Apple's MobileMe highlights security flaw


Apple's MobileMe highlights security flaw

Warwick Ashford

Apple's recently launched MobileMe service has highlighted some of the problems which have increasingly been associated with web 2.0 applications.

Some iPhone users who signed up for a free trial of the online e-mail, address book and calendar application were given access to the content of other users' accounts.

Apple says it has resolved this security flaw, as well as the connectivity and synchronisation problems experienced after the launch of the service.

Owen Cole, technical director for F5 Networks UK said incidents such as the one that has affected MobileMe were becoming a regular occurrence.

"Flaws in the coding of online applications and vulnerabilities in web sites are all too apparent and application level security is becoming imperative if companies are to avoid getting egg on their face or worse," he said.

Ken Munro, director of the penetration testing division at NCC Group said application-level security was "beyond imperative".

He said although organisations had started getting the hand of infrastructure security and are implementing firewalls and patching web servers, hackers have developed new, far better ways of getting data out of applications.

Munro said the challenge now is to train software developers to write code securely from scratch.

"Lots of people advocate putting a web application firewall in the way, but that's really trying to paper over the crack. The application code itself has to be secure," he said.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy