| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 11 Nov 2013 18:41:16 -0500 From: Jeffrey Walton <noloader@...il.com> To: Full Disclosure List <full-disclosure@...ts.grok.org.uk>, BugTraq <bugtraq@...urityfocus.com> Subject: Another Apple Security Failure (Apple Mail on the iPhone).... My iPhone does not store sensitive information. Its a phone an music player only. (I'm not sure it could save sensitive information if I needed it, as the following demonstrates). About 6 weeks ago, a colleague was having trouble adding an email account to his iPhone and sending email. I allowed him to add his account to my iPhone for testing. After testing, we deleted the account. My colleague was having trouble with Apple iPhone mail again this week. This time, I added my account to the phone. I used my account because he's remote and I don't want his password. Note: we use the same incoming and outgoing email servers. After running the setup wizard, my outgoing server was populated with his email credentials - both username and password. So much for deleting that username and password about 6 weeks ago. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists