Landau - Why User Interface Design Matters
- 4:30 PM
- Apple Trackpad Secrets and Technical History
- 4:05 PM
- iPodObserver - Apple: What to Bring When Buying iPhone 3G
- 3:35 PM
- Microsoft: We Have a Noisy Competitor
- 2:50 PM
- Columnist: Safari Security Fails to Learn from Past
- 2:20 PM
- iPodObserver - Services to Unlock Mobile Phones Gaining Momentum
- 1:00 PM
- Daylite 3.7.4 Adds iWork 08, Dialectic Integration
- 12:20 PM
- FoneLink 2.1 Adds Support for More Cell Phones
- 11:25 AM
- Freeway 5.1.3 Adds Chinese Support
- 11:10 AM
- iPodObserver - Rumor: Canadian Apple Stores Won't Sell iPhone 3G
- 10:35 AM
- Microsoft Aligns with Icahn for Yahoo Takeover
- 10:00 AM
- Hot Forum Topic - Is Internet Killing the Video Star?
- 8:20 AM
- iPodObserver - MobileMe Launches on July 10
- 7:55 AM
- iPodObserver - Apple: iPhone 3G Launches at 8AM Friday
- 6:00 AM
- iPO Review - BudFits
The Mac Observer Reader Specials
- Download Typestyler, still the Ultimate Styling Tool for Internet, Print and Video Graphics. Works great in Classic with a Native OS X Version on the way. Free Tryout: www.typestyler.com
- OWC: Mercury Elite FW800/FW400/USB2/eSATA up to 2.0TB TOP-RATED Solutions offer High Performance, Reliable storage for all your data storage needs. 500GB $159.99, 750GB $199.99, 1.0TB from $299.99
MacPro Memory 667Mhz With Apple Spec Heat Sink 2GB $90 / 4GB $134 / 8GB $264. Click to Maximize your Macs...
Mac observers can now play Party Poker for Mac as well as Mac casino games by going to MacPokerOnline.com.
RamJet Memory: MacBook 1Gig $39, 2Gig $78, 4Gig $195! Mac Pro 2Gig $115, 4Gig $189! 500G Seagate SATA II $139! Click hereFor the latest Apple products use Ciao a comparison website to find laptops like MacBook Air. Then find the best prices on MP3 players and use our comparison tool to evaluate cell phones.
Laptop Hardware Provided by TechRestore - Overnight Mac & iPod Repairs.
Kensington Contour Cargo Notebook Computer Backpack: $24.99 
Samsung WEP210 Bluetooth Headset: $14.65 Delivered A/R 
Samsung WEP301 Bluetooth Headset: $14.65 Delivered A/R 
Computer Geeks' Half-Yearly Sale - Last Day to Save Up to 90% 
Slingbox SOLO: $129.95 Delivered 
