News

Apple's MobileMe highlights security flaw

Apple's recently launched MobileMe service has highlighted some of the problems which have increasingly been associated with web 2.0 applications.

Some iPhone users who signed up for a free trial of the online e-mail, address book and calendar application were given access to the content of other users' accounts.

Apple says it has resolved this security flaw, as well as the connectivity and synchronisation problems experienced after the launch of the service.

Owen Cole, technical director for F5 Networks UK said incidents such as the one that has affected MobileMe were becoming a regular occurrence.

"Flaws in the coding of online applications and vulnerabilities in web sites are all too apparent and application level security is becoming imperative if companies are to avoid getting egg on their face or worse," he said.

Ken Munro, director of the penetration testing division at NCC Group said application-level security was "beyond imperative".

He said although organisations had started getting the hand of infrastructure security and are implementing firewalls and patching web servers, hackers have developed new, far better ways of getting data out of applications.

Munro said the challenge now is to train software developers to write code securely from scratch.

"Lots of people advocate putting a web application firewall in the way, but that's really trying to paper over the crack. The application code itself has to be secure," he said.





Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy