Separate names with a comma.
Discussion in 'MacRumors.com News Discussion' started by Habakuk, Jan 13, 2009.
Here's my opinion: We'll be getting a Safari update soon! Yay!
Good thing I don't use Safari to handle my RSS feeds.
Security Vulnerability Found in Safari RSS
Open source programmer Brian Mastenbrook has discovered a security flaw in the way that Safari handles RSS feeds. The vulnerability, which affects both Mac and Windows versions of Safari, could allow a malicious website to gain access to sensitive user data.
Mastenbrook reports that all OS X 10.5 Leopard users, regardless of whether they use Safari or RSS feeds, should protect themselves by choosing an application other than Safari for reading RSS feeds, an option available in the "RSS" tab of Safari's Preferences. Safari for Windows users should utilize a different browser until Apple issues a patch. Mastenbrook, who has received credit from Apple for reporting a number of security issues over the past year, says that Apple has not given a timeframe for a fix.
Article Link: Security Vulnerability Found in Safari RSS
The temp fix is very easy. Everyone should do so now:
Scary. Its amazing what people can do today. Everything was so simple before the internet
I hope people start realizing that Safari isn't, as apple puts it, "the world's best browser".......
So ... who makes the best RSS reader?
If this doesn't affect Mail, you can switch to that as your RSS reader. I've been using Mail as my RSS reader since Leopard came out. Works better than Safari did.
Firefox. Live bookmarks!
They say switch to an alternative RSS reader, but surely if you stick to reputable feeds this won't be an issue?
Should be interesting to see how long it takes Apple to release a patch anyhow.
thats bad for mac users. windows users are used to such things anyway.
i hope apple fixes that soon. i'm actually surprised that OS X allows that to happen. i guess lots of other apps have similar gaps.
Why not? No browser is immune to vulnerabilities.
It depends on how you use RSS feeds. If you read them like email, where each post deserves your attention, use Mail. If you use them just to see what's the latest on a particular website, Firefox live bookmarks are nice.
I use NetNewsWire just so I have syncing between my Mac and my iPhone.
First though I would see what programs are already in your Dock and check on their RSS options - if you already have Firefox, Safari, Mail, Thunderbird, or any other browser or mail program running, use those. No use in running another always-on program if you don't need to.
Like another poster said, if you are only getting RSS feeds from reputable sites (and no comments feeds - those could be bad), Safari should be fine.
Does this mean you'd have to subscribe to an 'infected' RSS feed in order to be vulnerable? ie, would you be okay to continue using Safari for RSS if you're only using reputable feeds, eg. MacRumors?
Edit - Whoops, skimmed through the posts and managed to miss the one that actually seemed to answer my question.. doh
I think its a matter of opinion what the BEST browser is. I think its safe to say what the world's WORST browsers are, in order:
So I think the "world's best browser" is ANY browser that isn't IE.
EDIT: I just realized that most standard cell phone browsers should be in that list too.
IE mobile (for WinMo) sucks ass. I used to have a Motorola Q and threw that thing as far as I could.
Let's see now. You joined MacRumors just this month and are already trolling away. So why are you here anyway? Are you a Mac user? A Windows fanboy?
So should we all crawl under our beds in fear now? I, for one, don't plan on doing anything. Notice that the "researchers" always use words like "might", "could", "maybe", "under certain conditions"? Isn't the only thing we have to fear supposed to be fear itself? Chicken Little's are always ready to wring their hands and fret. What a way to live one's life, in constant fear.
My RSS reader...
I have set Chess to be my RSS feed reader.
I think that should fix it.
Straight from Brian Mastenbrook's website:
So those who don't use RSS apps can just link up to Mail.app and be okay for now.
So how do you know that what you do use isn't just as vulnerable, hmmmm?
Has Safari 4.0 addressed this issue? I've already defaulted RSS to FF, though I've never used RSS...
Dude, I'm using IE8 right now, and aside from some minor bugs, it's really nice. I don't see how you can complain about something that's not even out of beta yet!
You're also forgetting that when IE6 came out, it was a really good browser. There were no CSS issues because there were no browser wars- IE6 was the internet.
Don't forget about IE for mac. That was one of the BEST browsers out there, for quite some time.
Damn. The only reason I use safari over firefox is because of the RSS reader!
This programmer guy could have waited to make the news public
Now hackers will know about it!