Article:  |
A Look Inside Address Book | |
| Subject: | Address Book and Security | |
| Date: | 2002-08-29 05:14:32 | |
| From: | senjaz | |
|
Response to: Address Book and Security
|
||
|
You've mentioned it yourself, this is only a problem if an executable could be launched without user interaction from an email.
|
||
Showing messages 1 through 2 of 2.
-
Address Book and Security
2002-08-29 10:05:31 jonblock [View]
-
Address Book and Security
2002-09-03 11:27:48 agave [View]
http://developer.apple.com/techpubs/macosx/AdditionalTechnologies/AddressBook/Concepts/WhatsInAB.html#BAJGJJAH
<blockquote>
The Address Book does not provide any security above what's provided by Mac OS X. Anyone who has read and write access to a user's home folder can also read and write that user's address book. For that reason, the Address Book may not be an appropriate place to store confidential information, such as credit card numbers.
</blockquote>
It could still be harmful without being a self-replicating worm. Since (theoretically) all communications-related programs would use this common address book database, an attacker would have a defined target for virtually all possible software combinations on Jaguar machines.
The wetware factor (getting a person to run malicious code) is not as difficult as you might imagine. People launch attachments all the time, without paying attention to whether they're static images, videos, sound files, or actual programs.
In case I wasn't making myself clear about this, I'm not bashing Apple here at all. This has the potential to be a great feature. I'm just advocating that the database be treated like a secure information repository, with at least the ability to require programs to be individually authorized before being given access to it.