Featured Articles

Intel releases tiny 3G cell modem

Intel releases tiny 3G cell modem

Intel has released a 3G cellular modem with an integrated power amplifier that fits into a 300 mm2 footprint, claiming it…

More...
Braswell 14nm Atom slips to Q2 15

Braswell 14nm Atom slips to Q2 15

It's not all rosy in the house of Intel. It seems that upcoming Atom out-of-order cores might be giving this semiconductor…

More...
TSMC 16nm wafers coming in Q1 2015

TSMC 16nm wafers coming in Q1 2015

TSMC will start producing 16nm wafers in the first quarter of 2015. Sometime in the second quarter production should ramp up…

More...
Skylake-S LGA is 35W to 95W TDP part

Skylake-S LGA is 35W to 95W TDP part

Skylake-S is the ‘tock’ of the Haswell architecture and despite being delayed from the original plan, this desktop part is scheduled…

More...
Aerocool Dead Silence reviewed

Aerocool Dead Silence reviewed

Aerocool is well known for its gamer cases with aggressive styling. However, the Dead Silence chassis offers consumers a new choice,…

More...
Frontpage Slideshow | Copyright © 2006-2010 orks, a business unit of Nuevvo Webware Ltd.
Tuesday, 30 November 2010 10:46

Apple's faith based security takes another hit

Written by Nick Farell
apple

Flaw allows scammers into iPhone OS
A security flaw, er feature, in Apple's iPhone OS allows ID thieves to trick the iPhone into thinking it is looking at a legitimate site.

Insecurity researcher Nitesh Dhanjani has been showing off how criminals can easily hide the true URL of a site from users by building a malicious Web application. Dhanjani showed how legitimate Web applications such as Bank of America's mobile banking application hide Safari's address bar after rendering the page.

Developers have to use this technique often because of the limited screen real estate on mobile devices like the iPhone. But Identity thieves and scammers could apply the same practice to conceal the actual URL of a fake site they've created and then duped users into visiting.

Dhanjani has reported the problem to Apple but it had not given any indication that they would fix the problem. Apple needs to modify iOS to prevent Web applications from hiding the URL, he said.

Dhanjani uncovered an Apple Safari vulnerability in 2008 that could be exploited with "carpet bomb" attacks. Apple initially told Dhanjani that it didn't consider the problem a security issue, it later issued a patch after others, including Microsoft, warned users to stop running Safari.

Jobs' Mob continues to claim it does not have security problems and that viruses only happen on Windows machines.
Last modified on Tuesday, 30 November 2010 11:58
blog comments powered by Disqus

 

Facebook activity

Latest Commented Articles

Recent Comments