Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
Trust the World's Fastest VPN with Your Internet Security & Freedom - A Lifetime Subscription of PureVPN at 88% off. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×

Submission + - Safari "Carpet Bomb" Attack Still a Risk (

SecureThroughObscure writes: "Just a short time after Apple's recent acknowledgement of and patch of the Safari Carpet Bomb "blended" IE flaw, blogger Nate McFeters of ZDNet's Zero-Day blog has pointed to research by Billy Rios of Microsoft that shows that the attack is still useful in a "blended" attack, this time with Firefox 2/3. Rios claimed that he is able to use the Safari Carpet Bomb attack, despite the recent patch, to steal arbitrary files from victims who also have Firefox 2/3 installed.

McFeters pointed out that Apple, which took some heat for not originally patching the issue, actually did a good job of addressing the issue, as it was not originally understood that code execution was possible (the details came out later). Rios seemed to echo a positive response by Apple in addressing the original issue, despite the media's portrayal.

Details of Rios's specific attack vector have been withheld until Apple has had time to patch or respond to this issue, but both researchers (McFeters and Rios) commented on the new attack threat that these blended types of attacks provide, and questioned who's responsibility it is to test for and fix these issues.


Slashdot Top Deals

You know you've landed gear-up when it takes full power to taxi.