Telstra has revealed the addition of almost one million new mobile services in the six months to December 2011, but Sensis revenues plummeted 24 percent in 12 months.
The first vulnerability is a phishing one involving the
iPhone's email application which can be used to view both HTML and
plain text messages. In HTML mode, link text can be set so that it is
different to the actual URL behind the link.
Most email clients avoid the obvious dangers
this poses by displaying a hover tooltip showing the actual destination
link no matter what the text itself may say. Not so the iPhone, which
instead of a hover requires the user click the link itself for a
tooltip.
Raff argues that "because the iPhone screen is small, long URLs are
automatically cut off in the middle. So, instead of
hxxp://www.somedomain.com/verylongpath/verylongfilename, you will get
in the tooltip something like www.somedomain.com/very...ilename."
If an attacker sets a very long subdomain, which is cut off in the
middle, it can look like a trusted domain and Safari for iPhone also
shows what appears to be a trusted domain in the address bar when
launched.
Then there is the spamming vulnerability, which Raff is adamant is not
just a trivial bug but a "pretty dumb design flaw" and one that was
fixed by most every other mail client ages ago. Anyone remember the
whole 'web bug' thing of many years back now?
It also involves the viewing of HTML mail messages, this time which
contain images. When you view that message a remote server request is
made to grab the image. Best practise requires most clients to get user
approval before such a remote image download is requested.
Not the iPhone. Why is this a problem? Because, says Raff, if the
images are downloaded automatically "the spammer who controls the
remote server will know that you have read the message, and will mark
your mail account as active, in order to send you more spam."
Unfortunately there is no work around for the web bug spam issue, and
Raff simply advises people not to use the iPhone mail application until
it is fixed.
The same advice applies to the phishing vulnerability, but if people
insist on using iPhone mail they should be very "careful with the
links" they click...
David Bass
| For the fourth year in a row, IDC has placed content security provider Websense (NASDAQ: WBSN) at the top of the IDC Worldwide Web Security 2011 –…
How to Make Business Discovery Work for Your Business
Business Discovery takes its cues from consumer apps. Like Google, it encourages us- ers to hunt for and explore data without worrying about or even noticing the underly- ing technology. Their entire experience is working within an intuitive interface to get real-time, self-service results with only minimal training. ...more
Try an easy-to-use set of web-enabled
tools for business-class productivity services. Office 365 provides
anywhere-access to email, important documents, contacts, and calendars
on almost any device.
LATEST HEADLINES FROM YOUR IT
