Results 1 to 11 of 11

Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.


Thread: Facebook and Dropbox Security Issue Found - Easy Info Theft

  1. #1
    Default Facebook and Dropbox Security Issue Found - Easy Info Theft


    A recent security issue found by Gareth Wright with the official Facebook application was found allowing a malicious user to grab personal information from .plist files such as user login information. The device could be passcode-locked and be unmodified (non-jailbroken) to gain access to this information and the information could be very easily obtained – emphasizing the point you don't have to be jailbroken to be affected. The problem was not only affecting iOS devices, but also reportedly affected Android devices with the Facebook application installed.

    The same issue exists in the official Dropbox application, as information is stored as plain text and is not encrypted in any way whatsoever. This would give the hacker an opportunity to log into your Dropbox account and snoop through all of your files, edit them, or worse – delete them.

    The good news is, the security problem may have been blown out of proportion – as it would be more difficult than it seems to obtain this personal information. While the security flaw still exists, the biggest opportunity a malicious user could have the potential of stealing your information is with about two minutes of physical access to your iOS device – meaning that they were holding it in their hand, which is why stolen iOS devices have the greatest risk. On the other hand, the only practical way a hacker could remotely extract the data from your iOS device is by having some kind of information-slurping malware installed on your personal computer that you use to sync your iOS device to iTunes.

    Dropbox is currently in the process of updating their iOS application to make it more secure in terms of the way the application handles your personal information. This will make it much more difficult for a malicious hacker to obtain your personal information and put the application’s security on par with other iOS applications. They also tell us the Android version of the Dropbox application is not affected by this issue.

    Our best advice to you for keeping your personal information safe?
    • Keep all applications up to date – this helps ensure the best security
    • Keep an eye on your iOS device – if the wrong person gets their hands on it, this could spell 'trouble'
    • Always keep your computer's anti-virus software up to date – this will help you avoid information-slurping malware


    Sources: AppleInsider
    Last edited by Anthony Bouchard; 04-06-2012 at 02:09 PM.

  2. #2
    Wish Wright would work on a 5.1 untether jailbreak instead..

  3. #3
    H4CK3R's Avatar
    Join Date
    Jan 2012
    Location
    java.lang.IllegalStateException: Location unknown.
    Posts
    5,840
    Thanks
    63
    Thanked 268 Times in 256 Posts

    Be patient. It's not their fault you updated to 5.1, there have been a ton of warnings out there and people still update, It's common sense. They are trying their best with 5.1 but don't expect it to come anytime soon. Doing that stuff is very time consuming and they have no guaranteed pay.

  4. #4
    iPhone? More like MyPhone xerray's Avatar
    Join Date
    Nov 2009
    Location
    U.S.A.
    Posts
    206
    Thanks
    31
    Thanked 28 Times in 19 Posts

    where is this ".plist" file located exactly...
    It Takes One To Know One

  5. #5
    u know what upsets me about this is why cant they just encrypt all the information so we dont have these issues. R these developers just being lazy or is it harder then it sounds. I know encryption can be hacked also but why not just do it from the get go so you dont have all these security holes in your apps before hand.

  6. #6
    Quote Originally Posted by wolverinemarky View Post
    u know what upsets me about this is why cant they just encrypt all the information so we dont have these issues. R these developers just being lazy or is it harder then it sounds. I know encryption can be hacked also but why not just do it from the get go so you dont have all these security holes in your apps before hand.


    Because if there's is a minimal system wide encryption it will slow the device down and then if one person cracks it it becomes useless, the developers have to develop their own so it's harder for all apps to be cracked

  7. #7
    Quote Originally Posted by X H4CK3R X View Post
    Be patient. It's not their fault you updated to 5.1, there have been a ton of warnings out there and people still update, It's common sense. They are trying their best with 5.1 but don't expect it to come anytime soon. Doing that stuff is very time consuming and they have no guaranteed pay.
    Uh? What about the people with the new iPads?
    Sent from my iPhone 4.

  8. #8
    iPhone? More like MyPhone Beastly L92's Avatar
    Join Date
    Oct 2011
    Location
    New Braunfels, Texas
    Posts
    151
    Thanks
    0
    Thanked 2 Times in 2 Posts

    Quote Originally Posted by jose060789 View Post
    Uh? What about the people with the new iPads?
    Uh? They get to wait a couple of months. Kinda like they do EVERY. SINGLE. TIME. a new iOS device is released. That's what.

  9. #9
    it is their fault..It was shipped with 5.1

    Quote Originally Posted by X H4CK3R X View Post
    Be patient. It's not their fault you updated to 5.1, there have been a ton of warnings out there and people still update, It's common sense. They are trying their best with 5.1 but don't expect it to come anytime soon. Doing that stuff is very time consuming and they have no guaranteed pay.
    it is their fault..It was shipped with 5.1
    No Sig Spam

  10. #10
    Grumpy *T*'s Avatar
    Join Date
    Nov 2011
    Location
    Turn around slowly...
    Posts
    670
    Thanks
    122
    Thanked 48 Times in 39 Posts

    Information-slurping malware!

  11. #11
    iPhone? More like MyPhone
    Join Date
    Jan 2008
    Location
    New Jersey, USA
    Posts
    272
    Thanks
    3
    Thanked 25 Times in 21 Posts

    Quote Originally Posted by hudss View Post
    it is their fault..It was shipped with 5.1



    it is their fault..It was shipped with 5.1
    is it the jailbreaking devs fault that they purchased it?

    jailbreaking = FREE!!!

    and people still find a reason to complain. and I am sure I will get some more comments after this. probably like 'I know its free but "cry cry cry blah blah blah me me me me me"

Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •