StopBadware.org Urges Apple to Deal with Safari Carpet Bombing Issue
StopBadware.org Urges Apple to Deal with Safari Carpet Bombing Issue
by , 4:45 PM EDT, May 20th, 2008
A security researcher, Nitesh Dhanjani, has recently discovered that Apple's Safari browser is susceptible to what's been coined "carpet bombing," an unwelcome barrage of downloaded files. Apple has said that the issue is not of immediate concern, but the StopBadware.org site is urging Apple to take action now in its blog.
The issue was recently described by TMO and relates to the fact that Safari cannot be configured to ask for the user's permission before it downloads a resource. As a result, a maliciously crafted Web page could clutter the user's download destination with hundreds of unwanted files.
Apple's response was:
We can file that as an enhancement request for the Safari team. Please note that we are not treating this as a security issue, but a further measure to raise the bar against unwanted downloads. This will require a review with the Human Interface team. We want to set your expectations that this could take quite a while, if it ever gets incorporated.
"Assuming Nitesh’s analysis is accurate," wrote Laureli Mallek, in the blog," 'unwanted downloads,' as Apple calls them, represent a serious security threat to users, who can be easily tricked into executing a malicious file. StopBadware.org believes that users should have control over software being downloaded to their computers, and we encourage Apple to reconsider its stance and treat this as the security issue that it is."
Observer Comments
Comments are currently closed. Please email the author instead.
Recent Headlines - Updated July 5th
- Fri, 10:29 AM
- News - Apple Warns of Learning Interchange Security Breach
- 7:30 AM
- News - Happy Fourth of July!
- Thu, 6:07 PM
- TMO Scoop - Psystar Moves to Drop Bankruptcy Ahead of Apple Legal Battle
- 5:37 PM
- News - Uncomfirmed Reports Say Apple & Nvidia On The Outs
- 4:57 PM
- News - Microsoft Sick Over Barf Ad
- 4:09 PM
- Product News - KRK Ships R6 Passive Studio Monitor for Recording
- 3:45 PM
- John Martellaro's Blog - Particle Debris (week ending 7/2) Juiced, Joost and Goosed
- 3:12 PM
- Product News - ExactScan 2 Pro Released
- 1:56 PM
- Deal Brothers - Apple TV with 160GB Hard Drive: $324.00 Delivered
- 12:46 PM
- TMO Appearances - TMO Appearances Jeff Gamet Shares iPhone Apps on MacJury
- 10:41 AM
- Product News - Art Text 2.2 Adds New Templates, Layer Options [Updated]
- 10:04 AM
- Hot Forum Topic - Deciphering Mac Sales
The Mac Observer Reader Specials
- Download Typestyler, still the Ultimate Styling Tool for Internet, Print and Video Graphics. Works great in Classic with a Native OS X Version on the way. Free Tryout: www.typestyler.com
OWC: Juice up your iPod w/NewerTech High Capacity Battery from $19.99. Free Installation. Videos for most models. Pro Installation Service w/FedEx Shipping
From $57.95 (Battery Included). 
If you're using a Mac, then you've gotta check out Full Tilt Poker for Mac. This Full Tilt Poker bonus code does the unthinkable, it actually rewards!
RamJet Memory: MacBook and MacBook Pro 4GB kits for $57.99! Mac Pro 4GB Kits $99.99! iMac and Mac mini 4GB Kits for $57.99! 1TB SATA Hard Drives for $109.99! Click hereFor the latest Apple products use Ciao, a price comparison website, to find laptops like MacBook Air. Then find the best prices on MP3 players and use our comparison tool to evaluate mobile phones like the Apple iPhone.
Laptop Hardware Provided by TechRestore - Overnight Mac & iPod Repairs.
