|
 |
|
According to a post on Macintouch, one Al Tucker has become privy to a security hole that depends on a combination of settings and events, including QuickTime configuration, compression and a web browser. Macintouch quotes Tucker as saying, "Just got word of how a number of innocuous things in and of themselves can be combined into a nasty exploit under OS 9 and under X by means of the Classic environment. Basically, if you turn off Quicktime Autoplay functions in the OS 9/Classic Quicktime Settings control panel, you can secure yourself. Specifically the 'Enable CD-Rom Autoplay,' but personally I see no reason to leave either on. Why wait until they exploit the Audio CD Autoplay to then turn it off? "Try the supplied links and see how vulnerable you are for yourself. I specifically was not, even though my autoplays were enabled, since I run X and use Stuffit Deluxe X to expand all downloaded files. So for me, expansion always stops in an open window where I see the contents of the archive and have to manually unstuff the contents to a folder as the final step. No 100% complete auto unstuffing and mounting, ever. And that's just the way I've always wanted it." Also, according to another Macintouch posting, the CERT Coordination Center issued Advisory CA-2002-05 warning of multiple security vulnerabilities in PHP, a scripting language widely used to create dynamic web sites. Possible solutions include disabling file uploads and updating the software to Version 4.1.2.
| |||||||||||||
|
|||||||||||||
