There is a hole... in your mind

May. 25th, 2004 08:30 am
mmcirvin: (Default)
[personal profile] mmcirvin
If you have a Mac and follow the Mac news, you've probably been reading about all the potential security exploits involving exotic URL protocols that have gotten attention over the past couple of weeks. And you may have read that Apple's latest security update plugs the best-publicized hole, but not all of them. And you may be wondering exactly what to do, in the face of conflicting and hysterical recommendations.

The best, coolest-headed analyses I've seen on the subject are John Gruber of Daring Fireball's posts. He has concrete recommendations for action. Before you actually do anything, though, I'd recommend reading the linked articles in which he explains the problem in detail, and getting some understanding of why the solutions he proposes are the preferred ones.

This kind of sanity check is essential whenever you hear random people out in the Internet wilderness yelling "You have a security hole! Fix it now! NOW! To plug it, do this and this and this!" Otherwise, you've got the biggest security hole of all in your own brain. I'd be especially wary of people telling you to install some third-party system extension you've never heard of.
Flat | Top-Level Comments Only

Date: 2004-05-25 07:22 am (UTC)
From: [identity profile] chicken-cem.livejournal.com
Plus, a little common sense ought to help people, like not downloading things from sites you don't know or trust enough, not clicking on suspicious attachments, etc.

Date: 2004-05-25 08:35 am (UTC)
From: [identity profile] sunburn.livejournal.com
I don't know whether or how the various Mac browsers permit this, but when in Opera I mouse over a link, the URL is displayed in the status bar (assuming one's not in a higgledy-piggledy of Flash or java tomfoolery masquerading as a webpage), and I use it to keep an eye out for oddly formed or malformed URLs, or unusual protocols. It can't hurt, and I've found it to be helpful, telling me when I'm about to change domains or am getting a mailto: link when I expect a bio, that sort of thing.

Date: 2004-05-25 03:33 pm (UTC)
From: [identity profile] mmcirvin.livejournal.com
Yeah, they typically do that, and it helps; but the cleverer explaits use redirects of some sort of disguise the URL.
Flat | Top-Level Comments Only

Profile

mmcirvin: (Default)
mmcirvin
On Mastodon

May 2026

S M T W T F S
     12
3456789
10111213141516
171819202122 23
24252627 282930
31      

Most Popular Tags

Page Summary

Style Credit

Expand Cut Tags

No cut tags
Page generated Jun. 2nd, 2026 02:57 pm
Powered by Dreamwidth Studios