i guess it doesn't matter, i only have leopard, and can't use it. Seriously hate that Apple only cares about the latest & greatest. and the rest gets shoved aside.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
FaceTime for Mac Beta Opens Up Security Hole to Allow for Compromised Apple IDs
- Thread starter MacRumors
- Start date
- Sort by reaction score
Yep. I for one don't give a rat's ass about any security flaw involving physical access. Don't let people you don't trust use your computer. It's that simple. Otherwise I think the problem goes far deeper than the computer, and as you mentioned, PEBKAC.
Looks like they've already disabled that panel. As others have said, it now reverts back to the previous panel and does not load any account details.
I don't care if people say it is just a beta, this is a big flaw and Apple should update this quickly, or should have seen this before the release. I am surprised at this.
I was going to say the same. If security really matters, don't install Beta software.
I also discovered, if you give someone physical access to your machine, it's possible for them to delete all your files and render the OS unbootable! And if they happened to bring their own USB key or blank disc, they could make copies of ALL your personal information!!
This is a huge security flaw! I demand a fix immediately!
This is a huge security flaw! I demand a fix immediately!
"If a user has physical access..."
... then the last thing you should be worried about is your FaceTime account.
... then the last thing you should be worried about is your FaceTime account.
When people like my mom want to do the video conference side of iChat I have to spend 10 minutes telling her how to do it over the phone.
When she wants to FaceTime she click on someone's user name.
That's the difference, as of the Beta. If Apple decides to intergrate them, that's great. But until then this is super easy for the less techincally inclined.
Remember, lowest common denominator.
mk?
While in beta people expect to find issues - its work in progress - so things aren't going to work as expected.
However, I wouldn't expect to find glaring security issues such as this one in a beta release ; issues such as this should have been ironed out previously.
However, I wouldn't expect to find glaring security issues such as this one in a beta release ; issues such as this should have been ironed out previously.
it lets you video chat with people on mobile iOS devices...
only requires an email address(mac/ipod touch) or phone number(iPhone) thus not relying on a AIM, mobileme, google talk etc service.
integration with address book is pretty sweet.
Crap ...
This is how my roomates got the naked self photos of me!! You mean you can put a password on your computer when you leave it places where other people are? Crap! I knew it!!
This is how my roomates got the naked self photos of me!! You mean you can put a password on your computer when you leave it places where other people are? Crap! I knew it!!
I have to say that I'm a bit shocked to see so many people displaying such a cavalier attitude towards this security problem. True, you potentially open yourself up to a host of security issues if you allow others to access your machine. But those security problems should be limited, as much as possible, to data actually on your computer. It should not be opened up by default to data stored on an external server. The corollary would be someone getting onto your computer and being able to easily access into your online bank account information. Yes, you shouldn't be stupid and leave yourself logged in. But guess what? All people do stupid things sometimes, and some people do stupid things all the time. That fact should be first and foremost in every developer's head.
What really amazes me is that they've been developing facetime for a ruddy YEAR now - they started it for the iPhone 4, which came out MONTHS ago... doesn't it seem like they could've released software for the Mac in MID OCTOBER that's not freakin' beta?! Just ridiculous.
Crippled iChat?!!
With iChat you have the ability to take over the other person's Mac you are chatting with at the time. Also you can show your screen. It also has the the ability to play a Quicktime or Presentation for the other person and the ability to see their face as you do your presentation. You can have up to 3 of your friends in a video chat or 9 other friends with audio chats. Plus you can do text chats, have special effects and green screen video effects with that person.
With FaceTime, you don't have to do any setup. You can do video chats with iPhone4 and iPod Touch (latest generation) users. It is crippled more than iChat.
Edit: Nevermind, I read it wrong. Facetime is crippled and I agree.
With iChat you have the ability to take over the other person's Mac you are chatting with at the time. Also you can show your screen. It also has the the ability to play a Quicktime or Presentation for the other person and the ability to see their face as you do your presentation. You can have up to 3 of your friends in a video chat or 9 other friends with audio chats. Plus you can do text chats, have special effects and green screen video effects with that person.
With FaceTime, you don't have to do any setup. You can do video chats with iPhone4 and iPod Touch (latest generation) users. It is crippled more than iChat.
Edit: Nevermind, I read it wrong. Facetime is crippled and I agree.
Meh, not big news.
It's beta, and given the publicity, it will most likely be fixed.
It's not so much a "hole", as you need physical access to the machine. It's not a good practice to ever display passwords or answers to security questions -- I expect this might have been something included in the beta for testing purposes. (i.e.: they planned to take it out of the production copy.)
Oh, and yeah, if someone has a hold of your computer, even for 1-2 minutes, they own it and your data, etc. It doesn't take long to install a keylogger, or create a new remote access account for your computer. So, basically, keep super private stuff safe by encrypting it in the Cloud, or on an encrypted USB Stick. Assume everything else is public.
It's beta, and given the publicity, it will most likely be fixed.
It's not so much a "hole", as you need physical access to the machine. It's not a good practice to ever display passwords or answers to security questions -- I expect this might have been something included in the beta for testing purposes. (i.e.: they planned to take it out of the production copy.)
Oh, and yeah, if someone has a hold of your computer, even for 1-2 minutes, they own it and your data, etc. It doesn't take long to install a keylogger, or create a new remote access account for your computer. So, basically, keep super private stuff safe by encrypting it in the Cloud, or on an encrypted USB Stick. Assume everything else is public.