0

This must truly be the end of days. Like Bill Murray as Dr. Peter Venkman in Ghostbusters: “Fire and brimstone coming down from the skies, rivers and seas boiling…human sacrifice, cats and dogs living together, mass hysteria.” Microsoft is giving advice on securing its software to Apple. It’s “laughable on stilts,” stealing a line I heard author David Limbaugh say today (in reference to something entirely different).

Is there anything behind the so-called “Carpet Bomb” threat? The warning was brought to Apple’s attention by author and blogger Nitesh Dhanjani on Amazon’s Elastic Compute Cloud.

At issue is a vulnerability of Apple’s Safari for Mac OS X and Windows that stems from the browser’s inability to prohibit downloads of “resources” from rogue Websites or at least ask for user permission before doing so. Such downloads “carpet” the user’s default download directory with potentially malicious content. On Windows, the default happens to be the Desktop, a rather inconvenient place to have cluttered up. On Mac OS X it’s ~/Downloads/. At the very least it’s a nuisance. At most, it could infect machines or remotely execute code and wreak all kinds of havoc.

What strikes me as ironic is not simply that Apple’s operating systems are historically far more secure than Microsoft’s, but that Microsoft has issued a security warning about Apple’s software and Apple itself has not. The “blended threat” affects Windows XP and Vista as well as Internet Explorer versions 6 and 7, but only for those who have not changed IE’s default download location. The threat is eliminated simply by changing the setting. Apple said it considers Dhanjani’s proposed remedy (a download warning) as a feature request, but has agreed to help Microsoft repair the problem on the Windows side.

2
Contributors
1
Reply
2
Views
9 Years
Discussion Span
Last Post by scru
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.