Slashdot Mirror

← Back to Stories (view on slashdot.org)

A Little .Mac Security Flaw

Posted by kdawson on from the case-for-thumb-drives dept.

deleuth writes "The de facto online connectivity software sold along with many Apple computers, .Mac, has a Web interface through which users can check their 'iDisk' while away from their own computer. However, there is no Log-Out button in this Web interface, so most users just close the browser and walk away... not realizing that their iDisk has been cached by the browser and that anyone who wants to can open up the browser, go back to the link in History, and get into their iDisk completely logged in. From here, files can be downloaded and/or deleted. This seems like a minor security flaw via bad interface design, and podcaster Klaatu (of thebadapples.info) posted this on the discussion.apple.com site, only to have his post removed by Apple. Furthermore, feedback at apple.com/feedback has gone unanswered. The problem remains: there is no way for the average computer user to log-out of their iDisk on public computers. A quick review of any public terminal's browser history could bring up all kinds of interesting things."

2 of 328 comments (clear)

  1. The Cult of the Mac by urcreepyneighbor · · Score: 1, Troll

    If you suppress bad news, it doesn't exist!

    --
    "The fight for freedom has only just begun." - Geert Wilders
  2. Re:No, incident does prove Apple is lacking ... by kelleher · · Score: 1, Troll
    You just don't get it. Either security is a corporate priority - then all employees (even forum admins) are educated about how to handle reported security issues - or it's not. It's that simple.

    Now stop acting like a brainless fanboy and think a bit.

    Apple screwed up.

    First they deployed an internet based service without a proper security review (or had it reviewed by less than qualified staff). And second, when it was reported they (sorry, but the forum admins do speak for the company - in this case perception equals reality) deleted the reports instead of providing helpful information and an eta for the fix.

    Now it's time for you to say it. Go ahead, say "Apple screwed up." Admitting you're a fanboy is the first step of recovery. It won't hurt you or Apple - I promise. But it will lift up the rose-tinted glasses you're wearing.