Quote:
|
Originally Posted by jęd
But seriously... I'm glad this was brought out in the open... I think it shows willingness to work with Irex in making their product better. Lets see how soon they fix this...!  |
I insist: it is not a security hole, so you do not need to fix it. It *seems* a security hole because it works the way www holes work, but it is a dialog window that only shows in the main console, so it is not a security issue. It is the same thing that claiming that GRUB has security holes!
The PDF hole in 2.4 was a different issue; just because the confirmation window was not drawn in the the screen (it was, but the screen was not updated, remember) there was possible to do a pdf asking the user "click in this cross, then click this one and see what happens", the seconf cross subtly drawn over the OK button. It needs not to be so ovvious, it could be for instance a sudoku square asking two sequencial clicks, or some "start demo" thing. In spain we call this kind of deception a "Cuartango" trick, because this researcher in the CSIC did some work on deception windows over MSWindows.