A security researcher has published a demonstration exploit that takes advantage of the download mechanism in Apple's Safari browser to automatically download files onto a user's system.
Nevertheless, Apple said it does not consider the issue a security vulnerability, according to Nitesh Dhanjani, a researcher who currently leads application security efforts at professional services company Ernst & Young.
Enterprises have begun paying closer attention to Safari in recent weeks because of a rise in the browser's market share on Windows. Safari is the built-in browser on Mac OS X.
The problem arises "because the Safari browser cannot be configured to obtain the user's permission before it downloads a resource," Dhanjani said in a recent blog post.
He published a sample cgi script that automatically downloads large numbers of files to Safari's default download directory. "The implication of this is obvious: Malware downloaded to the user's desktop without the user's consent," Dhanjani said.
Apple told Dhanjani it did not consider the issue a security problem, but would consider the ability to warn before downloading content as a feature enhancement.
http://www.infoworld.com/archives/emailPri...ad-issue_1.htmlYou can almost see the writer's eyebrows "arch" as he writes the stuff above! What do you think; is a warning before a forced download a feature?
There is also "another" article about whether Open Office was ready to take on Microsoft:
Although it doesn't include all of the high-end features and the slick user interface of Microsoft Office 2007 (for the PC) and Microsoft Office 2008 (for the Mac), it will handle just about any job you need done. If you're not working in an enterprise that has standardized on Microsoft Office, you should think twice before paying full freight for Office, and give serious consideration to this free alternative when the final version is released.
http://www.infoworld.com/article/08/05/16/...S-Office_1.html
