Log in

No account? Create an account
IBNeko's Journal-Nyo~!
Tiger. 10.4.
Mmm, I look forward to thee~ http://www.apple.com/macosx/upgrade/compare.html = comparison chart.

T-10 days. I haven't been this excited for an OS update for awhile. Then again, this is the first time I'm paying for it (via school's subscription, so it's only slightly less than $30), instead of getting it illegally.

Also, Firefox user? You might be at risk...

Proof-of-concept code targeting security holes in Firefox and the Mozilla Suite have started appearing on public mailing lists. An attacker could exploit the flaws to launch malicious code. But users can protect themselves by updating to Firefox 1.0.3 and Mozilla Suite 1.7.7.


Specifically, the concept code targets:

A glitch where the URL of a Web site "favicons" icon is not verified before being changed through JavaScript. An attacker can exploit this to launch malicious code with escalated privileges using a specially crafted "javascript:" URI. According to Favicon.com, a favicon is a customizable, multi-resolution image included on nearly all professionally developed sites.

An issue in the "_search target" function sites can use to open links in the Firefox sidebar. Two missing security checks allow malicious scripts to open a privileged page [such as about:config] then inject script using a "javascript:" URL. This could be used to install malicious code or steal data without user interaction.</>
5 happy kittens | Leave catnip
porsupah From: porsupah Date: April 19th, 2005 06:29 pm (UTC) (Link)
Tiger does sound worth looking forward to - Dashboard and Spotlight are the obvious headliners, but there do seem to be a fair few little refinements and niceties too. Only irksome thing is that the only system I'll be able to install it on immediately and safely is Ocelot - Bunny's unsupported as of Panther, and Dormouse'll be joining it with Tiger, so they'll both need an updated version of XPostFacto. Bunny doesn't have space for another installation, and it's my the system I normally use for browsing, mail, and so on, so I don't really want to take the risk, and XPF probably won't work on Dormouse, given it's new to the club. (And no DVD drive, either, though it might be possible to use Carbon Copy Cloner to image over Ocelot's installation. Or I can try figuring out the secret sauce that bootp requires, to be able to serve the installer image as a network bootable volume)
ibneko From: ibneko Date: April 19th, 2005 10:32 pm (UTC) (Link)
I don't know about Spotlight, actually... Dashboard might be useful, but as of right now, I'm using QuickSilver, combined with the menu interface, so a quick double-tap of shift, or apple-shift-1 will pull up a search field in the menu bar, combined with varied actions, makes it quite powerful.

Hehe, secret sauce.
jaiwithani From: jaiwithani Date: April 19th, 2005 09:58 pm (UTC) (Link)
Hey, beats paying a gazzillionty for the same features on Longhorn when it comes out...eventually. In the meantime ::keeps kicking Linux::

Oh, noodles. Mozilla needs a better update mechanism. The whole "uninstall every version for everyn security update" thing gets old quickly...::runs over to get update anyway::
contrasedative From: contrasedative Date: April 20th, 2005 10:07 pm (UTC) (Link)
Why did I read "kicking" as "licking"?

(Answer: It's Academic killed my brain.)
ibneko From: ibneko Date: April 20th, 2005 10:09 pm (UTC) (Link)
Hahaha~ I'm not sure I want to lick the penguin though...
5 happy kittens | Leave catnip