A Little .Mac Security Flaw

← Back to Stories (view on slashdot.org)

Posted by kdawson on Saturday December 15, 2007 @08:15PM from the case-for-thumb-drives dept.

deleuth writes "The de facto online connectivity software sold along with many Apple computers, .Mac, has a Web interface through which users can check their 'iDisk' while away from their own computer. However, there is no Log-Out button in this Web interface, so most users just close the browser and walk away... not realizing that their iDisk has been cached by the browser and that anyone who wants to can open up the browser, go back to the link in History, and get into their iDisk completely logged in. From here, files can be downloaded and/or deleted. This seems like a minor security flaw via bad interface design, and podcaster Klaatu (of thebadapples.info) posted this on the discussion.apple.com site, only to have his post removed by Apple. Furthermore, feedback at apple.com/feedback has gone unanswered. The problem remains: there is no way for the average computer user to log-out of their iDisk on public computers. A quick review of any public terminal's browser history could bring up all kinds of interesting things."

11 of 328 comments (clear)

Re:Apple's response? by mboverload · 2007-12-15 20:20 · Score: 5, Funny

> Am I the only one that notices that Apple's response to every problem is a swift "let's delete this topic and pretend the problem doesn't exist"? .. Seems like bad business practise to me.

0H N0ES U DIDNT APPLE IS TEH PERFECT
Security Through Obscurity by ookabooka · 2007-12-15 20:24 · Score: 2, Funny

podcaster Klaatu (of thebadapples.info) posted this on the discussion.apple.com site, only to have his post removed by Apple.

Ah, well, see, so long as Apple makes sure no knows about this, it won't be a problem. Surly everyone on Slashdot sees the validity of this strategy. (God I love my sig)

--
If you are about to mod me down, keep in mind that this post was most likely sarcastic.
In other news... by Dieppe · 2007-12-15 20:31 · Score: 4, Funny

Slashdot editor kdawson and Slashdot submitter deleuth mysteriously disappear...
1. Re:In other news... by ColdWetDog · 2007-12-15 22:56 · Score: 4, Funny
  
  Slashdot editor kdawson and Slashdot submitter deleuth mysteriously disappear...
  
  I don't know about M. deleuth, but if Apple's Reality Distortion Field(R) can make kdsawson disappear, I'm buying another Mac. Maybe two.
  
  --
  Faster! Faster! Faster would be better!
2. Re:In other news... by Pop69 · 2007-12-16 03:34 · Score: 2, Funny
  
  I'd buy a truckload if they could make Zonk go as well !
You are a heretic, sir! by Quiet_Desperation · 2007-12-15 21:29 · Score: 4, Funny

Anyone can slip up.

Ah, but this is Slashdot, where corporations are composed of primordial evil and capitalism is the beefy fart of the Devil. Every slip up is cause for running to the hills to prepare revolutionary strikes, and then run to the other hills and plan counter-revolutionary terror, and we all run around like decapitated chickens shouting comforting mantras like "Information wants to be free!" and "It am teh suk!"
Re:A minor flaw? Tosh. by Colin+Smith · 2007-12-15 22:32 · Score: 5, Funny

Indeed; I'm somewhat amused that this is described as a "minor" security flaw in the summary and blamed on the user interface. If it was a Microsoft web site it would be described as a major flaw and the foaming at the mouth would begin. Macs make up about 3% of the computer using population. This means all flaws are minor.

--
Deleted
Re:A minor flaw? Tosh. by kestasjk · 2007-12-15 23:27 · Score: 2, Funny

But that 3% is the most important group; the 3% containing Einstein and Picasso and Vivaldi, Mac evangelists one and all.

Basically if you see Einstein, Picasso, or Vivaldi, or even Gauss or Heisenberg, using a public computer then Apple will treat this vulnerability as serious.
Last I checked scientists, power-managers and artists don't use computers other than their own, so why should Apple care about this "vulnerability"?

--
// MD_Update(&m,buf,j);
Re:A minor flaw? Tosh. by vtcodger · 2007-12-16 02:05 · Score: 2, Funny

***It's not just the title, but to the article summary as well. And this is slashdot, when was the last professional Microsoft article here? 1993?***

I dunno. When was the last time Microsoft did anything professional?
I agree that Microsoft would get a lot of abuse in this venue even when they did things well/right. But if you ask me, Microsoft doing things well/right hasn't been much of an issue for quite some years.

--
You can't see ANYTHING from a car, You've got to get out of the goddamned contraption and walk...Edward Abbey
Re:A minor flaw? Tosh. by stuboogie · 2007-12-16 04:27 · Score: 5, Funny

"What's the point? It's the equivalent of when people had CompuServe in the early-to-mid 90s. They'd pay through the nose to use a proprietary web browser and get access to groups that only other CIS users could use. It's the internet for people that don't know what's out there for nowt, a gated net community."

hmmm...sounds familiar...what was the name of that?

Ah, Oh weLl.

I can't remember right now.
Re:A minor flaw? Tosh. by Dephex+Twin · 2007-12-16 18:06 · Score: 3, Funny

Do I ask myself questions and then immediately answer them? Yes.

--

If you want to make an apple pie from scratch, you must first create the universe. -- Carl Sagan