Mac users that have upgraded to Tiger - beware of widgets bearing gifts. Several sites on the web have been reporting on the possible use of 'malicious widgets', after Stephan Meyers created a pseudo-malicious widget to hilight the dual issues of OSX's auto installation of the small progettes, and the fact you can't remove them from the dashboard. Wired has this:
A security hole in Dashboard could expose users of Apple Computer's new Tiger operating system to attack, and may put personal information like passwords and credit card data at risk.
A new feature of Mac OS X Tiger, Dashboard is a suite of simple programs called widgets that often access information on the internet. Tiger comes preloaded with 14 widgets, including a world clock, a dictionary and a weather station.
For the convenience of users, most widgets automatically install themselves. But experts fear any program that auto-installs is ripe for exploitation.
Apparently, as a workaround, you can eliminate a rogue widget from your drive by deleting it's file in the the /Library/Widgets/ folder, or you can use the Widget Manager that is mentioned in the article. However, it's not the best situation for many users. After upgrading to Tiger I downloaded widgets left right and centre (I couldn't do without a hula-girl
or two on my desktop), but this will make me think twice before downloading any more unless I'm sure of the source. What about you