Hear us Roar
Article:
 |
|
A Look Inside Address Book
|
| Subject: |
|
Address Book and Security |
| Date: |
|
2002-08-29 10:05:31 |
| From: |
|
jonblock
|
Response to: Address Book and Security
|
|
I agree that such a malicious program could not become a worm through Mail.app, but Mac users will not necessarily restrict themselves to Apple mail clients. Entourage, Eudora, and others may be a different story. Either way, that only addresses the hostile code's worm potential.
It could still be harmful without being a self-replicating worm. Since (theoretically) all communications-related programs would use this common address book database, an attacker would have a defined target for virtually all possible software combinations on Jaguar machines.
The wetware factor (getting a person to run malicious code) is not as difficult as you might imagine. People launch attachments all the time, without paying attention to whether they're static images, videos, sound files, or actual programs.
In case I wasn't making myself clear about this, I'm not bashing Apple here at all. This has the potential to be a great feature. I'm just advocating that the database be treated like a secure information repository, with at least the ability to require programs to be individually authorized before being given access to it.
|
Showing messages 1 through 1 of 1.
-
Address Book and Security
2002-09-03 11:27:48
agave
[View]
|
| |
http://developer.apple.com/techpubs/macosx/AdditionalTechnologies/AddressBook/Concepts/WhatsInAB.html#BAJGJJAH
<blockquote>
The Address Book does not provide any security above what's provided by Mac OS X. Anyone who has read and write access to a user's home folder can also read and write that user's address book. For that reason, the Address Book may not be an appropriate place to store confidential information, such as credit card numbers.
</blockquote>