New To Mac-Forums?

Welcome to our community! Join the discussion today by registering your FREE account. If you have any problems with the registration process, please contact us!

Get your questions answered by community gurus • Advice and insight from world-class Apple enthusiasts • Exclusive access to members-only contests, giveaways and deals

Join today!

 
Start a Discussion
 

Mac-Forums Brief

Subscribe to Mac-Forums Brief to receive special offers from Mac-Forums partners and sponsors

Join the conversation RSS
Schweb's Lounge Forum for general conversation, chit chat, or most topics that don't fit in another forum.

Apple issues press release on Dashboard Security issue !!!!!!


Post Reply New Thread Subscribe

 
Thread Tools
Ex_PC_Puke
Guest
 
Posts: n/a

Apple Executives Admit That Dashboard Widgets Can Do Harm To Computer Files In Their New Operating System - Tiger. (AP Wire Services - Cupertino, CA).

In a brief press release, senior Apple executives admitted that a highly touted feature in the newly released OS X - Tiger called the Dashboard could open the system to malicious software. Within 2 weeks of Tiger’s debut, an independent developer demonstrated how a Dashboard element called a Widget could insert itself in the Dashboard and not be removed. Thus exposing a possible security hole into the system.

“Yes we admit to being caught off guard on this particular aspect of the Dashboard environment” noted Rob Schoeben VP of Applications Product Marketing at Apple. He continued “Our enthusiasm to deliver a new and useful tool to our users should have been tempered by a more realistic look at the issues of allowing third party applets to be easily loaded into our operating system. We firmly believe that Dashboard and widgets will be a key aspect of all future Apple operating systems, but that security elements to protect both the user and the system from malicious or poorly written widgets needs to be in place”.

He went on to say that a Tiger task force has been created to immediately address and solve these issues with the Dashboard element of Tiger. An update is planned by end of May 2005.
QUOTE Thanks
Ex_PC_Puke
Guest
 
Posts: n/a

Ha - Ha - Ha

I couldn't resist --- this is how a computer co. should react when they mess up a product

But only in a fantasy world
QUOTE Thanks
untoastytoast
Guest
 
Posts: n/a

i call bs

www.apple.com/pr
QUOTE Thanks
ApplejustWorks

 
Member Since: Dec 28, 2003
Location: Long Island, NY
Posts: 911
ApplejustWorks is on a distinguished road
Mac Specs: 15" MacBook Pro & 23" ACD

ApplejustWorks is offline
err..so is this true or not?
QUOTE Thanks
rman

 
rman's Avatar
 
Member Since: Dec 24, 2002
Location: Los Angeles, California
Posts: 12,591
rman has much to be proud ofrman has much to be proud ofrman has much to be proud ofrman has much to be proud ofrman has much to be proud ofrman has much to be proud ofrman has much to be proud ofrman has much to be proud ofrman has much to be proud ofrman has much to be proud of
Mac Specs: 2 x 3.0GHz Quad-Core, 6GB OS X 10.6.8 | 15in MacBook Pro 2.2GHz OS X 10.6.8 | 64GB iPad 2 WiFi

rman is offline
Hopefully they resolve that problem within a week or so, instead of end of the month.

Life isn't about waiting for the storm to pass, It's about learning to dance in the rain!
QUOTE Thanks
untoastytoast
Guest
 
Posts: n/a

I'm pretty sure the security flaw is true, but the press release part isn't.
QUOTE Thanks
Kokopelli
Guest
 
Posts: n/a

I do not think this is a real announcement. It was an attempt at humor and so should have been in Anything Goes. Regardless, it is not really a security flaw in Dashboard so much as a inequity in Safari.

1) Safari should not auto install Dashboard widgets. This is easily solved by uncecking "Open Safe Files after Downloading" (which I really would not recommend leaving checked anyways.)

2) Dashboard widgets should give the same warning as programs the first time they are run. I do not think they do, but since I do not use Dashboard and have never installed a widget I am not certain.

Given these two elements a Widget is no more dangerous than any other program on your system. Actually less considering the partial sandbox in which widgets run.
QUOTE Thanks
iWhat

 
iWhat's Avatar
 
Member Since: Nov 11, 2004
Location: Toledo, Ohio
Posts: 5,734
iWhat has a reputation beyond reputeiWhat has a reputation beyond reputeiWhat has a reputation beyond reputeiWhat has a reputation beyond reputeiWhat has a reputation beyond reputeiWhat has a reputation beyond reputeiWhat has a reputation beyond reputeiWhat has a reputation beyond reputeiWhat has a reputation beyond reputeiWhat has a reputation beyond reputeiWhat has a reputation beyond repute
Mac Specs: Macbook, iMac G5, iPad, iPhone 4, iPod (MANY)!

iWhat is offline
Quote:
Originally Posted by Kokopelli
I do not think this is a real announcement. It was an attempt at humor and so should have been in Anything Goes. Regardless, it is not really a security flaw in Dashboard so much as a inequity in Safari.

2) Dashboard widgets should give the same warning as programs the first time they are run. I do not think they do, but since I do not use Dashboard and have never installed a widget I am not certain.
Yep, Dashboard does ask you, if you would like to accept or decline the widget upon installing it for the first time.
QUOTE Thanks
Kokopelli
Guest
 
Posts: n/a

Well there you go. I could create an app that wipes out your home directory when you run it. I could even wipe the whole system if you type in the admin password. Does that constitute a security hole? You downloaded it, then you vouched that you wanted it to run. A poorly programmed widget could cause problems on your system or "spy" on you. So could any other app that runs all the time.

