You know those nifty "Widgets" that MacOS X 10.4 supports; those lightweight HTML/JavaScript objects that sit on a special desktop layer and can show you the weather/train timetables/your iTunes playlist/how all those APPL shares you bought are doing? Well, they can automatically install themselves without your consent, as this page demonstrates. The author even provides a goatse.cx widget (not auto-installed, mercifully) to underscore the potential for mayhem.

Meanwhile, a carefully-constructed trick webpage can cause Firefox to execute arbitrary code on any platform (such as, say, installing rootkits or botnet clients). The Mozilla Foundation have patched this, though it's not in the Debian distro yet.

Posted by: datakid | http:// | Sun May 8 23:06:47 2005

It's odd that you would mention debian - is that what you are running? Or is that what dev\null is served from?

Posted by: acb | http://dev.null.org | Mon May 9 10:32:53 2005

That's my distro of choice, and is used both on dev.null.org and my desktop Linux box.

Want to say something? Do so here.

Note to spammers: This comment system applies the rel=nofollow attribute to the poster's URL and all links. Posting links to this page will not improve their search engine rankings.

Display name:
URL:(optional)
To prove that you are not a bot, please enter the text in the image on the right in the field below it.

Your Comment:

Remember my details.

Please keep comments on topic and to the point. Inappropriate comments may be deleted.

Note that markup is stripped from comments; URLs will be automatically converted into links.