I don't know about you, but if a person that I don't trust is logged in to my own computer with freedom to roam it, I'm worried about many more things than a compromised Apple ID.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
FaceTime for Mac Beta Opens Up Security Hole to Allow for Compromised Apple IDs
- Thread starter MacRumors
- Start date
- Sort by reaction score
1. Perhaps if it weren't already fixed in less than 24 hours. Also, this is BETA software.
2. Please explain how beta software would be installed on a public machine.
Again, how is FaceTime getting installed on those computers? You don't think they are maintained by an IT department that is NOT going to install beta software on those machines?
For all of those who choose not to read before posting, the problem is FIXED.
Temp Fix.
This seems to have been temporarily fixed. When you click on view account, the app pushes you back to the preferences screen.
This seems to have been temporarily fixed. When you click on view account, the app pushes you back to the preferences screen.
Facetime & iChat
Yes, it is practically a crippled version of iChat. why not implement FaceTime directly into iChat???
Isn't that practically common sense?!
I immediately dread the idea of having one more thing to worry about; one more buddy list, one more open app, one more account/password (if that's how it even works).
I say apple should release FaceTime as an extra component, within iChat.
Yes, it is practically a crippled version of iChat. why not implement FaceTime directly into iChat???
Isn't that practically common sense?!
I immediately dread the idea of having one more thing to worry about; one more buddy list, one more open app, one more account/password (if that's how it even works).
I say apple should release FaceTime as an extra component, within iChat.
Absolutely totally means nothing, not even a real security issue. I think using 4 charater password is a way more problem, or leaving your phone at the bar
I'd have rather they wait until they had a finished app, to tell you the truth, and nobody is "whining". ...at least, I'M not.
It just seems like they've been half-@ssing some things, it really doesn't take "5 million people" to turn out a fairly simple app like this. If it's done and its good, release it. If not, then don't say a damned thing about it. If it's not something you plan on getting right, then release the API and let someone else do it FOR you. It's pretty simple.
When Steve started talking about FaceTime: "...and the number one request we've been getting from users forFaceTime" I got so excited! I thought he was going to say that they were bringing it to 3G... But why would I ever think that, right?
Yeah, I agree. It all kind of seemed half-ass.
It shouldn't be released as a standalone app in the first place (read my post two steps above). I think its a sub-par app, that achieves so little, it doesn't deserve the publicity.
As a matter of fact, I wasn't too impressed with the keynote overall. Even the sneak preview for Lion, such as Launch Pad (which desn't seem much different than the current dock folders), and Mission Control (doing away with Exposé and Spaces) isn't necessarily any better than what is already present in OSX. It's like they're putting a new face onto OSX (read on).
Their primary focus now seems to be to bridge the gaps between iOS and MacOSX. They're trying to bring them both to a "common language." Sure, that is all great, but is it necessarily what's best for OSX? Perhaps they should be looking at it the other way around: instead of changing the face of OSX, they could bring iOS closer to OSX roots.
I mean, look at this new FaceTime app. Why couldn't it have simply been introduced into iChat, which already has a long-standing, solid, and SECURE base??
Yeah, I agree. It all kind of seemed half-ass.
It shouldn't be released as a standalone app in the first place (read my post two steps above). I think its a sub-par app, that achieves so little, it doesn't deserve the publicity.
As a matter of fact, I wasn't too impressed with the keynote overall. Even the sneak preview for Lion, such as Launch Pad (which desn't seem much different than the current dock folders), and Mission Control (doing away with Exposé and Spaces) isn't necessarily any better than what is already present in OSX. It's like they're putting a new face onto OSX (read on).
Their primary focus now seems to be to bridge the gaps between iOS and MacOSX. They're trying to bring them both to a "common language." Sure, that is all great, but is it necessarily what's best for OSX? Perhaps they should be looking at it the other way around: instead of changing the face of OSX, they could bring iOS closer to OSX roots.
I mean, look at this new FaceTime app. Why couldn't it have simply been introduced into iChat, which already has a long-standing, solid, and SECURE base??
I agree with you. So I'm not sure why you disagree with me
My disagreement with you was because you said it lax programming. Yes and no, but I took your post as it saying that it's Apple's responsibility to not show the user's information on the Facetime software. They could fix the software not to show it but I just think the user should be aware of their surroundings rather than expect the developer to protect them. Sorry if I misunderstood your post.
My disagreement with you was because you said it lax programming. Yes and no, but I took your post as it saying that it's Apple's responsibility to not show the user's information on the Facetime software. They could fix the software not to show it but I just think the user should be aware of their surroundings rather than expect the developer to protect them. Sorry if I misunderstood your post.
I thought that the protection of privacy was insured under the license agreement...
