[deutsche Version]File Sharing Security Risks
This page demonstrate a security risk of the MacOS.
You can download a program that supersede Simpletext
as standard editor for simpletext documents
Let's imagine the following:
Alberts mac is in good state, the hard-disk is password-protected so
none of his coworkers can get confidential documents if he is not
there. He has shared a special folder called "public" so his
coworkers can upload documents for him:
Berta (name changed by editor) has downloaded the program you can get here. She uploads this program on Alberts Mac into his public folder. Albert doesn't notice something. The next time Albert double clicks a simpletext document, the MacOS doesn't start simpletext but the program "Mouse-Maintenance" instead. This program only shows a single dialog:
The program doesn't show where it come from or what the name of the program is. Albert can only press the OK Button, and the program quits. So Albert has little chance to find the cause of this strange message. But Albert is in luck: This program does not do any further harm.
Warning!
This program may drive innocent mac users crazy. Never put this program on the mac of your neighbours.
Technical Background
This program has a so called "creator-id" identical with Simpletext. The creator-id can be changed with standard tools freely available. If you click on a text document, the Finder trys to find the newest application on the same volumne with this creator-id. It ignores that the application is on a unsafe shared folder, so we got our security problem.home - contact - dev-zone
Copyright © 1998 by Karsten Meier. All Rights reserved.