Get Better Gear!

Premier Sponsors

Other World Computing

TechRestore

Top 5 Free Apps

Release Date: August 05, 2009
Genre: Games
Release Date: May 22, 2009
Genre: Games
Release Date: August 29, 2009
Genre: Games
Release Date: March 27, 2009
Release Date: August 07, 2009

iTunes New Music Releases

Release Date: September 29, 2009
Genre: Rock
Release Date: September 20, 2009
Release Date: September 15, 2009
Release Date: August 25, 2009
Genre: Rock
Release Date: August 25, 2009

Top 5 Paid Apps

Release Date: April 22, 2009
StickWars $0.99
Release Date: March 31, 2009
Genre: Games
Bloons $0.99
Release Date: April 05, 2009
Genre: Games

Discover New Music

  • Plans

    • 8 out of 10
    • Death Cab for Cutie
    • With the introduction of Plans, Death Cab for Cutie became a new addition to many user's Artist list after the single "Soul Meets Body" became a hit on iTunes. Offering a fresh alternativ

  • Spanks for the Memories

    • 8 out of 10
    • Asylum Street Spankers
    • The Asylum Street Spankers are...well...The Spankers. Hailing from Austin, where I saw them live dozens of times, the band played entirely acousti

  • Never Let Me Down [ECD]

    • 4 out of 10
    • David Bowie
    • It must be a lonely place to be considered David Bowie's worst album by just about everyone, including the artist himself. As the last album before Bowie "rebooted" and formed the band Tin Machine, "N
  • Kind of Blue

    • 10 out of 10
    • Miles Davis
    • The jazz album to end all jazz albums. Miles Davis and John Coltrane and Cannonball Adderly and the list goes on. The who's who of who's who in jazz have assembled for this monumental record. Get this
  • Physical Graffiti

    • 10 out of 10
    • Led Zeppelin
    • This album bears every flavor of genius from the five records that came before. It is, I believe, the band's finest. With Physical Graffiti, Zep came raging back to their musical home territory -- har

Reader Specials

Visit Deals On The Web for the best deals on all consumer electronics, iPods, and more!

News

Researcher Fed Up, Reveals iPhone Vulnerabilities

Back in July, Aviv Raff, told Apple about two iPhone issues that he considered to be vulnerabilities. Updates 2.0.1, 2.0.2. and 2.1 came and went with no fix, so Mr. Raff went public with the details.

All that Apple has said, according to Mr. Raff, a security researcher in Israel is that they’re still "working on it."

The first problem is related to the limited real estate on the iPhone screen. For some time now, desktop e-mail programs are designed to display, with a hovering tooltip, the actual URL of a link, no matter what the text says. Apple Mail does that on the Mac.

On the iPhone, there is no hovering tip, and in fact, the iPhone truncates the URL due to limited space. As a result, a longer, malicious URL could look like a legitimate one. The author showed an example of a deceptive link to Facebook.

The second problem is one that has also been fixed in desktop systems, namely the link-back of embedded images. "This one is not just a trivial bug, it’s actually a pretty dumb design flaw, which was already fixed by all other mail clients ages ago. Whenever you view an HTML mail message which contains images, a request is made to a remote server in order to get the image. Most of the mail clients today requires you to approve the download of the images. This is done for a good reason," Mr. Raff wrote.

"If the images were downloaded automatically, the spammer who controls the remote server will know that you have read the message, and will mark your mail account as active, in order to send you more spam. This ’feature’ is also known as ’Web Bug’.

"The iPhone’s Mail application downloads all images automatically, and there is NO WAY to disable this feature!" Mr. Raff noted with dismay.

Mr. Raff suggested that the Mail application on the iPhone not be used until these issues are fixed.

Apple has a history of fixing bugs on their own schedule, not the schedule of researchers who report them. That can lead to some frustration, but in the end, Apple makes the call on which vulnerabilities get the highest priorities. Sometimes, fixing a security flaw disrupts an entire feature set, and reworking the feature, without the flaw, takes time. In any case, knowledge is better than ignorance for users, and, as usual, iPhone users should be Internet savvy and at least as smart as their smartphone.

Post Your Comments

  Remember Me  Forgot your password?

Not a member? Register now. You can post comments without logging in, but they'll show up as a "guest" post.

Commenting is not available in this section entry.