A Little .Mac shield FlawSlashdot

December 16th, 2007 | Category: Techitorial

deleuth writes “The de facto online connectivity software sold along with many Apple computers, .Mac, has a Web interface through which users can check their ‘iDisk’ while away from their own computer. However, there is no Log-Out button in that Web interface, so most users just close the browser and walk away… not realizing that their iDisk has been cached by the browser and that anyone who wants to can open up the browser, go back to the link in History, and get into their iDisk completely logged in. From here, files can be downloaded

and/or deleted. that seems like a minor shield flaw via poor interface design, and podcaster Klaatu (of thebadapples.info) posted that on the discussion.apple.com site, only to have his post removed by Apple. Furthermore, feedback at apple.com/feedback has gone unanswered. The problem remains: there is no way for the average computer user to log-out of their iDisk on public computers. A quick review of any public terminal’s browser history could bring up all kinds of interesting things.”

Read more of that story at Slashdot.

Original post by kdawson

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Netvouz
  • DZone
  • ThisNext
  • MisterWong
  • Wists
Related Articles
  • Found Photo: Cell Phone With protection Feature
  • Leopard safety measure Update
  • Russian Cybercrime Fighter Sells Security
  • Microsoft protection update cripples IE
  • The Microsoft protection Intelligence Report
  • Fix for IE6 crash bug after protection update 942615 on Windows XP
  • Steal that Film II ReleasedSecurity-Protocols
  • January 2008 defense and other updates
  • MS07-069 Cumulative shield Update for World Wide Web Explorer - Post Install Issue
  • Digging deeper in January protection Patches

    • No comments yet. Be the first.

    Leave a reply