Language Selection

English French German Italian Portuguese Spanish

Mac malware door creaks open

Filed under
Mac

Apple has been encouraging developers to create new widgets for Tiger's Dashboard--a semi-transparent layer of everyday, often-used applications such as a calculator or currency converter that appears over the user's desktop--but within days of its public release, one developer claims to have already found a way to turn widgets into potential malware.

Developer Stephan, who has posted the widgets to his blog, has created two mini-apps which he describes as "slightly evil." One widget, he says, will automatically install itself on users' desktops when his "Zaptastic" Web site is visited using Apple's Safari browser.

This, according to Stephan, is a golden opportunity for porn scammers, enabling them to auto-install widgets that can hijack browsers.

According to Stephan's blog: "I happen to like (auto-install). I think it's a great thing. But, as I have demonstrated here, it has the side effect of setting up a situation where a user can be given an application without their knowledge.

"That's not such a big deal; by default, widgets can't do much damage, and they can't run unless you drop them into your dashboard. The funny thing is that once that widget is there, according to Apple, you CANNOT remove it."

Full Story.

More in Tux Machines

Leftovers: Gaming

Android Leftovers

Leftovers: OSS

Security Leftovers

  • Sick of memorizing passwords? A Turing Award winner came up with this algorithmic trick
    Manuel Blum, a professor of computer science at Carnegie Mellon University who won the Turing Award in 1995, has been working on what he calls "human computable" passwords that are not only relatively secure but also don't require us to memorize a different one for each site. Instead, we learn ahead of time an algorithm and a personal, private key, and we use them with the website's name to create and re-create our own unique passwords on the fly for any website at any time.
  • Car thieves use 'mystery device' to break into vehicles
    A car manufacturer recalled more than a million cars following security concerns about car hacking, as the National Insurance Crime Bureau issued an alert about a "mystery device" being used to break into vehicles by defeating the electronic locking system of later-model cars. So-called connected car "convenience technology" could put consumers at risk. "Right now, what has happened is the digital key fob has become a way for someone to steal your car," NICB investigator James "Herb" Price said.
  • Security Considerations When Moving from VMs to Containers
    We recently ran a sponsored series from Fox Technologies on Linux.com. We want to thank the company for its support and for sharing useful information for SysAdmins and developers alike. Fox Technologies is continuing the conversation with a free webinar September 17 that will address security considerations in moving from VMs to containers. More information about this webinar is below.