This security hole as it stands is way over rated. Perhaps someone will come up with something more malicious but as it stands there is no reasonable security issue that has not existed before. Just the perception of one. It could be used to make spyware, but this is why you do not install widgets indescriminately and monitor which ones are running. Just like any other app.
QUOTE Thanks
Ex_PC_Puke
Guest
 
Posts: n/a

Yeah sorry for the bad joke -- but this link points out some really bad things

http://www1.cs.columbia.edu/~aaron/files/widgets/
QUOTE Thanks
Kokopelli
Guest
 
Posts: n/a

Ah... The substitution as described on that page is worse. Not epic in scale but it should not be allowed.

Again uncheck the automatically open safe files in Safari or use an alternative browser and this is less of an issue. IMHO it should not have been checked in the first place since I do not consider any file downloaded from the internet safe. The problem does need to be corrected within Dashboard, but it is an easily mitigated risk.
QUOTE Thanks
Ex_PC_Puke
Guest
 
Posts: n/a

Well ...... I remain in the camp that widgets and the dashboard are a great "concept" --- but not ready for prime time


Only a matter of time before some one creates a phishing widget .... where a security hole puts the "user" in the position of having to decide what this message on the screen means ??? and should I click Ok or Cancel ??

Would let your mother or grandma use widgets ????? I wouldn't
QUOTE Thanks
torchy

 
torchy's Avatar
 
Member Since: Aug 25, 2004
Location: New Zealand
Posts: 760
torchy is a jewel in the roughtorchy is a jewel in the rough
Mac Specs: 13" MBA. 15" MBP. iPhone 4. 3G Pad 2.

torchy is offline
PC Puke, there are Mothers & Grandmothers here as members.
We are NOT idiots.

~ 13" MacBook Air. OSX 10.9 ~ iPad 2 & iPhone ~
QUOTE Thanks
KuruMonkey
Guest
 
Posts: n/a

The real "problem" isn't the current severity or not of this particular issue.

Its more the fact that it demonstrates that

A: dashboard was released FAR from finished (no user-friendly removal system at all?).

B: elements of what was not finished largely includes the "having thought about potential security problems" aspect.

Its more worrying in the potential for apple dev. going down the MS route of "release, let public fall into security hole in the wild, fix at leisure", which is, bluntly, what drives some of us switchers to SWITCH in the first place...

Oh, and my mother manages to use WinXP quite safely (virus scanner, firefox and a stern "phone me before opening attachments!" from me sorted that pretty well), frankly I'd rather she used dashboard than that, but there you go...
QUOTE Thanks
Murlyn

 
Murlyn's Avatar
 
Member Since: Jun 11, 2003
Location: Mount Vernon, WA
Posts: 4,909
Murlyn is a name known to allMurlyn is a name known to allMurlyn is a name known to allMurlyn is a name known to allMurlyn is a name known to allMurlyn is a name known to allMurlyn is a name known to all
Mac Specs: MacBook Pro 2.6 GHz Core 2 Duo 4GB RAM OS 10.5.2

Murlyn is offline
Torchy I don't think he was calling grandma's or mother's idiots. I think he brings up a very good concern, which is not limited to mother's or grandma's. I know my grandmother is on an eMac and I have not updated her to Tiger yet due to the problems. And I know I would not want my grandmother using dashboard with those security problems, for her.. it wouldn't matter.. if I said go ahead and use them.. she probably wouldn't since it's outside the realm of her comfort level.. She does email and surfs the web.. that's pretty much it. That's not calling her an idiot, that's just saying that like her, a lot of grandmother's, mother's, father's etc just want to use a certain part of the computer and that's it and they don't care to learn about any of the other things you can do with a computer. That lack of knowledge and desire of knowledge in this example could do some damage if she surfs to a page and it automatically loads up a new widgit that does damage. Definitely not an idiot, but definitely uninformed and this type of security hole should not be in existance, especially for casual users who trusts in someone else to manage their computer for them.
QUOTE Thanks

Post Reply New Thread Subscribe


« What is this connection for? | linux »
Thread Tools

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off
Forum Jump

Similar Threads
Thread
Thread Starter
Forum
Replies
Last Post
[How To] Macintosh Keyboard Short Cuts hype.it Switcher Hangout 25 06-09-2009 09:53 PM
Scared for my iBooks sake! X Im just meE o Apple Notebooks 27 12-19-2005 11:41 AM
Dvorak: Apple to go Intel within 18 Months schweb Apple Rumors and Reports 48 04-03-2005 06:04 PM
Apple offers workaround for DHCP security issue Murlyn OS X - Operating System 0 12-03-2003 01:43 PM
Apple Issues version 2.0 of Security Patch schweb Apple Rumors and Reports 1 06-14-2003 09:55 PM

All times are GMT -4. The time now is 09:57 PM.

Powered by vBulletin
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
X

Welcome to Mac-Forums.com

Create your username to jump into the discussion!

New members like you have made this community the ultimate source for your Mac since 2003!


(4 digit year)

Already a member?