Slashdot Mirror
Huge iPhone Cut-and-Paste Tool Security Flaw
Harry writes "I'm using Pastebud, the new third-party copy-and-paste solution for the iPhone. It's extremely clever, using a Web-based clipboard to get around the fact that Apple doesn't provide one on the phone. Unfortunately, it seems to be giving users access to e-mails that other Pastebud users send to their clipboards. This has happened to me repeatedly and is being reported by other users in Pastebud's Get Satisfaction support forum. Pastebud is operational and still doing this as I write, even though a message at Get Satisfaction says they're working on the problem."
(NOTE: Jed Schmidt of Pastebud fixed the problem I discuss in this post yesterday night after I notified him about it. It affected only users-such as me-who misconfigured the service. Scroll down for details...)
Harry,
I've updated this issue over at Get Satisfaction[1], but let me just summarize what exactly was going wrong: you were inadvertently forwarding your emails not to your secret pastebud address, but to the address set as the from address for these emails, which was noreply@pastebud.com.
This happened to other folks too; instead of sending email to secret-random-string@pastebud.com, they were sending to noreply@pastebud.com. And everyone who was doing this ended up sharing the same clipboard.
Anyway, I just wanted to let you know that we've fixed it, and the changed will be live by the morning. You can find more details about the issue here[1].
Thanks again for bringing this to our attention, and let me know if there's anything else you need clarification on.
Jed Schmidt
Founder, pastebud