[harden-mac:0752] Apple Safari Browser Automatically Executes Shell Scripts

[KOJIMA Hajime / 小島肇 <kjm@xxxxxxxxxxxxxxxxxx>]

  Apple Safari Browser Automatically Executes Shell Scripts
  だそうです。

http://www.heise.de/english/newsticker/news/69862
http://isc.sans.org/diary.php?storyid=1138

> The best immediate recourse against such an attack is to
> deactivate the option "Open 'safe' files after downloading" in
> the "General" section of Safari's preferences. Alternative web
> browsers such as Camino or Firefox do not support the automatic
> execution of files. These browsers can be prompted to
> automatically download a file by using the refresh command in
> the HTML source code of a web page. However, the file will not
> be executed. Since the Finder selects the icon for a file based
> on its extension, users are advised to verify that the OS is
> using the proper file type. This can be done through the
> information window or in column view.  

  だそうです。

  まあ、この ML の人なら "Open 'safe' files after downloading" は
  既に無効にされているような気もしますが……

- kjm

--[PR]------------------------------------------------------------------
 ＿＿＿＿＿┏━━━━━━━━━━━━━━━━━━━━━━━━┓＿＿＿
 ☆…☆…☆┃　豪華賞品あれこれまとめてセットで当たります！　┃☆…☆
 ￣￣￣￣￣┗━━━━━━━━━━━━━━━━━━━━━━━━┛￣￣￣
　　　　　　　　懸賞ならココ！ふくびき.comであなたも運試し♪
　　　　　 http://www.fukubiki.com/vgu/Regist.do?aid=frml051001
------------------------------------------------------------------[PR]--
■GMO INTERNET GROUP■ GMO INTERNET www.gmo.jp