[cryptography] The 90s called, they want their security UI-spoofing bugs back

Peter Gutmann pgut001 at cs.auckland.ac.nz
Mon Nov 29 21:26:41 EST 2010


One of the things that new devices seem to inevitably do is reinvent security
holes that were extinct everywhere else years ago.  Someone recently pointed
out that the iPhone allows URL-bar and security-UI spoofing from circa 1996,
including spoofing of EV-status UI:

http://blogs.sans.org/appsecstreetfighter/2010/11/29/ui-spoofing-safari-iphone/

Apparently Apple "are aware of the implications but do not know when and how
they will address the issue".

Peter.




More information about the cryptography mailing list