Tapping the IPhone, Courtesy of Yahoo! 27
tdalek writes "You may remember the recent Slashdot article about Yahoo! Zimbra Desktop exposing authentication information. It turns out that more Yahoo! applications are affected, although to a lesser degree. With Yahoo!'s desktop program, it transmitted the usernames and passwords in plaintext. Yahoo! is one of the lucky few default e-mail providers on the iPhone; sadly it looks like Apple didn't insist on encryption from Yahoo! On the iPhone, authentication is encrypted, but you can see all the messages sent and received in plaintext. Incoming messages are downloaded in plaintext over the standard imap port. Outgoing mail is a bit harder to find, it is apparently sent by an HTTP post request wrapped up inside a bundle of XML, but security through obscurity isn't very effective. If you have Yahoo! mail on your iPhone (and since its one of the default accounts, I'm assuming quite a few do), now would be a good time to forward it elsewhere for the time being."
Re:A little editing here ... (Score:3, Funny)
It's an interesting article, but couldn't /. help the guy out with the text?
It turns out that more that other Slashdot editors busy other things.
Re:Internet standards! (Score:5, Funny)
Wow, someone actually uses an internet standard email solution and everyone complains...This state of affairs is incredible! I mean.. what is the world coming to? Excuse me while I slit my wrists.
You're right, they're clearly overreacting.