Tuesday, December 17, 2013

Software : Old Apple Safari browsers retain easily accessible IDs and passwords

Software : Old Apple Safari browsers retain easily accessible IDs and passwords


Old Apple Safari browsers retain easily accessible IDs and passwords

Posted:

Old Apple Safari browsers retain easily accessible IDs and passwords

Kaspersky Labs has discovered a flaw in Apple's Safari browser that lists user IDs and passwords in plaintext, according to a blog post made on the company's Securelist website.

The problem appears to derive from Safari's retention of browser history in the 'Reopen All Windows from Last Session' feature, which lets users quickly revisit the sites that they had been browsing in a previous online session. Most browsers have this feature and, though convenient, it isn't entirely safe.

Kaspersky has found that the document Safari creates to allow the restoration to occur is in plaintext format. The plaintext also contains whatever IDs and passwords may have been in use during the previous Safari session. The file is hidden, but isn't hard to find for something who knows what they are looking for.

Mauled on Safari

As the post states: "You can just imagine what would happen if cybercriminals or a malicious program got access to the LastSession.plist file on a system where the user logs into Facebook, Twitter, LinkedIn or their online bank account." It then adds: "As far as we are concerned, storing unencrypted confidential information with unrestricted access is a major security risk."

The security company has pointed the problem out to Apple, and also says that it is not aware of any malware that might be targeting the flaw. The blog post has been online since Friday, however, so there can be no certainty that malware-writers have not noticed and begun their work.

Apple's official security feed has been silent on the matter, but any form of panic would be immature: Kaspersky says the problem only affects OSX10.8.5 running Safari 6.0.5 and OSX 10.7.5 with Safari 6.0.5. Still, even if a small percentage of users can be affected, it would be imperative for Apple to fix the issue.

This posting includes an audio/video/photo media file: Download Now

Three Sony Xperia Z1 variants' benchmarks come in rip-roaringly fast

Posted:

Three Sony Xperia Z1 variants' benchmarks come in rip-roaringly fast

Leaked benchmark scores are again outing a trio of forthcoming handsets from Sony, suggesting the Japanese manufacturer may be about to take a good thing and multiply.

PhoneArena reported this weekend that Sony has not one, not two but a full three variants of its popular Xperia Z1 on the way, judging from leaked benchmarks recently discovered on the AnTuTu app for Android.

The first of the handsets popped up at the Federal Communications Commission (FCC) late last week as the Sony D5503, a model expected to be marketed as the Xperia Z1 Mini or Xperia Z1s.

That particular model put smiles on the faces of Sony fans with an impressive 34,193 score on AnTuTu - a snappy speed considering this is a smaller model of the company's flagship handset.

Wait, there's more!

Judging from the FCC filing, the Xperia Z1 Mini is downsized in only three areas: A smaller 4.3-inch display, lower 1280 x 720 resolution and a shrunken 2,300mAh battery.

That's about where the reduced specs end, thanks to the Qualcomm Snapdragon 800 processor with 2GB RAM which makes the diminutive model one worthy of consideration.

A second variant which scored an even higher 35,485 on AnTuTu is believed to simply be a refresh of the existing Xperia Z1, presumably with the requisite spec bumps in tow.

Last but not least, the so-called Sony Xperia Z1 LTE (C6916) topped out with an AnTuTu score of 36,257 and could be inbound for the US market on T-Mobile.

No comments:

Post a Comment