Navigate to next or previous posts:

« The Leaf of Trust | Emergent Chaos Main page | Police Chiefs Gone Wild »

Safari Users: Don't Open "Safe" files after downloading

(Posted by adam)
Go to preferences, general, and un-select that box. From "Apple Safari Browser Automatically Executes Shell Scripts," via SANS and Eric Rescorla. Don't miss Peter da Silva's comment on Eric's post. Eric, how do you get such good comments?

Posted by adam on February 20, 2006 at 7:40 PM in Macintosh , information security . You can: comment, view comments (2), see trackbacks (1) or search Technorati.

Bookmark this post:

TrackBacks

Trackbacks are links generated by other blogs which have commented on this entry.

Listed below are links to weblogs that reference Safari Users: Don't Open "Safe" files after downloading:

» iVirus, Mr & Mrs Smythe, Shaking the Incumbents, Ping on convenience, Gmail on inconvenience from Financial Cryptography
Curious that Apple's Safari wasn't mentioned in recent discussions about High Assurance certs. Which brings us to a rash of sightings of Mac Viruses. Well, three at least. Unfortunately the media can be relied upon to over-play the appearance of Mac Vi... [Read More]

Tracked on February 23, 2006 3:42 AM

Comments

Adam - clearly you need to write a book.

Posted by: cat | February 20, 2006 10:01 PM

It's not really a Safari or Terminal issue. It's a problem with BOMArchiveHelper and other archivers that all likely rely upon the same underlying libraries.

zip and tar files both, at minimum, can contain bogus metadata which is honored when launching the file in the Finder while the Finder displays the branding based on the file extension.

Furthermore, Stuffit Expander 10.0.1 honors the metadata just as BOMArchiveHelper does.

Posted by: Richard Johnson | February 22, 2006 8:26 PM