John Leyden reports:
Tumblr’s iOS app fails to log users in through a secure (SSL) server, it has emerged. As a result users’ plaintext passwords are exposed to anyone able to sniff traffic on any Wi-Fi network an iOS user happens to use to connect to the popular cats’n’grumble free-content platform.
The wide-open security howler was discovered by a Reg reader during the course of auditing for his employer which iOS apps were permissible for use on corporate smartphones.
“I was asked to investigate various iOS apps at work to see if they are suitable for company use (no unauthorised access to company data, contacts, etc),” he explains.
Read more on The Register.
And kudos to the unnamed company who actually had their staff investigate what apps might be – or not be – safe for corporate use.