Speaking of the non-technical and security

[Gwendolynn ferch Elydyr <gwen () reptiles org>]

In the context of the earlier discussion about how average users are
unaware of security issues in general.  Making Light is the blog of
a fiction editor at a large publishing house - certainly not the sort
of person that we'd regularly think of as being a part of the security
"in crowd".

It's nice to see that folks outside of infosec understand and communicate
security issues too ;>

cheers!
----

http://nielsenhayden.com/makinglight/archives/005217.html

Bleeping huge security hole

If you have a Macintosh running OSX, you have a problem. Deal with it
right now. Tonight. Seriously.

        . . .

Here's how Patrick explained it to me:


It is possible to write a URL that, when invoked from one's default browser,
invokes Apple's Help program, which is itself a mini-browser which uses a
subset of HTML. The trouble is that unlike a well-written, full-fledged,
OSX browser, the Help program is (a.) fully scriptable; and (b.) fully
capable of running any application or command for which the user has
privileges.

==========================================================================
"A cat spends her life conflicted between a deep, passionate and profound
desire for fish and an equally deep, passionate and profound desire to
avoid getting wet.  This is the defining metaphor of my life right now."

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards