Support Our Site
Get Better Gear!
- Notability For iPad: Much More Than A Note Taking App from Ginger Labs, Inc, US$0.99
- Scosche’s RH656m Headphones With Microphone Are Wonderful from Scosche, US$129.99
- IPEVO’s Typi Folio Case & Keyboard for iPad is First-rate from IPEVO, US$79.99
- Scosche’s boomSTREAM BT Speaker: Features & Compromises from Scosche, US$99.95
- FX Photo Studio HD: iPad Painting of Effects Made Easy from MacPhun LLC, US1.99
Top 5 Free Apps
iTunes New Music Releases
Top 5 Paid Apps
Discover New Music
- The Stooges
Another pillar of my musical foundations, The Stooges' first album is one those records whose influence far outweighed its popularity. Like The Velvet Underground & Nico, hordes of people wh
The Last 5 Years (2002 Off-Broadway Cast)
- Jason Robert Brown
- The soundtrack to this moving off-broadway musical is heart moving. The lyrics follow a couple in a relationship for five years, one point of view going forward in time, and the other tracing time fr
- Cake
Pressure Chief, Cake's latest album, didn't immediately grab me. In fact, it took perhaps half a dozen listens before I started truly enjoying it. Any
The Wall (Deluxe Packaging Digitally Remastered)
- Pink Floyd
- Okay, someone had to say it, and though others on the iPO staff are more qualified to review this album, I decided the time was now. This is the quintessential concept album. Though others came before
- Barenaked Ladies
- These guys know how to put on a live show, and whomever recorded this knows how to capture one. Rock Spectacle is one of the warmest-sounding recordings I've ever heard, and totally fills a room at a
Reader Specials
Visit Deals On The Web for the best deals on all consumer electronics, iPods, and more!
News
Researcher Fed Up, Reveals iPhone Vulnerabilities
Thursday, October 2nd, 2008 at 4:00 PM - by John Martellaro
Back in July, Aviv Raff, told Apple about two iPhone issues that he considered to be vulnerabilities. Updates 2.0.1, 2.0.2. and 2.1 came and went with no fix, so Mr. Raff went public with the details.
All that Apple has said, according to Mr. Raff, a security researcher in Israel is that theyre still "working on it."
The first problem is related to the limited real estate on the iPhone screen. For some time now, desktop e-mail programs are designed to display, with a hovering tooltip, the actual URL of a link, no matter what the text says. Apple Mail does that on the Mac.
On the iPhone, there is no hovering tip, and in fact, the iPhone truncates the URL due to limited space. As a result, a longer, malicious URL could look like a legitimate one. The author showed an example of a deceptive link to Facebook.
The second problem is one that has also been fixed in desktop systems, namely the link-back of embedded images. "This one is not just a trivial bug, its actually a pretty dumb design flaw, which was already fixed by all other mail clients ages ago. Whenever you view an HTML mail message which contains images, a request is made to a remote server in order to get the image. Most of the mail clients today requires you to approve the download of the images. This is done for a good reason," Mr. Raff wrote.
"If the images were downloaded automatically, the spammer who controls the remote server will know that you have read the message, and will mark your mail account as active, in order to send you more spam. This feature is also known as Web Bug.
"The iPhones Mail application downloads all images automatically, and there is NO WAY to disable this feature!" Mr. Raff noted with dismay.
Mr. Raff suggested that the Mail application on the iPhone not be used until these issues are fixed.
Apple has a history of fixing bugs on their own schedule, not the schedule of researchers who report them. That can lead to some frustration, but in the end, Apple makes the call on which vulnerabilities get the highest priorities. Sometimes, fixing a security flaw disrupts an entire feature set, and reworking the feature, without the flaw, takes time. In any case, knowledge is better than ignorance for users, and, as usual, iPhone users should be Internet savvy and at least as smart as their smartphone.
Recent Headlines
- Reading, Writing, & Saving the World
- Free Retro Gaming for iOS - Activision’s Kaboom!
- Apple Adds Chomp Bits to iOS 6 App Store Discovery
- Notability For iPad: Much More Than A Note Taking App
- Scosche’s RH656m Headphones With Microphone Are Wonderful
- Tim Cook & Larry Page Reportedly Discuss Patents
- Analysis: Amazon Kindle Fire Sold Out, Kindle Fire 2 Pic Leaked
Post Your Comments