digg

Join DiggAbout

The Digg Crew wants to hear your thoughts!
Please take our short survey about Digg and potential feature ideas.

See the original image at arstechnica.com —

Apple snoozes, researcher discloses risky iPhone UI flaws

arstechnica.com — Apple is arguably getting more proactive about iPhone security exploits. The iPhone OS 2.0 release fixed quite a few bugs, and last month's 2.1 update was no security slouch either. Still, in the face of Apple recruiting full-time iPhone hackers, an Israeli researcher has released details on two potentially dangerous—though seemingly innocuous—desi

show profanity settings
expand all
  • Pliep, on 10/03/2008, -20/+37The author must be kidding... you can actually make a URL look like something else? RED ALERT! RISK! FLAW!
    It must be a security flaw in ALL e-mail clients then, since you can make any URL have another text representation.
    • megamod, on 10/04/2008, -2/+15I think its talking about the way tap and hold works specifically. not how you can do this
      (a href="whitehouse.com")whitehouse.gov(/a)


      "but a tap-and-hold operation on the URL will truncate its address in a popup tooltip if it's longer than ~24 characters"
    • LuTze, on 10/04/2008, -1/+5Actually, definitely not all. In Thunderbird, if a incoming mail has something like this, it warns the user that this might be a scam mail and requires you to click through a dialog box before following the link.
  • WiseWeasel, on 10/04/2008, -1/+28The inability to prevent images from being loaded in the email app is a huge oversight, as that allows spammers to confirm that you've received and viewed their spam messages. The other one, meh, I don't follow email links from anyone but my trusted friends in any case.
    • 80hd, on 10/04/2008, -0/+16true.
      I delete all my mail from the inbox screen. but you only have to slip up once or twice for those jerks to start pounding your email address.
  • heysuburbia, on 10/04/2008, -4/+11I just wish there was away my App Icon Updates would go away after updating and Safari wouldn't crash 80% of the time.
    • Turbojugend27, on 10/04/2008, -9/+7stop trying to load flash porn sites and it should start working a little better
    • RDurfee, on 10/04/2008, -0/+9The Safari crashes are so damned frustrating!
      • MavRevMatt, on 10/04/2008, -3/+4So how's that iPhone working for you?
  • dubdope, on 10/04/2008, -19/+8apple is the new microsoft?

    android is and will be the more secure and better mobile OS.

    uh oh. queue the mac fanboys and their hurt feelings.
  • jserio, on 10/04/2008, -3/+5Can someone explain the first flaw (the bad URL)? From the photo, it seemed both URLs on the display were the correct facebook URL. So where and how is the phishing URL concealed?
    • dasluvaluva, on 10/04/2008, -0/+9Because the url actually goes to:
      "http://securelogin.facebook.com.someotherdomain.co ..."

      When you hover over the link, the ".someotherdomain.com" is truncated, making it seem like the URL takes you to facebook, when in actuality it takes you to a phisher's site.
      • jamshid, on 10/07/2008, -0/+1Not huge, but yeah all mail clients (and browsers) should always make it very clear to the user what servers are being used when loading a page, and what server the user's action (eg, clicking a clink or submitting a form) is going to.
  • {{sPaz}}, on 10/04/2008, -8/+4Interesting, especially considering the iPhone isn't marketed in Israel.
  • jmontes, on 10/04/2008, -4/+7Move along. Nothing to see here.
  • DJWilsonX, on 10/04/2008, -6/+3hackers should really start making mac viruses....just to shut up the fanboys/fangirls...irritate the hell out of me when they say...omg I have a macbook...macbook rulez..punch them in the face and shove them against the wall
    • CogitatorX, on 10/04/2008, -0/+3"Neeeeeeeeeeerd"- Homer J.
    • MacParrot, on 10/04/2008, -1/+6Wow! You're sure tough on the internet! Sure wouldn't want to meet you on a dark webpage!
  • rkor123, on 10/04/2008, -3/+1this is probably a jailbroken iphone because it hasn't reached Israel yet.
  • dysonlu, on 10/04/2008, -1/+3C'mon! People are asking for too much. These are advanced features, in the same realm as cut&paste. They'll eventually come, perhaps in iPhone 3G Gen 5. But who cares if the device can't display the entire URL, or song title for that matter. Be grateful you have a fancy GUI.
  • Wang, on 10/04/2008, -1/+3Sensationalist nonsense with no real substance. I agree with the previous comments - move along people, nothing to see here.
  • pyrates, on 10/04/2008, -3/+2Well this gives me another reason not to use the builtin mail.app on the iphone. The amount of people who are defending Apple for this are pathetic. Have a mind of your own.
  • iBros, on 10/05/2008, -0/+1I would bet Apple's response to this issue might be similar to their response about Cut and Paste - "It's not high on our priority list", which likely means they are dealing with some far worse exploits. Make no mistake, gutting OSX to get it on a mobile chip simply must have security ramifications that are causing a lot of hand wringing at Cupertino. Awareness of these issues is likely what initially led Apple to Sandboxing all apps and the rather excessive limitations we still see today.
  •  

    Login or register to add a comment

    Create a new account or login to join in the conversation on Digg. You'll also be able to Digg stories to help promote things you like.


© Digg Inc. 2008 — Content posted by Digg users is dedicated to the public domain.
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.