rss2email.ru | На что подписаться? | Управление подпиской |
The Apple Blog The Apple Blog, published by and for the day-to-day Apple user, is a prominent source for news, reviews, walkthroughs, and real life application of all Apple products. http://theappleblog.com другие подписчики этой ленты также читают >> |
- Zero Day Exploit For QuickTime Flaw
InformationWeek is reporting that an Italian security researcher has posted a exploit for a zero-day vulnerability in QuickTime 7.3.1 that impacts both OS X and Windows versions of the software. This exploit will allow an attacker to execute malicious code on the target system.
The “researcher”, Luigi Auriemma, describes the exploit as being based on a flaw in QuickTime’s parsing of HTTP error messages and has not provided Apple with advance notice before publishing the proof-of-concept code. Symantec has confirmed that the flaw can produce a Denial of Service, but has not confirmed the remote code execution claim.
As of this post, Apple has not posted a fix to this issue, but here are some steps you can take to protect yourself (via US-CERT):
- Uninstall QuickTime (OK, kinda extreme)
- Block the
rtsp://
protocol (given how much we love streaming media, not likely either) - Disable the RTSP protocol handler (reasonable, depending on your risk tolerance) Mac OS X users can disable the RTSP protocol handler by editing the
~/Library/Preferences/com.apple.LaunchServices.plist
file with Property List Editor. Change theLSHandlerRoleAll
value associated with thertsp LSHanlderURLScheme
to something other thancom.apple.quicktimeplayer
. This process can be simplified by using an application such as RCDefaultApp. - Disable QuickTime as the RTSP protocol handler on OS X (reasonable…you can pick RealPlayer as an alternative). To disable the RTSP registered protocol handler in OS X open
~/Library/Preferences/com.apple.LaunchServices.plist
and look through ahundred or more entries to find RTSP and change it to something else. - Do not access QuickTime files from untrusted sources (duh). Attackers may host malicious QuickTime files on web sites. In order to convince users to visit their sites, those attackers often use a variety of techniques to create misleading links including URL encoding, IP address variations, long URLs, and intentional misspellings. Do not click on unsolicited links received in email, instant messages, web forums, or internet relay chat (IRC) channels. Type URLs directly into the browser to avoid these misleading links. While these are generally good security practices, following these behaviors will not prevent exploitation of this vulnerability in all cases, particularly if a trusted site has been compromised or allows cross-site scripting.
Комментарии к сообщению:
http://theappleblog.com/2008/01/11/zero-day-exploit-for-quicktime-flaw/#comments - 1Password Review
For those of you who have far too many sites to log into and far too short of a memory to remember them all, this program will save your life. 1Password is a simple, elegant system that incorporates itself into most browsers and like Keychain, will save and place your information accordingly.
Browser Compatibility
For a full list of browser compatibility check out their site. Having Safari and Firefox covered, I was already set. Each browser will offer a similar button as shown above. Once you save a form or identity on a browser, it gets transferred to the other ones.
What It Offers
1Password may be similar to Keychain but ultimately provides for a much more versatile user experience. You can store multiple identities, false or real, multiple registration forms, and billing information for quick check outs. 1Password automatically synchronizes with Keychain and can sync with .Mac for access from multiple computers. Transferring information can be safe and easy by simply copying or backing up your Keychain folder.
If you're like me and use variations of similar passwords, 1Password offers a quick solution to create passwords for you. It will prompt with you with a slider of choices and will create a unique password, at your set length.
Safety
Like the good Samaritans you are, you question safety. Since 1Password is directly integrated with Keychain, OS X is already set to keep your information safe. 1Password requires a master password to log in. Also it will timeout after a specified time. In the 1Password manager you can edit accounts, add notes, or track history.
Like most good things in the world, 1Password comes with at a cost, $29.95. A bargain considering its abilities. If you're still skeptical try it out for free and comment your experiences.
Комментарии к сообщению:
http://theappleblog.com/2008/01/10/1password/#comments
rss2email.ru | отписаться: http://www.rss2email.ru/unsubscribe.asp?c=6893&u=24004&r=311667163 управлять всей подпиской: http://www.rss2email.ru/manage.asp |