Has anyone else noticed this in Safari on PC? I just thought I'd ask to see if there was any way to fix it or is it just a quirk with the browser.

I'm just providing the link

Here's the link directly to adding your System Specs: http://www.techspot.com/vb/editprofile#systemspecs

Sorry I didn't clarify that.

It actually wont show system specs on a persons post. There's no little arrow next to "System Specs", it actually doesn't function. I even see the url add "#sysinfo" to the end but still nothing shows up. I can change my specs ok, I just can't view them outside the options and full profile view.

In Opera 9.x the system specs doesn't show up on your post right after you post it. It does for all the other posts in the thread. A refresh allows the pulldown menu though.

We will be upgrading the vBulletin version soon. Since we use their javascript code to show the system specs on the drop down that may have been already addressed. We will see then..

Safari has been hit hard lately by the malware writers.

Here is a bit of info for you - Microsoft Alerts Users to Carpet Bombing via Safari

That is a bit misleading Blind Dragon. It hasn't been observed in the wild yet, so it is still only a proof of concept.

I wouldn't be too scared of that exploit, it can't execute the files it downloads, you'd still have to do that manually. Hopefully you have an idea of what you have downloaded. It also appears you have to go to a specifically crafted page.

The 'security through obscurity' thing is probably going to make this a non issue considering how Safari has even less of a Windows user base than Opera. I am aware this affects OS X users too, but the design of the OS makes it impossible to deliver an executable (app file), they have to come in a container of some sort, which the user has to take action to do anything with it, and then even after that Leopard will warn you before you launch any program which you have downloaded for the first time, giving you details on it.

Apparently there's no good combination of speed and security. (Maybe firefox. :P, this is probably like the 4th time I'll consider switching back to it. After the problems I had been having with Opera 9.27)

Well, if you are going to keep using safari here is the recommendation they make.

"On May 30, Microsoft issues a security advisory that recommends users avoid using Safari until researchers have looked into the browser, and until appropriate updates are provided by either Microsoft or Apple. For ardent observers of the MS-Apple rivalry, it is easy to speculate about the motives behind such an advisory –but users should not lose sight of the real issue: that although this vulnerability exists in the POC realm, it might give hackers just the kind of scenario they might find useful in future attacks. Users are encouraged to change the download location of files by editing user preferences in Safari."

I read the security advisory on Microsofts site. "At the present time, Microsoft is unaware of any attacks attempting to exploit this blended threat. "

Then also:
Mitigating Factors:•
Customers who have changed the default location where Safari downloads content to the local drive are not affected by this blended threat.

It is a good scare story because it can happen, but it isn't happening across the web as of now and even if it was the user still would have to run the downloaded files manually. Its really a non-issue that is getting blow up to be this huge problem in the 'blogosphere'.

I do believe this equally can happen in IE7 as well? :P

You all can do what you want. I however, feel the need to at least warn people before they show up in the security section asking me why their desktop has new icons on it.


You are right the last quote there is from trend micro

---------------------------------------------------------------

I would call it more than a non-issue. Basically it appears that there are a number of security flaws playing on this one.

Safari doesn’t ask for user permission when downloading resources, which makes an easy target for Iframe attack.

Safari automatically downloads the files multiple times, storing copies of these in said folders without first waiting for user commands or showing some dialog box informing the user of what is happening.

It allows attackers to litter a victim's desktop with executable files

Security researcher Aviv Raff said that if this flaw is exploited in combination with bugs in Windows and Internet Explorer, attackers can run unauthorized software on a victim's computer.

More reason to stick with firefox. Especially with the new version fixing to be released

You can warn people that the potential for something bad to happen is there. What I don't like is seeing you wording it like the user needs to not use it or they will be comprimised. Not fully explaining it just perputates fear and spreads a bad word about Safari. Tons of exploits in software and operating systems are revealed all the time, many times weeks or months go by before they are officially fixed, if there is a real and present threat they will get more attention and fixed sooner. Microsoft's page on this indicates that they may release something to fix this when really it should be Apple doing it, but if Microsoft says that they may have the ability to do something on their end, if they deemed it serious enough they probably would. Apple hasn't fixed it because they don't see it as a big problem right now. I side with both Microsoft and Apple on this because it isn't a big problem right now, there are no cases where this exploit has been used outside of proof of concept yet. There is no need for an alarmist tone.

Beyond all that, its simply fixed by changing the default download directory. If anything you should warn people and tell them how to protect themselves. Rather than simply telling them their browser of choice shouldn't be used. I would suggest Opera 9.5 if Safari absolutely had to be avoided, but it doesn't.

Well that is my opinion. That an alarmist tone is needed. I don't really want to argue over something so minimal. The information for people to form their own opinions is in this thread, both through our post and the links provided. I personally would not use the browser until the patch is released, but that is my opinion. Our readers should and will form their own opinions, and no matter what you or I say, in the end some will still use p2p, they will still not use a 3rd party firewall, and they will still use a compromised browser.

I couldn't disagree with your stance more, but so be it. I'm going to go ahead and close the thread since Julio already answered what this was about, and all further discussion was off topic.

Sorry to bring this back, but its reopened for rebuttal of this post.

I hope you take the same 'Alarmist tone' with this that you found absolutely necessary for Safari. Safari's could even be rendered moot by changing the download directory, which was made known by Apple. Mozilla is sitting tight on this until they can get a patch out, leading me to believe that there isn't a simple end user fix.

But how is this any different from what I was describing with that issue in Safari?
Firefox 3 Vulnerabilities Could Affect Over 14 Million Computers - Security Flaws Discovered in Firefox 3.0

The difference is that the exploit for Safari was made public

However, I would still suggest installing spyware blaster along with FF3

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware

Apple made public a way to prevent the exploit. It was something anyone could do, change the default download directory.

Which I also suggested in my 2nd post of this thread

You stance has changed depending on which browser it is. As you noted, there is a way to immunize Safari. Yet you still recommended not using the browser until it is fixed. Here we have an undisclosed exploit(s) in FF and your recommendation is to use Spyware Blaster? Why the change of heart?