lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 15 Nov 2013 00:23:33 -0500
From: Caspian Kilkelly <caspian@...dom-interrupt.org>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Another Apple Security Failure (Apple Mail on
 the iPhone)....


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

What version of IOS was this? I'm looking into something similar on
other apple platforms, but it doesn't seem consistently repeatable.

On 13-11-11 6:41 PM, Jeffrey Walton wrote:
> My iPhone does not store sensitive information. Its a phone an music
> player only. (I'm not sure it could save sensitive information if I
> needed it, as the following demonstrates).
>
> About 6 weeks ago, a colleague was having trouble adding an email
> account to his iPhone and sending email. I allowed him to add his
> account to my iPhone for testing. After testing, we deleted the
> account.
>
> My colleague was having trouble with Apple iPhone mail again this
> week. This time, I added my account to the phone. I used my account
> because he's remote and I don't want his password. Note: we use the
> same incoming and outgoing email servers.
>
> After running the setup wizard, my outgoing server was populated with
> his email credentials - both username and password.
>
> So much for deleting that username and password about 6 weeks ago.
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>


- -- 
Caspian Kilkelly
CISSP/CSM
+1.514.577.6311
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJSha/VAAoJEFQr1oY0cT5NJd4IAJqPrfCUCQUjPd+QipbFo5/H
ErUHM6kQe8A84tSvl88+lbGk5sCzJi7QVLodWk8RZgssrAOnORvBOreNwFU+UVwt
Twnm7KfmMPsSVV/36WtflE69u098Rs+dIRCKqGo9IYKyTBVI7e8bzdYr5DAniW+Z
8iF5eYZX/YwnYTFQgo31eSzzMKInZ1TNEPmj1jaD0qdRge95yJOzeG8lWSQqZAB8
LFlPzKexAp+ESrZwmQjegP9GjtD1caL5FvGq1nlmWCmFAtPe9tQpIiefw+mvK2Fc
cNO/XgxFofn+2wCzncKpSMQAuifqhSlSOXFi0G7cb9Wiop52XTkmMmV7L2NXpCo=
=YzRt
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