Go to previous post:
And we’re proud of that pride, too.

Go to Electrolite's front page.

Go to next post:
Steve Gilliard

Our Admirable Sponsors

May 18, 2004

Return of imitation tech blogging. If you use OS X, read this and do what Liz Lawley suggests.

Jay Allen has more. (Via Dan Gillmor.) [09:46 PM]

Welcome to Electrolite's comments section.
Hard-Hitting Moderator: Teresa Nielsen Hayden.

Comments on Return of imitation tech blogging.:

David Goldfarb ::: (view all by) ::: May 19, 2004, 01:17 AM:

Urk. Thanks for the heads-up.

Larry Brennan ::: (view all by) ::: May 19, 2004, 01:51 AM:

Yoiks! I'm running OS X 10.2.6 and Firefox and the exploit worked. As well as the solution.

Many, many thanks!

Jon H ::: (view all by) ::: May 19, 2004, 07:46 PM:

Note that it's not just a web issue. The LaunchServices API is what is used to open files and URLs, and what figures out what to do with a given protocol, type, or extension.

There's a commandline tool called "open" which you give a filename or a URL, which it causes to be opened in the correct way. http URLs go to your default browser, etc. It uses LaunchServices to find the mapping and open the file.

In addition to typical URLs, the tool also opens the help: and disk: URLs which are a factor in this hole.

If you use MoreInternet to map help: and disk: to harmless applications, the mapping applies in the "open" tool, and should work anywhere that LaunchServices is used.

Robert L ::: (view all by) ::: May 20, 2004, 05:47 PM:

/whine/ This is too complicated...If I bring over my laptop, will you do it for me...? /end whine/

Matt McIrvin ::: (view all by) ::: May 21, 2004, 08:08 PM:

Apple has a security patch out on Software Update. It seems to just patch Help Viewer; if so then it wouldn't protect against exploits involving other protocols, but the Help Viewer hole is the doozy.

Robert L ::: (view all by) ::: May 21, 2004, 11:09 PM:

But seriously--I don't think I did this right. Or something. Downloaded the software, installed it--but when I click on the icon in System Preferences, all I get is a long list of protocols. One of them is "help"--but the only choice it gives me is add, remove, or change. "Change" gives a menu of just about every application on my hard drive. So what do I do? This doesn't match the description. I can remove "help" from this list, but that isn't what the description says.
--Puzzled in Loisaida

Jon H ::: (view all by) ::: May 21, 2004, 11:18 PM:

Robert,

The software lets you associate an application with a protocol.

Thus, when you select a protocol and click "Change", you get an Open Panel with which you can browse around your computer and find the application you wish to associate with the protocol.

What you want to do is select help, click Change, and select a program which is harmless, such as Chess.

Then, if something tries to twiddle a help: URI, instead of opening Help Viewer and wreaking havoc, Chess will open instead and nothing unpleasant will result. And you'll see Chess open up for no apparent reason, and know something tried to twiddle a help: URI.

Robert L ::: (view all by) ::: May 22, 2004, 01:24 AM:

Jon--Thanks, I think I get it now...So the idea is if Chess opens mysteriously when I'm trolling the Web, I know bad hackers are tryin' to mess w/ my files...?