Columnist: Safari Security Fails to Learn from Past
Columnist: Safari Security Fails to Learn from Past
by , 2:50 PM EDT, July 8th, 2008
Three mistakes in the security design of Safari show that Apple has failed to learn from past mistakes, according to a guest editorial at ZDNet by a security team leader, Aviv Raff.
The mistakes Apple has made were compared to the ways other browsers and OSes handle the issues:
- Automatic file downloading, aka, carpet bombing.
- Browser fuzzing.
- Predictable locations for cache and cookies.
"In conclusion, before porting the Safari browser from Mac to Windows, Apple should have looked at past browser vulnerabilities and design flaws, and really try to avoid them," Mr. Raff, a security team leader for a Fortune 500 company, said. "The examples above show that Apple didn?t learn anything from past mistakes."
What Mr, Raff failed to point out is that no known, in the wild, exploits have been traced to these issues. Even so, a healthy discussion about ways to improve security is always good, especially when it helps keep one step ahead of the bad guys.
Observer Comments
Tue Jul 08, 2008 10:46 pm Subject: I don't see any problem with Apple's security record
I don't see anyone taking advantage or having any public break-ins. What does predictable cache and cookies mean? All browsers have those, that's nothing new. Has the Mac ever been remotely compromised? NO. Apple corrects all issues it sees especially security ones. It certainly responds quicker than Microsoft.
of Safari. He's saying that it contains basically the same vulnerabilities other Windows browsers are notorious for, none of which affect the Mac thanks to OS X. Herein lies one of the dangers of developing cross-platform, though I agree that security is a good thing to be discussing all across the board.
Comments are currently closed. Please email the author instead.
Recent Headlines - Updated November 22nd
- Fri, 7:07 PM
- Games - Soccer Sim Championship Manager 2010 Released for Mac
- 6:47 PM
- Games - EA Publishes Original Monopoly for iPhone
- 6:15 PM
- News - Original Apple I on Ebay for $50K, w/Letter from Steve Jobs
- 6:11 PM
- Games - New iPhone Games: Secret of the Lost Cavern Ep 1, New DJ Nights, More
- 5:47 PM
- Games - Star Trek D-A-C Game Headed to the Mac Next Month
- 4:57 PM
- Product News - TidBITS Releases “Take Control of Syncing Data in Snow Leopard”
- 4:26 PM
- John Martellaro's Blog - Particle Debris (week ending 11/20) Stationery Pads Go Poof
- 2:59 PM
- Free on iTunes - Musée du Louvre, Art Lite, SketchBook Mobile X and More.
- 1:50 PM
- Deal Brothers - Acer P215H bmid 21.5” Widescreen LCD Monitor: $139.99
- 11:24 AM
- TMO Appearances - Jeff Gamet Shares More Holiday Gift Ideas on MacJury
- 10:43 AM
- Product News - Cocktail 4.5 for Leopard Adds QuickLook Cache Clearing
- 10:06 AM
- News - Hack Enables Mac OS X 10.6.2 on Netbooks
The Mac Observer Reader Specials
- TypeStyler For Mac OS X is Now Shipping! Download The Free Fully Functional 60 Day Tryout at www.typestyler.com
OWC: Mercury On-The-Go FW800+USB2 up to 1.0TB. Bus Powered, no external power supply needed. Macworld Editors Choice, CNET Very Good Starting from $99.97, 500GB $159.99. Click here
If you're using a Mac, then you've gotta check out Full Tilt Poker for Mac. This Full Tilt Poker bonus code does the unthinkable, it actually rewards!For the latest Apple products use Ciao, a price comparison website, to find laptops like MacBook Air. Then find the best prices on MP3 players and use our comparison tool to evaluate mobile phones like the Apple iPhone.
Laptop Hardware Provided by TechRestore - Overnight Mac & iPod Repairs.
