Thoughtful, detailed coverage of the Mac, iPhone, and iPad, plus the best-selling Take Control ebooks.

 

 

Pick an apple! 
 
Springy Dock Tricks

If you drag a file and hover over Dock icons, various useful things happen which are similar to Finder springing. If it's a window, the window un-minimizes from the Dock. If it's a stack, the corresponding folder in the Finder opens. If it's the Finder, it brings the Finder to the foreground and opens a window if one doesn't exist already. But the coolest (and most hidden) springing trick is if you hover over an application and press the Space bar, the application comes to the foreground. This is great for things like grabbing a file from somewhere to drop into a Mail composition window that's otherwise hidden. Grab the file you want, hover over the Mail icon, press the Space bar, and Mail comes to the front for you to drop the file into the compose window. Be sure that Spring-Loaded Folders and Windows is enabled in the Finder Preferences window.

Visit plucky tree

Submitted by
cricket

 
 

Protect Yourself from the Mac OS X Java Vulnerability

Send Article to a Friend

One of the great things about Macs is how Apple has included a wealth of free and open-source tools in Mac OS X. This collection includes both major portions of the operating system (much of Mac OS X's Unix core), and numerous additional applications and components. Windows file sharing, printing, and even Safari are all based on open-source tools also used on other platforms. While this provides us with immeasurable benefits, it does present some potential liabilities on the security front. Like all software, these open source components occasionally suffer from security vulnerabilities, but since Apple doesn't control them, Apple can't necessarily make code fixes quickly, if at all.

This disconnect can result in a major security issue for Macs (and iPhones) when the vulnerability is patched for other platforms, but Apple fails to provide a fix. Apple has an unfortunate history of leaving some of these vulnerabilities unpatched for months, as is the case with a five-month-old vulnerability in Java.

As reported by researcher Landon Fuller, Mac OS X is vulnerable to a Java flaw that could allow an attacker to execute arbitrary code under the logged-in user's account. While perhaps not as bad as full administrative access, it still allows an attacker plenty of latitude to perform all sorts of nefarious activity on your system.

While an attacker could technically trick you into downloading and running a malicious program written in Java, it's far easier for them to trick you into visiting a malicious Web site and take over your system when your browser automatically runs their "bad" Java applet. Attackers have developed ways to sneak these onto even trusted Web sites, so merely sticking with known safe sites isn't sufficient to stay secure. Landon includes a demonstration exploit on his site, which clearly shows how an attacker could take over your system.

The best way to protect yourself is to turn off Java in your Web browser. This will break some Web sites, but until Apple provides a fix it's the only way to protect yourself.

To disable Java in Safari, go into Preferences and disable "Open safe files after downloading." Then click the Security tab, and uncheck "Enable Java."


To disable Java in Firefox, select Preferences and then the Content tab. As with Safari, uncheck "Enable Java."


Hopefully Apple will fix this soon, and stop leaving Mac users vulnerable to security flaws already fixed on other platforms.

 

Fujitsu ScanSnap Scanners — Save your business time and money
with our easy-to-use small ScanSnap Scanner line. Eliminate
paper piles by scanning documents, business cards, and receipts.
Visit us at: <http://www.ez.com/sstb>