lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAH8yC8mmAJB+eMLoOdVq2OO4QEPRMah4KBuxz39iVGDw6OHsTA@mail.gmail.com> Date: Fri, 15 Nov 2013 00:37:19 -0500 From: Jeffrey Walton <noloader@...il.com> To: Caspian Kilkelly <caspian@...dom-interrupt.org> Cc: Full Disclosure List <full-disclosure@...ts.grok.org.uk> Subject: Re: Another Apple Security Failure (Apple Mail on the iPhone).... On Fri, Nov 15, 2013 at 12:23 AM, Caspian Kilkelly <caspian@...dom-interrupt.org> wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > What version of IOS was this? I'm looking into something similar on > other apple platforms, but it doesn't seem consistently repeatable. iOS 7.0.3 (11B511) on a iPhone 4 (MD146LL/A). Jeff > On 13-11-11 6:41 PM, Jeffrey Walton wrote: >> My iPhone does not store sensitive information. Its a phone an music >> player only. (I'm not sure it could save sensitive information if I >> needed it, as the following demonstrates). >> >> About 6 weeks ago, a colleague was having trouble adding an email >> account to his iPhone and sending email. I allowed him to add his >> account to my iPhone for testing. After testing, we deleted the >> account. >> >> My colleague was having trouble with Apple iPhone mail again this >> week. This time, I added my account to the phone. I used my account >> because he's remote and I don't want his password. Note: we use the >> same incoming and outgoing email servers. >> >> After running the setup wizard, my outgoing server was populated with >> his email credentials - both username and password. >> >> So much for deleting that username and password about 6 weeks ago. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists