Daily Archives: February 21, 2006

New iPod Coming?

Apple AdLike most of you know I have debating the idea of getting a video iPod for quite some time now. Well I just heard news this morning that Apple is going to have a “Fun New Toys” event on February 28th where they usually introduce cool new stuff. I guess I’ll have to wait until then to find out if it will be something iPod related.
Technorati Tags: , , ,

T-Bone Tuesday

T-Bone TuesdayWe all went out and stuffed ourselves tonight in Lincoln at the Tumbleweed bar for T-Bone Tuesday. I hadn’t been out there for awhile but they still put on quite a feed. I remember bigger steaks last time (about 3 years ago) but there was still plenty to fill all of us up tonight. Now I’m on to during homework for the night. That is one thing I can’t wait to be done with for the rest of my life…
Technorati Tags: , , ,

Mac OS X Exploit Found

I thought I would pass the below along to all the Mac OS X users:

Published: 2006-02-21,
Last Updated: 2006-02-21 09:32:13 UTC by Kyle Haugsness

We received notice from Juergen Schmidt, editor-in-chief at heise.de, that a serious vulnerability has been found in Apple Safari on OS X.  “In its default configuration shell commands are execute[d] simply by visting a web site – no user interaction required.”  This could be really bad.  Attackers can run shell scripts on your computer remotely just by visiting a malicious website.

Full text of the article: http://www.heise.de/english/newsticker/news/69862
Proof of concept from the original discoverer (Michael Lehn): http://www.mathematik.uni-ulm.de/~lehn/mac.html

The problem is due to a feature that is activated by default: Open Safe Files after downloading.  A zip file is considered safe and so they will be opened automatically.  Subsequently, a shell script with no #! at the beginning of the script will be executed automatically.  No user interaction!

Recommended action: disable the option “Open ’safe’ files after downloading” in the “General” preferences section in Safari.

Technorati Tags: , , , ,