Comments on: Safari security http://www.thespanner.co.uk/2007/11/16/safari-security/ A tool for designers dealing with programmers dealing with designers... Fri, 25 Jul 2008 14:10:05 +0000 http://wordpress.org/?v=2.5.1 By: Gareth Heyes http://www.thespanner.co.uk/2007/11/16/safari-security/#comment-856 Gareth Heyes Fri, 16 Nov 2007 23:31:45 +0000 http://www.thespanner.co.uk/2007/11/16/safari-security/#comment-856 Well it opens a terminal window and an attacker can send data to that terminal window without the user doing anything. Did I say this was a really dangerous flaw? All I'm saying is that it shouldn't be possible for an attacker to display a terminal window and send data to it because some users may provide data that they shouldn't. I'm not hear to debate the seriousness of the flaw, I couldn't care less I just enjoy finding unusual flaws. Discussion closed. Well it opens a terminal window and an attacker can send data to that terminal window without the user doing anything. Did I say this was a really dangerous flaw?

All I’m saying is that it shouldn’t be possible for an attacker to display a terminal window and send data to it because some users may provide data that they shouldn’t.

I’m not hear to debate the seriousness of the flaw, I couldn’t care less I just enjoy finding unusual flaws. Discussion closed.

]]> By: fnord http://www.thespanner.co.uk/2007/11/16/safari-security/#comment-855 fnord Fri, 16 Nov 2007 23:22:10 +0000 http://www.thespanner.co.uk/2007/11/16/safari-security/#comment-855 You can receive data from a server, true. But it neither get saved on client side nor is there any execution (beside the start of a telnet session). I don't see how the telnet client sends data to the server *without user interaction*. Every JS execution is far more dangerous than that. You can receive data from a server, true. But it neither get saved on client side nor is there any execution (beside the start of a telnet session).

I don’t see how the telnet client sends data to the server *without user interaction*. Every JS execution is far more dangerous than that.

]]> By: Gareth Heyes http://www.thespanner.co.uk/2007/11/16/safari-security/#comment-854 Gareth Heyes Fri, 16 Nov 2007 19:54:14 +0000 http://www.thespanner.co.uk/2007/11/16/safari-security/#comment-854 Erm no it's not because the attacker can send and receive information to the user without confirmation. Erm no it’s not because the attacker can send and receive information to the user without confirmation.

]]> By: fnord http://www.thespanner.co.uk/2007/11/16/safari-security/#comment-853 fnord Fri, 16 Nov 2007 19:14:27 +0000 http://www.thespanner.co.uk/2007/11/16/safari-security/#comment-853 Well, this is the same as if you use prefixes like aim:// or xmpp: and such. As long as you cannot get any execution or overwriting of files like the telnet://-nFile bug it's completly useless for exploitation or phishing. I bet you don't get one single person to type in a password that way. I personally don't think that telnet needs to be handled that way in browsers at all, but it's definitely not a critical bug. Well, this is the same as if you use prefixes like aim:// or xmpp: and such. As long as you cannot get any execution or overwriting of files like the telnet://-nFile bug it’s completly useless for exploitation or phishing. I bet you don’t get one single person to type in a password that way.

I personally don’t think that telnet needs to be handled that way in browsers at all, but it’s definitely not a critical bug.

]]> By: Marcin http://www.thespanner.co.uk/2007/11/16/safari-security/#comment-852 Marcin Fri, 16 Nov 2007 17:42:04 +0000 http://www.thespanner.co.uk/2007/11/16/safari-security/#comment-852 Haha, I love the remedy you prescribe. Good one! :) Haha, I love the remedy you prescribe. Good one! :)

]]> By: Gareth Heyes http://www.thespanner.co.uk/2007/11/16/safari-security/#comment-851 Gareth Heyes Fri, 16 Nov 2007 16:24:18 +0000 http://www.thespanner.co.uk/2007/11/16/safari-security/#comment-851 Cheers :) it ain't gonna stop there. I hold a grudge :) Cheers :) it ain’t gonna stop there. I hold a grudge :)

]]> By: thorin http://www.thespanner.co.uk/2007/11/16/safari-security/#comment-850 thorin Fri, 16 Nov 2007 16:19:35 +0000 http://www.thespanner.co.uk/2007/11/16/safari-security/#comment-850 Nice find Gareth. Nice find Gareth.

]]> By: Gareth Heyes http://www.thespanner.co.uk/2007/11/16/safari-security/#comment-847 Gareth Heyes Fri, 16 Nov 2007 14:13:54 +0000 http://www.thespanner.co.uk/2007/11/16/safari-security/#comment-847 It's pretty bad for phishing as it stands because it could prompt for the OS X password for example but I might find some more stuff in future because Apple has released a new update of Safari :) It’s pretty bad for phishing as it stands because it could prompt for the OS X password for example but I might find some more stuff in future because Apple has released a new update of Safari :)

]]> By: pdp http://www.thespanner.co.uk/2007/11/16/safari-security/#comment-846 pdp Fri, 16 Nov 2007 13:43:20 +0000 http://www.thespanner.co.uk/2007/11/16/safari-security/#comment-846 interesting, though I am not sure about the impact of this issue, unless you can pass commands to the telnet client. interesting, though I am not sure about the impact of this issue, unless you can pass commands to the telnet client.

]]> By: Gareth Heyes http://www.thespanner.co.uk/2007/11/16/safari-security/#comment-845 Gareth Heyes Fri, 16 Nov 2007 12:47:12 +0000 http://www.thespanner.co.uk/2007/11/16/safari-security/#comment-845 Yeah but Apple should at least prompt the connection on telnet. I mean geez you can connect to any local/web address. Yeah but Apple should at least prompt the connection on telnet. I mean geez you can connect to any local/web address.

]]>