Any moment now...

Hello
We wanted to let you know that your order has shipped. If you ordered multiple items, you may receive separate shipments with no additional shipping charges. An invoice for your shipped products will be emailed to you shortly. Visit Order Status to review your order at any time. Best regards, The Apple Store Team

On another incident altogether, it is sad to note that Apple has not really fixed the Safari bug that surfaced a couple of months back. Basically, if you have the "Open "safe" files after downloading, you can potentially open something like a shell script that will run automatically. Last time, it was a Dashboard widget that would auto install itself. So Apple fixed that by popping up a notification telling you that a widget is trying to install itself. It was a temporary solution that worked for a very specific case.

However, this time around, it is possible to actually hide malicious scripts in a .zip file and have Safari open it automatically, It seems that all .zip files are considered to be safe? I might be wrong but that is what I have gathered from reading the news. Anyway, this is not too serious yet since you have to actually click on a .zip file to download it and after that you have to actually open the malicious shell script. But to unsuspecting users, the misnomer "safe file" might actually prompt them to click the file where otherwise they might have exercised more caution.

Simple solution, just turn off that option. I turn mine off because I hate it when it tries to open PowerPoint when I download a .ppt file. Opening PowerPoint on my powerbook takes a long time and I would rather download all the files first before opening any of them.

More information here. And a very detailed article on the deeper underlying principles behind this exploit can be found here.


comments powered by Disqus