Comments on: Stealing More Files with Safari http://xs-sniper.com/blog/2009/02/13/stealing-more-files-with-safari/ Thoughts on Security in an Uncivilized World… Wed, 08 Sep 2010 02:39:08 -0700 hourly 1 http://wordpress.org/?v=3.0.1 By: mike face http://xs-sniper.com/blog/2009/02/13/stealing-more-files-with-safari/comment-page-1/#comment-749 mike face Tue, 24 Mar 2009 21:43:46 +0000 http://xs-sniper.com/blog/?p=219#comment-749 i like to share all your p@rn thru this exploit. i like to share all your p@rn thru this exploit.

]]> By: xssniper http://xs-sniper.com/blog/2009/02/13/stealing-more-files-with-safari/comment-page-1/#comment-735 xssniper Tue, 17 Feb 2009 06:29:34 +0000 http://xs-sniper.com/blog/?p=219#comment-735 @John - From a pure security engineering standpoint, giving the feed:// protocol access to the local file system is a bad idea. I'm not sure why the design is as it is, but I'm guessing that it is a side effect of loading the feed HTML templates from the local file system @John – From a pure security engineering standpoint, giving the feed:// protocol access to the local file system is a bad idea. I’m not sure why the design is as it is, but I’m guessing that it is a side effect of loading the feed HTML templates from the local file system

]]> By: Grab bag: Simplify Media and the stimulus package (Jarrett House North) http://xs-sniper.com/blog/2009/02/13/stealing-more-files-with-safari/comment-page-1/#comment-734 Grab bag: Simplify Media and the stimulus package (Jarrett House North) Tue, 17 Feb 2009 01:08:15 +0000 http://xs-sniper.com/blog/?p=219#comment-734 [...] Stealing More Files with Safari (Billy (BK) Rios) Explaining the XSS vulnerability in Safari’s RSS feed reader. Seems to have been a specific problem for the filtering strategy that Apple used to filter feed content. (tags: security xss safari) [...] [...] Stealing More Files with Safari (Billy (BK) Rios) Explaining the XSS vulnerability in Safari’s RSS feed reader. Seems to have been a specific problem for the filtering strategy that Apple used to filter feed content. (tags: security xss safari) [...]

]]> By: john fsck http://xs-sniper.com/blog/2009/02/13/stealing-more-files-with-safari/comment-page-1/#comment-731 john fsck Sat, 14 Feb 2009 09:36:13 +0000 http://xs-sniper.com/blog/?p=219#comment-731 Hey, just curious, any legitimate reason why feed:// would need access to the local filesystem? I thought it would behave similar to other cross domain situations. Hey, just curious, any legitimate reason why feed:// would need access to the local filesystem? I thought it would behave similar to other cross domain situations.

]]>