Web Design Directory

  w   w   w   .   d   e   s   i   g   n   d   i   r   .   n   e   t
An industry leading web design, hosting and development directory. We bring together the best web designers and their customers. Find the lates website business news and updates.
Search DesingnDIR
Advertising | Submit Site »
   » Home Page / Industry News  
  Find Services Provider       Technology Stories        WebSite Services   
Researcher: Mac OS, Linux probably have URI issues too

2007-10-15 03:31:00

This week Microsoft said it would patch Windows to reduce the risk of a new kind of Web-based security vulnerability, but security researchers say that other operating systems are probably at risk too.

In fact, Nathan McFeters, one of the researchers who has been studying the problem most closely says he hopes to present more details on how other Unix-based operating systems like Linux and Mac OS X may also be susceptible to what are known as URI (Uniform Resource Identifier) protocol handler flaws at the Toorcon hacking conference, being held next week in San Diego.

In an interview, McFeters said that he had not yet found a way to run unauthorized code on Unix-based operating systems, but that he and his fellow researchers had discovered a number of issues that looked like they could be grounds for further research.

The problem McFeters and others have been researching over the past few months has to do with the URI protocol handling technology, used to launch programs from within Web browsers. Probably the best known of these protocols is mailto, which is used to launch the mail client from within the browser.

But any software developer can register their own application with the operating system. This leads to a somewhat risky state of affairs as programs are launched within the browser, sometimes without proper checks on the way they are being executed.

To date, hackers have found ways to run unauthorized software on the PC by sneaking commands into specially crafted Web links that use the URI protocols of several well-known applications. Microsoft had originally said that it was up to software developers to make sure their programs check the links so that they don't include malicious code, but this week it agreed to put some checks within the Windows operating system as well.

McFeters, a security researcher with Ernst & Young Global, says that often these protocols are registered unnecessarily and with little thought given to security. Even if it can't be used to install unauthorized software, a poorly designed URI protocol registration can end up giving attackers access to data and applications that they shouldn't be able to see, he added.

Last month, McFeters and Researcher Billy Rios showed how a flaw in Google's Picasa software could give an attacker access to any Picasa photos stored on the victim's hard drive. And URI protocol handler flaws have also been found in Adobe, Firefox, and Outlook Express.

Secunia Chief Technology Officer Thomas Kristensen agreed that the URI protocol handler problems will probably turn up on Linux and Mac OS X. "There is absolutely a chance that similar issues could exist on those platforms," he said.

He also agreed with McFeters that too many programs needlessly register protocols and urged corporate and commercial software developers to reduce their reliance on this technique.

"When people are designing the applications they're simply not thinking about how secure the environment is and how it's really working," he said.

GroundWork Monitor Open Source

Google's open source contest for youths

Cloudsmith readies directory of Open-Source code

Alfresco and Adobe partners on Social Networking Tools

Damn Small Linux 4.1 released

AJAX benefits, issues cited by Zimbra exec

5.1 of Community Enterprise OS released

Red Hat MRG beta improves speed 100-fold

SQLFusion announced the first public release of Radria

SourceForge opens eBay-like marketplace



   
» Web Hosting Interviews
Web Hosting interviews, news and reviews. Compare the Best web hosting providers.
» Daw - Web Hosting Blog
Views and Comments about Hosting Industry. News, Trends, Products and Sevices.
» Your WebSite Here
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371


» Submit your site to Web Design Directory

About Us | Advertising | Privacy | Terms Of Use | Contact Us

© DesignDIR.net 2003 - 2017, part of of Business Address Network. All Rights Reserved!