Register FAQ / Rules Forum Spy Search Today's Posts Mark Forums Read
Go Back   MacRumors Forums > News and Article Discussion > iOS Blog Discussion

Reply
 
Thread Tools Search this Thread Display Modes
Old Jul 16, 2013, 10:57 PM   #1
MacRumors
macrumors bot
 
Join Date: Apr 2001
Tumblr Issues Emergency Security Update to Fix Password Sniffing Bug




Tumblr has released an update to its iOS app, fixing a security issue that allowed the passwords of iPhone and iPad users to be compromised. The company has explained the security breach on its blog, noting that some versions of the app allowed the passwords to be detected in transit:
Quote:
We have just released a very important security update for our iPhone and iPad apps addressing an issue that allowed passwords to be compromised in certain circumstances╣. Please download the update now.

If you've been using these apps, you should also update your password on Tumblr and anywhere else you may have been using the same password. It's also good practice to use different passwords across different services by using an app like 1Password or LastPass.

Please know that we take your security very seriously and are tremendously sorry for this lapse and inconvenience.

╣ "Sniffed" in transit on certain versions of the app
Tumblr gave a statement to The Verge, noting that the company was "notified of a security vulnerability" introduced into its iOS app earlier today and therefore took immediate action to fix the issue and notify its affected users. It is unknown how many people may have been affected.

Tumblr can be downloaded from the App Store for free. [Direct Link]

Article Link: Tumblr Issues Emergency Security Update to Fix Password Sniffing Bug
MacRumors is offline   0 Reply With Quote
Old Jul 16, 2013, 11:06 PM   #2
AngerDanger
macrumors 65816
 
AngerDanger's Avatar
 
Join Date: Dec 2008
Location: location, location!
Ahhhh, I love the smell of bug fixes in the morning. Some prefer the smell of passwords, but not this guy!
AngerDanger is offline   1 Reply With Quote
Old Jul 17, 2013, 12:16 AM   #3
Pakaku
macrumors 6502a
 
Join Date: Aug 2009
Good, now I can share Sherlock, Dr. Who, and other softcore porn with peace of mind again
__________________
Mac Pro 3.1, Macbook Pro 5.1
Pakaku is offline   0 Reply With Quote
Old Jul 17, 2013, 12:38 AM   #4
KattDaDon
macrumors 6502
 
Join Date: Jul 2011
Location: New York, NY
What Tumblr really need to do is fix the double post issue. I frustrates me when I reblog one post and it ends up being double posted
__________________
iPhone 5s 64GB (Space Gray) | Mac Pro (Late 2013) | TV 3rd Gen. | Time Capsule 3TB 4th Gen. | AirPort Express 2nd Gen. | AirPort Extreme 6th Gen. |
KattDaDon is offline   0 Reply With Quote
Old Jul 17, 2013, 04:41 AM   #5
ArtOfWarfare
macrumors 603
 
ArtOfWarfare's Avatar
 
Join Date: Nov 2007
Send a message via Skype™ to ArtOfWarfare
And what's become of the developer who decided to broadcast login info like that?

Do they not have internal code checking? Who reviewed that code? What made it so that two seperate people thought it was an okay protocol for login information?
__________________
Don't tell me Macs don't last: 2007 iMac, 2007 Mac Mini, 2008 MacBook Air, all Vintage.
(iMac obsoletion: April 28, 2015, MBA: October 14, 2015, Mac Mini: March 9, 2016)
ArtOfWarfare is offline   0 Reply With Quote
Old Jul 17, 2013, 09:05 AM   #6
Parasprite
macrumors 65816
 
Parasprite's Avatar
 
Join Date: Mar 2013
Quote:
Originally Posted by ArtOfWarfare View Post
And what's become of the developer who decided to broadcast login info like that?

Do they not have internal code checking? Who reviewed that code? What made it so that two seperate people thought it was an okay protocol for login information?
Considering that the exact nature of the vulnerability and how many people were affected are unknown to us, the point is somewhat moot.
Parasprite is offline   0 Reply With Quote
Old Jul 17, 2013, 09:06 AM   #7
ZacNicholson
macrumors 6502a
 
ZacNicholson's Avatar
 
Join Date: Jun 2011
Location: Indiana
Send a message via Skype™ to ZacNicholson
i only go on tumblr for porn or when a girl gives me a link to her nsfw photos
__________________
follow me on twitter @zac_nicholson
watch my youtube www.youtube.com/mrzacnicholson
2011 13" MBP, iPhone 4 (jailbroken), iPad 3 32 GB Verizon(jailbroken), Apple tv 2(jailbroken)
ZacNicholson is offline   0 Reply With Quote
Old Jul 17, 2013, 12:43 PM   #8
mwebb
macrumors member
 
Join Date: Jan 2011
Sniffed just the Tumblr password or the iPhone password?

The article makes it sound like the bug allows eavesdropping on other passwords...not just the Tumblr password.
mwebb is offline   0 Reply With Quote
Old Jul 17, 2013, 12:57 PM   #9
Parasprite
macrumors 65816
 
Parasprite's Avatar
 
Join Date: Mar 2013
Quote:
Originally Posted by mwebb View Post
The article makes it sound like the bug allows eavesdropping on other passwords...not just the Tumblr password.
Considering many people have one password that they reuse everywhere, yes.

Or at least one general "default password that I use for any site that I don't care about".
Parasprite is offline   0 Reply With Quote
Old Jul 17, 2013, 07:02 PM   #10
jdogg836
macrumors member
 
Join Date: Jul 2010
Quote:
Originally Posted by Parasprite View Post
Considering many people have one password that they reuse everywhere, yes.

Or at least one general "default password that I use for any site that I don't care about".
I used to be this guy, now I've beefed up all my passwords. I showed my mom how hers could be guessed. She uses very similar passwords consisting of a few words/initials/numbers. I used a password cracking program, entered what little bit I knew about her and all her passwords were cracked in less than 3 minutes on a fairly old computer. She has since toughened them up. But I would say that the tumblr situation just shows how leaking it in one place makes you vulnerable everywhere.
jdogg836 is offline   0 Reply With Quote
Old Jul 21, 2013, 03:51 PM   #11
otismotive77
macrumors 6502
 
Join Date: May 2013
too bad they deleted my account before i could activate it again
otismotive77 is offline   0 Reply With Quote

Reply
MacRumors Forums > News and Article Discussion > iOS Blog Discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
When will we get first Mavericks update/bug fix? lbjandai OS X Mavericks (10.9) 4 Oct 28, 2013 12:43 PM
Could Apple have done something to fix the beta update bug? tymaster50 iOS 7 10 Jul 26, 2013 11:24 PM
Evernote Issues Password Reset After Security Breach MacRumors iOS Blog Discussion 37 Mar 17, 2013 09:08 PM
Podcasts iOS App to Receive Bug Fix Update Later Today [Update: It's Out] MacRumors MacRumors.com News Discussion 111 Aug 10, 2012 12:52 PM

Forum Jump

All times are GMT -5. The time now is 05:22 PM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC