http://blog.0x0lab.org/2010/04/unsafe-iphone-applications/ Just another damn blog Thu, 18 Aug 2011 00:08:15 +0000 hourly 1 http://blog.0x0lab.org/2010/04/unsafe-iphone-applications/comment-page-1/#comment-5312 The Web has still not switched to SSL-only | DataProtectionCenter.com: Tech and Security - Data Recovery and Protection, Internet, Technology, Security, Reviews, Softwares Fri, 12 Aug 2011 14:13:04 +0000 https://blog.0x0lab.org/?p=127#comment-5312 [...] The situation is even worse in the mobile space. Most of the applications used on smartphones and tablets need to contact a web server to function: to retrieve advertising (Admob/Adsense Mobile), to get data from a web service, etc. But there is no way for the user to know whether sensitive information is sent over HTTP or HTTPS. There is no UI element equivalent to the lock shown in browsers and no visibility into the URLs. Researchers have illustrated that mobile developers cannot be trusted to secure communications, as all too often, they send user credentials in plain text. [...] [...] The situation is even worse in the mobile space. Most of the applications used on smartphones and tablets need to contact a web server to function: to retrieve advertising (Admob/Adsense Mobile), to get data from a web service, etc. But there is no way for the user to know whether sensitive information is sent over HTTP or HTTPS. There is no UI element equivalent to the lock shown in browsers and no visibility into the URLs. Researchers have illustrated that mobile developers cannot be trusted to secure communications, as all too often, they send user credentials in plain text. [...]

]]> http://blog.0x0lab.org/2010/04/unsafe-iphone-applications/comment-page-1/#comment-5303 The Web has still not switched to SSL-only | Triple-N Thu, 11 Aug 2011 23:00:16 +0000 https://blog.0x0lab.org/?p=127#comment-5303 [...] The situation is even worse in the mobile space. Most of the applications used on smartphones and tablets need to contact a web server to function: to retrieve advertising (Admob/Adsense Mobile), to get data from a web service, etc. But there is no way for the user to know whether sensitive information is sent over HTTP or HTTPS. There is no UI element equivalent to the lock shown in browsers and no visibility into the URLs. Researchers have illustrated that mobile developers cannot be trusted to secure communications, as all too often, they send user credentials in plain text. [...] [...] The situation is even worse in the mobile space. Most of the applications used on smartphones and tablets need to contact a web server to function: to retrieve advertising (Admob/Adsense Mobile), to get data from a web service, etc. But there is no way for the user to know whether sensitive information is sent over HTTP or HTTPS. There is no UI element equivalent to the lock shown in browsers and no visibility into the URLs. Researchers have illustrated that mobile developers cannot be trusted to secure communications, as all too often, they send user credentials in plain text. [...]

]]> http://blog.0x0lab.org/2010/04/unsafe-iphone-applications/comment-page-1/#comment-5302 The Web has still not switched to SSL-only | 2thepress.nl Thu, 11 Aug 2011 22:15:14 +0000 https://blog.0x0lab.org/?p=127#comment-5302 [...] The situation is even worse in the mobile space. Most of the applications used on smartphones and tablets need to contact a web server to function: to retrieve advertising (Admob/Adsense Mobile), to get data from a web service, etc. But there is no way for the user to know whether sensitive information is sent over HTTP or HTTPS. There is no UI element equivalent to the lock shown in browsers and no visibility into the URLs. Researchers have illustrated that mobile developers cannot be trusted to secure communications, as all too often, they send user credentials in plain text. [...] [...] The situation is even worse in the mobile space. Most of the applications used on smartphones and tablets need to contact a web server to function: to retrieve advertising (Admob/Adsense Mobile), to get data from a web service, etc. But there is no way for the user to know whether sensitive information is sent over HTTP or HTTPS. There is no UI element equivalent to the lock shown in browsers and no visibility into the URLs. Researchers have illustrated that mobile developers cannot be trusted to secure communications, as all too often, they send user credentials in plain text. [...]

]]> http://blog.0x0lab.org/2010/04/unsafe-iphone-applications/comment-page-1/#comment-409 baking toys Sat, 11 Sep 2010 12:15:42 +0000 https://blog.0x0lab.org/?p=127#comment-409 Awesome post. Awesome post.

]]> http://blog.0x0lab.org/2010/04/unsafe-iphone-applications/comment-page-1/#comment-270 Chris Sun, 22 Aug 2010 16:38:24 +0000 https://blog.0x0lab.org/?p=127#comment-270 Add Foursquare and Gowalla to that list (http://martinkou.blogspot.com/2010/08/foursquare-considered-harmful-dont-use.html) Add Foursquare and Gowalla to that list (http://martinkou.blogspot.com/2010/08/foursquare-considered-harmful-dont-use.html)

]]>