View Single Post
Old 10-20-2006, 07:10 AM   #20
arivero
Guru
arivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it isarivero knows what time it is
 
arivero's Avatar
 
Posts: 607
Karma: 2157
Join Date: Oct 2005
Device: NCR3125, Nokia 770,...
Quote:
Originally Posted by jęd
But seriously... I'm glad this was brought out in the open... I think it shows willingness to work with Irex in making their product better. Lets see how soon they fix this...!
I insist: it is not a security hole, so you do not need to fix it. It *seems* a security hole because it works the way www holes work, but it is a dialog window that only shows in the main console, so it is not a security issue. It is the same thing that claiming that GRUB has security holes!

The PDF hole in 2.4 was a different issue; just because the confirmation window was not drawn in the the screen (it was, but the screen was not updated, remember) there was possible to do a pdf asking the user "click in this cross, then click this one and see what happens", the seconf cross subtly drawn over the OK button. It needs not to be so ovvious, it could be for instance a sudoku square asking two sequencial clicks, or some "start demo" thing. In spain we call this kind of deception a "Cuartango" trick, because this researcher in the CSIC did some work on deception windows over MSWindows.

Last edited by arivero; 10-20-2006 at 07:26 AM.
arivero is offline   Reply With Quote