Even if I agree with you, it's more for Intel only than SL only. I know, you can have an Intel Mac and still be on Leopard but you can't have a PPC and be on SL (therefore the requirement).
On topic now, IMO this is a real (design) flaw... I mean, I know that anybody that has physical access your computer can see and access all your files and mess around but even if you're logged in iTunes, it hard to find those information and it's lame (even for a beta) to show those info just by a toggle of a button...
Grow some more braincells and then try to comprehend the problem. This simply isn't a problem, it's what happens when you're logged into any kind of service/application. It's like yelling Mail has a huge security bug because when you start it you can read someone's e-mail! Oh noez! When you start iChat or Adium, it logs in and you can chat with somebody! Oh noez, biggest security flaw evvah!
In other words: this is hardly news, it is what happens when you log into some service via a webpage or an application. I bet most people at macrumors.com don't log in each time they visit the site and log off when they leave. They simply keep themselves logged in because that's a lot easier. The only problem is that you can also get to your account details and change them, you can even change the password. There might be some people on macrumors.com who pulled some joke on a friend by changing their password when they could get to that persons computer. This is not new, it's a joke that's being pulled for decades. This "security issue" is that old as well
I bet most people with a smartphone or a pda haven't got a password on the device (entering a password each time you want to look at it is the most annoying thing there is, so hardly anybody uses that functionality).What have we learned at the end of the day? Don't blow things completely out of proportion as is being done right now and keep things safe by not allowing people access to your computer (either by using a password on your account and locking it (you can let the screensaver ask for your password) or by doing something else (baseball bats do help)). Or quite simply: use your brain for once!
The only flaw in the beta I've seen is it showing that you've entered a password after logging out off FaceTime while in fact the password field is empty.
Me, I want LESS security
I'm inside a DMZ, and even if I open port 80 and port 443, the ones that FaceTime seems to use, I got nothing. I see the video through the camera, but Preferences is grayed out, and I can't sign in or set it up. I'm failing to connect to connect.apple.com for the initial setup. God, I hate being inside a DMZ.
I'm inside a DMZ, and even if I open port 80 and port 443, the ones that FaceTime seems to use, I got nothing. I see the video through the camera, but Preferences is grayed out, and I can't sign in or set it up. I'm failing to connect to connect.apple.com for the initial setup. God, I hate being inside a DMZ.
Move On Nothing to see
Oh good god , I am sick of these Trolls who wave a flag and yell oh Macs big security risk !!
If you have physical access to any computer you can wreak havoc , you can extract anything you want.
Hey I just found a MASSIVE security flaw in Windows ... if I can access the physical machine I can read all that persons private emails if I open outlook !!!
HELLO it's called basic security on your physical machine ... if you dont want someone to get on it then lock it, log out etc etc
Yes I agree a bit sloppy but come on .. physical access to the machine ... is that the only flaw they can come up with
Oh good god , I am sick of these Trolls who wave a flag and yell oh Macs big security risk !!
If you have physical access to any computer you can wreak havoc , you can extract anything you want.
Hey I just found a MASSIVE security flaw in Windows ... if I can access the physical machine I can read all that persons private emails if I open outlook !!!
HELLO it's called basic security on your physical machine ... if you dont want someone to get on it then lock it, log out etc etc
Yes I agree a bit sloppy but come on .. physical access to the machine ... is that the only flaw they can come up with
Color me un-afraid.
A simple fix from Apple of requiring the input of the current password to change it is all that's required. Hardly earth shattering. This is a very simple fix and the kind of thing that crops up in a public Beta.
Should Apple have seen this before it went public? Probably. But like others have said, if a nefarious person already has access to your open user account, they most likely have more on their mind that changing your iTunes password.
Small problem, easy fix, no real security threat. I trust Apple will address this.
A simple fix from Apple of requiring the input of the current password to change it is all that's required. Hardly earth shattering. This is a very simple fix and the kind of thing that crops up in a public Beta.
Should Apple have seen this before it went public? Probably. But like others have said, if a nefarious person already has access to your open user account, they most likely have more on their mind that changing your iTunes password.
Small problem, easy fix, no real security threat. I trust Apple will address this.
In this age of rampant cybertheft, changing passwords on any secure account should require the user's reply to an email confirmation of the change before it takes effect. This is just common sense, and I'm surprised that most online businesses don't do this already. Live and learn.
Log In Difficulty
I have been trying to use FaceTime (Mac Beta) for 2 days but I can't log in. I already used all my accounts, still I can't get through. What could be the problem?
I have been trying to use FaceTime (Mac Beta) for 2 days but I can't log in. I already used all my accounts, still I can't get through. What could be the problem?
