http://hothardware.com/cs/forums/62.aspxiPods, iPhones - mobility, you get the ideaenCommunityServer 2008.5 SP2 (Build: 40407.4157)http://hothardware.com/cs/forums/thread/442420.aspxSun, 09 Dec 2012 06:46:34 GMTba4e517a-01ef-48a6-b096-821b95afe388:442420OSunday0http://hothardware.com/cs/forums/thread/442420.aspxhttp://hothardware.com/cs/forums/commentrss.aspx?SectionID=62&PostID=442420<p>&quot;Hipster&quot; vulnerabilities...</p> <p>This was intentional by the hipster community to be able to infiltrate our phones</p><div style="clear:both;"></div>http://hothardware.com/cs/forums/thread/442409.aspxSun, 09 Dec 2012 02:13:08 GMTba4e517a-01ef-48a6-b096-821b95afe388:4424093vi10http://hothardware.com/cs/forums/thread/442409.aspxhttp://hothardware.com/cs/forums/commentrss.aspx?SectionID=62&PostID=442409<p>Instagram users vulnerable to hack...</p> <p>So... hard... to... care....</p><div style="clear:both;"></div>http://hothardware.com/cs/forums/thread/442404.aspxSun, 09 Dec 2012 01:53:28 GMTba4e517a-01ef-48a6-b096-821b95afe388:442404theemilio_crazy0http://hothardware.com/cs/forums/thread/442404.aspxhttp://hothardware.com/cs/forums/commentrss.aspx?SectionID=62&PostID=442404<p>This is too bad</p><div style="clear:both;"></div>http://hothardware.com/cs/forums/thread/442391.aspxSun, 09 Dec 2012 00:26:40 GMTba4e517a-01ef-48a6-b096-821b95afe388:442391Dorkstar0http://hothardware.com/cs/forums/thread/442391.aspxhttp://hothardware.com/cs/forums/commentrss.aspx?SectionID=62&PostID=442391<p>Oh no, all the sepia photos of my gourmet hamburgers could be deleted!</p><div style="clear:both;"></div>http://hothardware.com/cs/forums/thread/442380.aspxSat, 08 Dec 2012 16:13:35 GMTba4e517a-01ef-48a6-b096-821b95afe388:442380News0http://hothardware.com/cs/forums/thread/442380.aspxhttp://hothardware.com/cs/forums/commentrss.aspx?SectionID=62&PostID=442380<div class="newsText" id="dvPreComment"><img alt="" src="http://hothardware.com/newsimages/Item23620/instagram-logo.jpg" style="float: right;" />Security researcher Carlos Reventlov discovered a vulnerability in <a href="http://hothardware.com/Tags/instagram.aspx">Instagram</a> version 3.1.2 on the <a href="http://hothardware.com/Tags/iphone.aspx">iPhone</a> 4 (iOS 6) that leaves users’ Instagram accounts open to attacks. Specifically, users are at risk for partial eavesdropping and man-in-the-middle attacks that a ne’er-do-well could use to delete photos or even take over a user’s account and download private photos.<br /> <br /> Instagram’s login and profile data are sent via a secure <a href="http://hothardware.com/Tags/https.aspx">HTTPS</a> connection, but other requests are sent through plain ‘ol HTTP that uses only an unencrypted cookie for authentication. If an attacker is connected to the same LAN as a given user’s iPhone, the game is on.<br /> <br /> <div style="text-align: center;"><img src="http://hothardware.com/newsimages/Item23620/instagram-hackable.jpg" alt="Instagram hackable" /><br /> </div> <br /> “An attacker on the same LAN of the victim could launch a simple arpspoofing attack to trick the iPhones into passing port 80 traffic through the attackers machine,” wrote Reventlov. “When the victim starts the Instagram app a plain text cookie is sent to the Instagram server, [and] once the attacker gets the cookie he is able to craft special HTTP requests for getting data and deleting photos.”<br /> <br /> Reventlov’s suggested fixes appear relatively simple to implement. He suggests using HTTPS for all API requests containing sensitive data and a body signature for unencrypted requests. He submitted his findings and a proof of concept to Instagram nearly a month ago, and according to his website, he received only an automated response. As of November 20th, the vulnerability remained unpatched.</div><div class="newsTextBody" id="dvBody"></div><div class="newsText" id="dvComment"></div>