““Heise.jpg” may be an application. It was attached to a mail message and will be opened by Terminal. Are you sure you want to open it?”

I find this to be sufficient warning, but I don’t understand why everyone is not getting this warning. In any event, it is not clear that the “security shell exploit has been reintroduced.”

To try this more than once you have to delete the file from Library/Mail Downloads each time…

I have a PowerBook 1,25GHz running an all updated 10.5.1. Perhaps my machine is too slow to write the extended attributes before it’s already running the first time :-)

Remember, mail can easily be forged, and as Chucky points out, it would not be hard to have that JPG you click on send emails to 5 of your address book entries to pass it on.

The problem is that there are a number of historical PC worms that work by sending emails to people in your address book.

If such a worm ever appeared on OS X, folks would get emails from trusted addresses, with links to innocent seeming JPG’s. At that point, a lot of folks with perfectly good judgment would double click the JPG, and have hell break loose on their machine.

Trusting Mail.app and Finder.app to give you accurate information about what you’re dealing with and what the consequences of double clicking might be is crucial to protecting folks with perfectly good judgment.

Quicklook shows the document as an empty file icon, so you’ll know its not really a JPEG.

Seriously needs to be fixed though.

What puzzles me are two things – first, that some people are getting the Tiger-era alerts in Leopard Mail (so Jasonian suggests above) and, secondly, that people do not seem to exercise due caution with the content of their email and expect the mail client to make judgement calls about that is safe to open or not.

I agree that Mail should be smarter about this — and as you say, soon will be again — but it should never be a user’s first line of defence. Common sense should be.

If you choose “Get Info”, then under the “General” section you’ll see that Finder identifies the “Kind” as “JPEG image”.

(You’ll see that the “Open with” section (if it’s visible) says “Terminal”.)

Gruber will say what Gruber would say, but don’t you think it somewhat concerning that the OS *doesn’t know what it’s got*? Look at that file on a Linux machine and it is identified as type “plain text”.

OS X doesn’t know what it’s got.

To compound matters, although the OS is absolutely certain that it has a JPEG there, it will, nevertheless, blithely open the file, out of an email, in what is *not* what you’ve got set as the default editor for JPEGs.

I’m sure they’ll patch it pretty soon, so that it will ask. But what if someone clicks “yes” meaning “no”? And, more broadly, I have to wonder why it’s asking such a stupid question in the first place?

It would seem better if Apple made it so that their mail client couldn’t read this ridiculous “AppleDouble” encoding at all.