Safari Users: Don't Open "Safe" files after downloading
Go to preferences, general, and un-select that box. From “Apple Safari Browser Automatically Executes Shell Scripts,” via SANS and Eric Rescorla. Don’t miss Peter da Silva’s comment on Eric’s post. Eric, how do you get such good comments?
Adam – clearly you need to write a book.
It’s not really a Safari or Terminal issue. It’s a problem with BOMArchiveHelper and other archivers that all likely rely upon the same underlying libraries.
zip and tar files both, at minimum, can contain bogus metadata which is honored when launching the file in the Finder while the Finder displays the branding based on the file extension.
Furthermore, Stuffit Expander 10.0.1 honors the metadata just as BOMArchiveHelper does.
iVirus, Mr & Mrs Smythe, Shaking the Incumbents, Ping on convenience, Gmail on inconvenience
Curious that Apple’s Safari wasn’t mentioned in recent discussions about High Assurance certs. Which brings us to a rash of sightings of Mac Viruses. Well, three at least. Unfortunately the media can be relied upon to over-play the appearance of Mac Vi…