Dec 17, 2007
A severe .Mac security flaw surfaces
A severe .Mac security flaw surfaces: “
Apple’s stance on security is a bit confusing for me. On one hand, the company releases fixes for newly discovered security vulnerabilities within hours and on the other, they seem to sometimes ignore holes in their security infrastructure and delete topics on their discussion forums which report them. The most recently discovered security flaw, which has been around for quite a while now, concerns the iDisk feature of Apple’s .Mac suite, which gives you 10GB of web space that you can use to ’store, access, and share large files’. It is integrated with the Mac OS X Finder and can also be access through a web browser.
I have never had the pleasure of using iDisk (thanks to the lackluster state of broadband penetration in India) but it turns out that there is no option to log out of your iDisk account when you’re accessing it from a web browser. Therefore, those using the service on public computers just close the web browser when they’re done, and anyone who uses the computer next can easily open that person’s iDisk account from the browser history and do whatever he wants with the other person’s (private) files. Apparently, Apple deleted a topic posted on their official discussion board reporting this issue and have yet to respond to the feedback posted to them. As of this writing, the flaw still remains and there is no word on when Apple plans to fix it, if ever.
Till Apple wakes up and takes notice, we advise our readers to manually clear all the cookies whenever you are done using a public computer or any computer which is not exclusively used by you. This will ensure that you are logged out of any and all sites you visited during the session and will keep all prying eyes away from places they are not invited to. Any security related news related to Apple has a nasty habit of snowballing out of proportion, so we hope Apple addresses all concerns swiftly. The last thing they need is negative publicity just ahead of their biggest public event of the year. We’ll keep you posted.
Primary category: Security
Copyright Mac Publishing LLC. This RSS feed is for personal non-commercial use only. If you’re not reading this material in your news aggregator, the site you’re looking at is guilty of copyright infringement. Please contact webmaster@macworld.com so we can take legal action immediately.
“
(Via MacUser.)