An Israeli researcher Aviv Raff has gone public with security flaws in iPhone after what he terms two-and-a-half months of inaction from Apple.

Writes Raff on his blog:
I have disclosed the technical details to Apple few weeks before that post, in a hope to get those security issues fixed as soon as possible. Unfortunately, two and a half months later, and still there is no patch for those vulnerabilities. I've asked Apple several times for a schedule, but they have refused to provide the fix date.
Apple iPhone design errorsThe first is the URL display flaw in the iPhone's Mail that could allow an attacker to send a message containing a malicious URL that looks legitimate. "In most mail clients (example on your PC/Mac), you can just hover the link and get a tooltip which will tells you the actual URL that you are about to click," explains Raff in a blog post. "In iPhone it's a bit different. You need to click the link for a few seconds in order to get the tooltip. Now, because the iPhone screen is small, long URLs are automatically cut off in the middle."

This makes it possible for an attacker to create a long URL that displays a trusted domain while taking the user to another domain entirely, he explains. The user would only see the portion of the domain designed to look familiar and is more likely to click on the malicious link.

Opening the URL in the iPhone's Safari browser would not help as it too displays only a portion of the long URL.

The second bug according to Raff is in the iPhone's Mail application, which makes it easier for spammers to identify valid email accounts, and thus mark them for more spam.

Since iPhone automatically downloads all image attachments, and there is no way to disable this feature, it is easy for spammers to identify a working email account. "The spammer who controls the remote server will know that you have read the message and will mark your mail account as active in order to send you more spam," said Raff.

Raff recommends that since there is no way to disable auto-image download on the iPhone, users should refrain from using Mail until Apple patches the problem.

Raff calls this "a pretty dumb design flaw" which has already been fixed by most other mail clients ages ago.
Read more on "Apple iPhone design faults"!
Bookmark and Share
After months and months of speculation and rumor from all corners of the internet and beyond, downloadable content for the Wii version of Rock Band 2 has been confirmed. USA Today reports that the functionality has indeed been confirmed, and with the release of Rock Band 2, Wii owners will finally be able to spend the massive amounts of cash Xbox 360 and PS3 owners have been spending for the past year.

Rock band 2 singing snapshotWhile unannounced, MTV Games has confirmed that the upcoming Nintendo Wii version of ``Rock Band 2'' will offer the same online functionality — i.e. song downloads and Internet multiplayer modes — as the Microsoft Xbox 360 and Sony PS3 versions. The PS2 version, however, will not include online connectivity.

Source- Kotaku
Read more on "Rock Band 2- Wii DLC confirmed for Rock Band 2"!
Bookmark and Share