Tumblr Issues Emergency Security Update to Fix Password Sniffing Bug

Discussion in 'iOS Blog Discussion' started by MacRumors, Jul 16, 2013.

  1. macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    [​IMG]


    [​IMG]
    Tumblr has released an update to its iOS app, fixing a security issue that allowed the passwords of iPhone and iPad users to be compromised. The company has explained the security breach on its blog, noting that some versions of the app allowed the passwords to be detected in transit:
    Tumblr gave a statement to The Verge, noting that the company was "notified of a security vulnerability" introduced into its iOS app earlier today and therefore took immediate action to fix the issue and notify its affected users. It is unknown how many people may have been affected.

    Tumblr can be downloaded from the App Store for free. [Direct Link]

    Article Link: Tumblr Issues Emergency Security Update to Fix Password Sniffing Bug
     
  2. macrumors 68000

    AngerDanger

    Joined:
    Dec 9, 2008
    Location:
    Male
    #2
    Ahhhh, I love the smell of bug fixes in the morning. Some prefer the smell of passwords, but not this guy!
     
  3. macrumors 6502a

    Pakaku

    Joined:
    Aug 29, 2009
    #3
    Good, now I can share Sherlock, Dr. Who, and other softcore porn with peace of mind again ;)
     
  4. macrumors 6502

    Joined:
    Jul 6, 2011
    #4
    What Tumblr really need to do is fix the double post issue. I frustrates me when I reblog one post and it ends up being double posted
     
  5. macrumors 603

    ArtOfWarfare

    Joined:
    Nov 26, 2007
    #5
    And what's become of the developer who decided to broadcast login info like that?

    Do they not have internal code checking? Who reviewed that code? What made it so that two seperate people thought it was an okay protocol for login information?
     
  6. macrumors 68000

    Parasprite

    Joined:
    Mar 5, 2013
    #6
    Considering that the exact nature of the vulnerability and how many people were affected are unknown to us, the point is somewhat moot.
     
  7. macrumors 6502a

    ZacNicholson

    Joined:
    Jun 25, 2011
    Location:
    Indiana
    #7
    i only go on tumblr for porn or when a girl gives me a link to her nsfw photos :D
     
  8. macrumors member

    Joined:
    Jan 18, 2011
    #8
    Sniffed just the Tumblr password or the iPhone password?

    The article makes it sound like the bug allows eavesdropping on other passwords...not just the Tumblr password.
     
  9. macrumors 68000

    Parasprite

    Joined:
    Mar 5, 2013
    #9
    Considering many people have one password that they reuse everywhere, yes.

    Or at least one general "default password that I use for any site that I don't care about".
     
  10. macrumors regular

    jdogg836

    Joined:
    Jul 28, 2010
    Location:
    Oklahoma
    #10
    I used to be this guy, now I've beefed up all my passwords. I showed my mom how hers could be guessed. She uses very similar passwords consisting of a few words/initials/numbers. I used a password cracking program, entered what little bit I knew about her and all her passwords were cracked in less than 3 minutes on a fairly old computer. She has since toughened them up. But I would say that the tumblr situation just shows how leaking it in one place makes you vulnerable everywhere.
     
  11. macrumors 6502

    Joined:
    May 18, 2013
    #11
    too bad they deleted my account before i could activate it again
     

Share This Page