Slashdot Mirror

← Back to Stories (view on slashdot.org)

Watered Down Phishing Protection In IPhone OS 3.1?

Posted by CmdrTaco on from the i-feel-better-already dept.

CrazyCanucklehead writes "Security Researcher Michael Sutton discusses his findings when looking at the advertised anti-phishing features in the recently released iPhone OS 3.1. It turns out that the protection is far less than what is provided in OS X and the feature may not provide any protection at all."

11 of 98 comments (clear)

  1. Far Less than OS X by neonprimetime · · Score: 4, Insightful

    It turns out that the protection is far less than what is provided in OS X and the feature may not provide any protection at all.

    the iphone in general contains far less than what is provided in OS X so this doesn't come as a surprise to me.

    now, whether or not iphone 3.1 phishing protection is a big oversite on apple's part is another discussion and a worthy one at that

    1. Re:Far Less than OS X by Hurricane78 · · Score: 4, Insightful

      the iphone in general contains far less than what is provided in a real smartphone so this doesn't come as a surprise to me.

      There, fixed that for ya!

      *ducks*

      --
      Any sufficiently advanced intelligence is indistinguishable from stupidity.
    2. Re:Far Less than OS X by Monkeedude1212 · · Score: 2, Insightful

      The difference between Windows Mobile not having phishing filters and the IPhone not having phishing filters is that Windows Mobile never at any point gave you an illusion of protection.

      If you haven't been trained on basic internet usage - its VERY easy to fall for phishing attempts. We've been browsing the net for years now, and all it takes is someone who says "You can pay your bills online" for someone to try and google how to do it on their own and then fall into a trap.

      I'd say Cross Server Scripting has gotten the best of at least half my friends. Fortunately most of them didn't have any valuable information.

  2. Slight catch in that last sentence by The+Ancients · · Score: 2, Insightful

    FTA:

    If you work for Apple, please comment on why you went with watered down phishing protection on the iPhone.

    If anyone from Apple does comment, we'll not know for sure as they'll not be able to identify themselves sufficiently. As such, everything we do see will just be guesses. Some may make sense and quite probably be right, but who knows...

    --
    The Mothership
  3. I've got built-in phishing protection. by jtownatpunk.net · · Score: 5, Insightful

    It works really well. If I don't know how I got to a site, I don't enter my banking information. Simple. It's amazing how well that works. If I get an email from "my bank" asking me to click on a link to verify something, I don't click on the link. If I think that it has the slightest chance of being legit, I'll open a web browser and type my bank's URL in by hand and log into my account. If the original email was legit, I'll be prompted to do whatever it is they need. If I get an email asking me to reply with my username and password, I know it's a scam. How could anyone NOT know that's a scam? It's not frickin' rocket science.

    Instead of putting all this effort into anti-phishing technology, we should make people less stupid.

    1. Re:I've got built-in phishing protection. by Tom · · Score: 3, Insightful

      Instead of putting all this effort into anti-phishing technology, we should make people less stupid.

      Rational analysis tells me that's the wrong approach. Inventing a 100% reliable anti-phishing technology is considerably easier than making people less stupid.

      --
      Assorted stuff I do sometimes: Lemuria.org
    2. Re:I've got built-in phishing protection. by Anonymous Coward · · Score: 1, Insightful

      You Can't Fix Stupid - Ron White

    3. Re:I've got built-in phishing protection. by MobileTatsu-NJG · · Score: 2, Insightful

      Instead of putting all this effort into anti-phishing technology, we should make people less stupid.

      You can make people less ignorant, but there is no way to make them less stupid.

      You know, it's funny, chicks look at our fashion sense the same way we look at their understanding of the internet.

      --

      "I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)

    4. Re:I've got built-in phishing protection. by johndiii · · Score: 2, Insightful

      I agree with your point about no protection not being the best protection, but I don't think that the statistics that you cite demonstrate the point that you are trying to make. The notion that motorcycle crashes in general have a greater incidence of fatality means that behavior that causes crashes will correlate better with motorcycle fatalities than with passenger vehicle fatalities.

      A more meaningful number would be something like the number of crashes per vehicle mile. Or perhaps the number of injury-producing crashes per vehicle mile. Even then, a conclusion might be slippery, because motorcycles do not tend to get into minor accidents like parking lot fender-benders, but even a minor motorcycle accident is more likely to produce an injury than a passenger car accident.

      --
      Floating face-down in a river of regret...and thoughts of you...
    5. Re:I've got built-in phishing protection. by amoeba1911 · · Score: 2, Insightful

      The day you invent anti-stupid technology, the stupid will get stupider.

  4. I RTFA by mcgrew · · Score: 2, Insightful

    That's troubling. Phishing protection that doesn't work is more dangerous than no protection at all. At least if you know you have no protection you'll be more careful.

    --
    Free Martian Whores!