Time for Apple to get serious about web services security
Posted by Dennis Sellers 
Aug 20, 2008 at 7:33am
It’s time for Apple to get serious about the security of its web services—and MobileMe specifically. So far we Apple users have claimed that there has been no verifiable breach of security by doing things “the Apple Way.” However, if Apple keeps leaving the door open and the media keeps putting out the signs for “attack here,” then it’s going to happen.
As noted by AppleInsider, security is a problem for web apps, as some sort of centralized authentication system is required to begin any type of secured transactions. And, as noted by Hack in the Box, the MobileMe service has highlighted some of the problems which have increasingly been associated with Web 2.0 applications.
Some iPhone users who signed up for a free trial of the online e-mail, address book and calendar application were given access to the content of other users’ accounts. Apple says it has resolved this security flaw, as well as the connectivity and synchronization problems experienced after the launch of the service. Owen Cole, technical director for F5 Networks UK, told Hack in the Box that incidents such as the one that has affected MobileMe were becoming a regular occurrence. “Flaws in the coding of online applications and vulnerabilities in web sites are all too apparent and application level security is becoming imperative if companies are to avoid getting egg on their face or worse,” he said.
Apple needs to get its act together, from a PR perspective, if nothing else. While Windows has been successfully overcoming its problems for roughly a decade simply by being the 800-pound gorilla in the room, it will only take one successful large-scale attack for Apple to get a disproportionately big black eye. Various pundits, Apple haters, and security firms (hoping for more security business) will all jump on Apple and bring up just one successful attack again, and again, and again.
Certified Unix has long considered security as part of its design. Apple needs to take the same approach to all their services and not just rely on the underlying architecture for our safety. There are many ways to get to our data, and Apple needs to make sure that they don’t create one that they can easily prevent.
(Thanks to my Macsimum compadre, J. Scott Anderson, for his help with today’s column.)
“Macsimum News” is a proud supporter of Planet Gumbo, which feeds the hungry. We urge you to help them in their efforts.
Kevin B Says:
This article is missing some words that complete thoughts. It also appears to be missing citations for any of its data. Largely, that there is some Apple-specific problem not being addressed, and there’s nothing in this article to support it.
“While Windows has been successfully for roughly a decade [...]”
Successfully what?
“[...] not just rely on the underlying architecture our safety”
Assuming you meant for our safety.
Posted on August 20, 2008
Dennis Sellers Says:
Kevin,
You’re right. Some phrases and at least one word were missing in the article. I must have somehow deleted them between writing and posting the article. Such is the danger with being your own editor. But I think I’ve made the corrections. Thanks for the heads-up.
Dennis
Posted on August 20, 2008
Article Information
Comment on this Article Print this Article Email this Article Digg This
Contributor
Dennis Sellers
Dennis has been a newspaper editor/reporter (seven years) and teacher (seven years). He has over 4,000 magazine, newspaper and online articles to his credit. He has also covered the Mac and tech industries for over a decade for such online publications as MacCentral, MacMinute and now MacsimumNews.
joe Says:
ya, apple needs to take security seriously… after all look at all the “virus” that have resulted from Apple’s previous efforts?
are you just going to add another one of these puff stories about security and the fact that apple users are vulnerable… when 5 year old reports of the same thing have yet to see a single report of a “problem” developing in mass?
what happen is Apple did take security seriously, and we are seeing the result of that, where MSFT did not, and it saw the result of that effort too. finally with vista, it runs so slow, it also is in a way taking security seriously, no on can get anything done on Vista to have any security breached.
Posted on August 20, 2008