Sunday, November 26, 2006

This is relevant to 11% of my visitors

There has been some chatter about a security flaw in Safari, though as of yet there's no malware in the wild. You can fix the most serious issue by going to preferences and stop having Safari automatically open “safe” files. Even to my uninformed eyes, this looks like an atrociously bad feature, but it's the default setting. Given that Gruber was writing about this feature back in 2004, and again in 2006 it seems time to start entertaining the thesis that all the (extra) protection Apple has going for it is security through obscurity.

Update: it may be that the dmg problem doesn't actually pose a threat beyond forcing you to restart. That's reassuring, but doesn't change the badness of Safari's presets.

No comments: