  PC users rejoice, there's actually a serious MacOS X security issue that isn't just a urlLink hyped-up effort to sell software . Here's the rundown from Secunia: urlLink Mac OS X URI Handler Arbitrary Code Execution . And more information from insecure.ws urlLink Safari/help runscript: Proof Of Concept The short version is that links which use the disk: or help: URI handlers (earlier reports only tag the help: handler) can be rigged to run arbirary code (in the form of scripts) on the user's machine with the user's privs.
Anything you can do on your machine, the script could do. Apple may have actually known about this for several months (according to some who claim to have submitted the problem to Apple). Exploits have started to appear online, so the issues has become much more serious. Josh Larios (and others) have pointed out this method to "patch" yourself: Launch Internet Explorer. Go to Explorer -> Preferences. Go to Network -> Protocol Helpers Find the "help" protocol and click on it, then click "Change". Un-check "Use current application if possible". Click "Choose Helper". Click on the "Chess" application in your Applications folder, then click "Open".
Click "OK" in the Protocol Helper Editor. If you have a "disk" protocol, click on it and repeat steps 5 through 8. If not, click "Add" and create a "disk" protocol, then follow steps 5 through 8 for it. Of course this would come shortly after I got smug on a mailing list at Windows users suffering from SASSER. Heh. Edit: isophonicSoftware's DGTGF patcher only patches one aspect of the issue (again, thanks to Josh Larios), so don't rely on that for full protection. 
