Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Comment Re:Heh (Score 3, Interesting) 125

As part of the attack, the anonymous researchers obtained a signature certificate from VeriSign for a company named Apple Computer

You have to fool VeriSign first, just like any other SSL man-in-the-middle attack, so I guess it depends on what you call easy.

Actually, as stated in the original blog post liked from the article, it was a demo signature certificate for a person named "Apple Computer". Such certificates are offered by VeriSign without validation. The problem is that the iPhone trusts such certificates, and that it doesn't make it clear that it isn't a validated organization name it publishes.

Comment Re:Apple and "security theatre". (Score 1) 484

The reason for the dialog you get when launching a downloaded application for the first time is to counter an otherwise existing flaw where an application could be disguised a document.

The key part of the dialog message is not that the file was downloaded from "the Internet", but rather the fact that the file is "an application".

Slashdot Top Deals

//GO.SYSIN DD *, DOODAH, DOODAH

Working...