|
Linux
|
|
Written by Daniel
|
|
Monday, 15 October 2007 11:41 |
|
The problems with URI protocol handlers that are registered unnecessarily and with little thought given to security are not just limited to Windows, researchers say By Robert McMillan, IDG News Service, Info World
October 15, 2007 This week Microsoft said it would patch Windows to reduce the risk of a new kind of Web-based security vulnerability, but security researchers say that other operating systems are probably at risk too. In fact, Nathan McFeters, one of the researchers who has been studying the problem most closely says he hopes to present more details on how other Unix-based operating systems like Linux and Mac OS X may also be susceptible to what are known as URI (Uniform Resource Identifier) protocol handler flaws at the Toorcon hacking conference, being held next week in San Diego.
In an interview, McFeters said that he had not yet found a way to run unauthorized code on Unix-based operating systems, but that he and his fellow researchers had discovered a number of issues that looked like they could be grounds for further research.
The problem McFeters and others have been researching over the past few months has to do with the URI protocol handling technology, used to launch programs from within Web browsers. Probably the best known of these protocols is mailto, which is used to launch the mail client from within the browser.... More Comment in the Forums |
