May 16, 2008
Maybe this CBS buyout thing will be a good thing
Posted May. 16, ’08, 7:26 AM PT by Derik DeLong
Category | Security
Hold on to your seat because CNet has gotten all self righteous on Apple’s Safari developing behind. They’re very concerned that Apple is dismissing a “Safari vulnerability”. Sounds bad right? Sure it does. I allowed myself to get sucked in and read the piece.
The problem is referred to as a “Carpet Bomb”. Basically the “vulnerability” is that Apple downloads things without reflexively asking for permission. Firefox and Internet Explorer both have download confirmation dialogs that users either disable or reflexively accept every time it comes up. Users like being prompted with dialogs constantly. Vista certainly proved that.
Even better, in the example given when a site tries to do it many times over, you’ll get asked over and over again. The big problem with this is that malicious files could be downloaded to your computer without your consent. That’d be a problem except those files aren’t executed. You’ll have to go to your download directory and then click on it. The assumption is that a user inept enough to open an unknown file locally wouldn’t just trust a random download. Right.
This is an annoyance at best. Let’s hope CBS brings some standards to CNet, or you know, common sense, that’ll work too.
6 Comments
Leave a comment
Recent Entries
About MacUser
MacUser is your source for news, info, and opinion about Apple, the Mac, and the iPod. Our dedicated team of bloggers covers everything that is relevant to Mac users — and, okay, some stuff that’s not quite relevant, but is still a lot of fun.
Subscribe/RSS
- Blog Posts
- Blog Comments
- Podcast (RSS) (iTunes)
Tip us off!
- Email: macuser [at] macuser [dot] com
Recent Comments 
- Wondercow on From Apple with love: The name's Update. Security Update.
- sdf on Apple says some MacBook Pro Nvidia chips are flaky
- Dan Moren on From Apple with love: The name's Update. Security Update.
- Inkling on From Apple with love: The name's Update. Security Update.
- Rich on ExpanDrive 1.3 is expandier than ever
- Andre Da Costa on October 14th MacBook event is a go
Categories
- Apple (219)
- Advertising (157)
- Events (228)
- Huh? (179)
- Humor (254)
- News (146)
- People (246)
- Rivals (395)
- Speculation (161)
- Steve Jobs (163)
- Stores (204)
- Apple TV (58)
- Business (439)
- Games (140)
- Geekery (452)
- Hardware (894)
- Accessories (72)
- Intel Macs (161)
- Ihnatko (18)
- Internet (448)
- Legal (230)
- MacUser (93)
- Macalope (2)
- Money (169)
- Music (338)
- Podcasting (100)
- Photography (71)
- Security (240)
- Software (1510)
- Updates (519)
- Tips (352)
- Troubleshooting (187)
- Video (392)
- Windows (214)
- iPhone (197)
- iPod (593)
- iPod Accessories (94)
- iPod Software (59)
- iTunes (128)
- iTunes Store (436)
Archives
- October 2008 (37)
- September 2008 (151)
- August 2008 (177)
- July 2008 (175)
- June 2008 (171)
- May 2008 (185)
- April 2008 (234)
- March 2008 (217)
- February 2008 (215)
- January 2008 (239)
- December 2007 (169)
- November 2007 (164)
- October 2007 (187)
- September 2007 (167)
- August 2007 (195)
- July 2007 (152)
- June 2007 (223)
- May 2007 (243)
- April 2007 (286)
- March 2007 (288)
- February 2007 (250)
- January 2007 (266)
- December 2006 (244)
- November 2006 (293)
- October 2006 (307)
- September 2006 (250)
- August 2006 (268)
- July 2006 (288)
- June 2006 (293)
- May 2006 (297)
- April 2006 (351)
- March 2006 (366)
- February 2006 (110)
- January 2006 (107)
- December 2005 (23)
Mac Publishing Sites
Links
Did they forget that Mac OS X will warn them if they try to launch the downloaded executables, or was it about the Windows version?
The CBS of Rathergate won't bring any "standards" to CNET. In the former, CBS didn't listen to their own document consultants, and in a 2004 Sixty Minutes segment claimed as a 1970s typed document some faxed memos that are indistinguishable (kerning, centering, font and line breaks) from the same text typed in the latest version of Microsoft Word with the defaults unchanged.
So no. The CNET acquisition by CBS is not good. If the CBS mindset takes over, look for some computer companies to be targeted with faked documents (the corporate equivalent of Republicans) while others get away with almost anything (the Democrats). And look for more audience-grabbing sensationalism in general.
And yes, when the facts came out, Dan Rather was forced to retire a year early. But embarrassment was the reason rather than professional integrity. The culture that manufactures 'facts' and spins stories in the interest of ideology remains. Obama isn't getting the same scrutiny that'll soon be turned on McCain.
... well that was an interesting, rambling tangent.
I've always found the security measures on OS X to be of the right balance... asking if I want to do something when it's necessary to ask, and staying out of my way when it's not.
CNET just seems (to me) to be less and less relevant with each passing day.
CNET & CBS: Unk. if it's good or bad.
CBS & GW's National Guard Service: A Lt. Colonel Killian offered the docs as true. When challenged, CBS fired several folks, incl. Rather. As to whether the facts were correct, the original military files at DOD were 'accidentally' destroyed. http://en.wikipedia.org/wiki/Killian_documents
Forgot to add:
CNET might have been better off merging with the Murdock-Machine (FOX).
In that way, prevarication, sublimation, and exaggeration would be the norm.
"The assumption is that a user inept enough to open an unknown file locally wouldn’t just trust a random download. Right."
I could see it happening actually. An un-educated user might stop the download when they see it (because of warning from their virus laden Windows expert friends). However, an innocently named file that sits on their desktop? If they didn't even know it was downloaded (if the download window is already open, it doesn't pop to the front with new downloads - I'll assume it's the same on Windows), they might think it's something they'd just downloaded forgotten about...
I know when my desktop gets dirty, I'll end up with a couple .dmg files that I'll open just to see what the programs in them do.