Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'What is that secrurity problem about' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
What is that secrurity problem about
Authored by: fukami on May 21, '04 06:12:09PM

Before starting to delete Apple Scripts, shreddening plists or download useless fixes you should consider thinking about what the problem *really* is about.

1) You dont need to use disk:// being used or downloaded. A simple mounted volume (ftp/smb/afs ...) where the malicious code resists on, is enough. Will you now start to disable all protocol handlers? So changing the handler for the disk schema is brainless, sorry to say that.

2) If a volume is mounted and containing an application whose info.plist calls for a new arbitrary protocol, LaunchServices will actually register the new handler association with no user intervention!

3) Also, via a telnet link it is possible to overwrite (zero out) an existing file.
try telnet://-nlibrary%2Fpreferences%F2filetooverwrite to wipe some prefs for example. (this is a different problem, but it can be used in conjunction to make the l33t happy)

4) Consider a site you trust with a client side XSS hole in it (guestbooks/forums ... )

So the best thing to do is to install Paranoid Android, as it also protects against obfuscating URI schemes in a very good way.

http://ozwix.dk/OpnAppFixer/testit.html (nice demo using ftp instead of disk)
http://www.euronet.nl/~tekelenb/playground/security/diskURLscheme/ (a good technical explanation)



[ Reply to This | # ]