Sign In/My Account | View Cart  

advertisement

AddThis Social Bookmark Button

Article:
  A Look Inside Address Book
Subject:   Address Book and Security
Date:   2002-08-29 05:14:32
From:   senjaz
Response to: Address Book and Security

You've mentioned it yourself, this is only a problem if an executable could be launched without user interaction from an email.


Since I can't ever imagine Apple being so stupid as to add such abilities to Mail.app as exist in MS Outlook I think we have little to worry about.


The only problem then is tricking users into running such an executable, the I Love You worm on the PC for example. In that case it doesn't matter what Apple do there will always be people foolish enough to run such things.
Full Threads Oldest First

Showing messages 1 through 2 of 2.

  • Address Book and Security
    2002-08-29 10:05:31  jonblock [View]

    I agree that such a malicious program could not become a worm through Mail.app, but Mac users will not necessarily restrict themselves to Apple mail clients. Entourage, Eudora, and others may be a different story. Either way, that only addresses the hostile code's worm potential.

    It could still be harmful without being a self-replicating worm. Since (theoretically) all communications-related programs would use this common address book database, an attacker would have a defined target for virtually all possible software combinations on Jaguar machines.

    The wetware factor (getting a person to run malicious code) is not as difficult as you might imagine. People launch attachments all the time, without paying attention to whether they're static images, videos, sound files, or actual programs.

    In case I wasn't making myself clear about this, I'm not bashing Apple here at all. This has the potential to be a great feature. I'm just advocating that the database be treated like a secure information repository, with at least the ability to require programs to be individually authorized before being given access to it.
    • Address Book and Security
      2002-09-03 11:27:48  agave [View]


      http://developer.apple.com/techpubs/macosx/AdditionalTechnologies/AddressBook/Concepts/WhatsInAB.html#BAJGJJAH
      <blockquote>
      The Address Book does not provide any security above what's provided by Mac OS X. Anyone who has read and write access to a user's home folder can also read and write that user's address book. For that reason, the Address Book may not be an appropriate place to store confidential information, such as credit card numbers.
      </blockquote>