The Null Device

Attack of the Dashboard Widgets

You know those nifty "Widgets" that MacOS X 10.4 supports; those lightweight HTML/JavaScript objects that sit on a special desktop layer and can show you the weather/train timetables/your iTunes playlist/how all those APPL shares you bought are doing? Well, they can automatically install themselves without your consent, as this page demonstrates. The author even provides a widget (not auto-installed, mercifully) to underscore the potential for mayhem.

Meanwhile, a carefully-constructed trick webpage can cause Firefox to execute arbitrary code on any platform (such as, say, installing rootkits or botnet clients). The Mozilla Foundation have patched this, though it's not in the Debian distro yet.

There are 2 comments on "Attack of the Dashboard Widgets":

Posted by: datakid http:// Sun May 8 22:06:47 2005

It's odd that you would mention debian - is that what you are running? Or is that what dev\null is served from?

Posted by: acb Mon May 9 09:32:53 2005

That's my distro of choice, and is used both on and my desktop Linux box.