TipAdept Dot Com

The latest iPhone embarrassment is a security hole that makes it simple to access stored data on supposedly locked iPhones. Apple said Thursday that a software patch to solve the problem is in the works.

An unauthorized user can exploit the security hole simply by double-pressing the button to make an emergency call. That behavior brings up the owner's preferred contacts and clicking on a number provides full access to the phone's features. Clicking on an e-mail provides access to all e-mail. And clicking on a contact name provides full access to all contacts data.

Apple spokesperson Jennifer Bowcock said, "The minor iPhone security issue which surfaced this week is fixed in a software update which will be released in September."

There is a simple workaround, Bowcock said: iPhone owners can simply change the settings so double-clicking the emergency button returns a user to the home screen, which will present a password login field if password protection is turned on.

'Design Deficiency'

While an attacker must be in physical possession of the iPhone to exploit the security bug, it "highlights a fundamental design deficiency with the iPhone," said Andrew Storms, director of security operations with nCircle Network Security.

"Despite Steve Jobs from day one saying the iPhone was secure, functionality and aesthetics of the device seem to always win out over security," Storms said. A case in point, Storms said, "Apple quickly released updates to fix 3G connectivity issues this year, but consistently takes many months to release security updates."

This particular security hole -- a simple bypass of access restrictions -- was created by Apple's preference for functionality over security, he added. "Even when a user chooses to physically secure the device with a four-digit passcode, Apple has chosen to still permit the user to use some functionality," Storms said. "By selecting to perform...

Yahoo plans to smash Mash, just one year after launching the new profile service. Yahoo describes Mash as a new approach to users' profiles that brings people together and keeps things interesting.

Mash users are being told that Mash will close on Sept. 29. The company plans to consolidate what it has learned with Mash into a new profile experience.

"We launched Mash as an experimental profile service with the goal of providing an interactive and social way of connecting with others," said Yahoo spokesperson Devon Corvasce. "Yahoo has announced we will soon be launching a new profile experience (an upgrade to profiles.yahoo.com) to work across the network, in the effort to make all of Yahoo more social."

Asked when the new service would launch, Corvasce said, "At this time, we are not publicly discussing the launch date of the new profile experience. You can look forward to seeing it in coming months."

Testing the Social Waters

Yahoo first began testing the Mash service is September 2007, making its foray into social networking. Yahoo offered the service to selected people outside of Yahoo's walls. Some observers speculated Yahoo offered the beta service after its expected purchase of Facebook failed.

Mash includes similar features to Facebook, MySpace, and My Yahoo. Mash users are able to create and customize a profile by filling Web pages with information, add modules such as photos and Web games, and add applications such as Flickr RSS, Common Friends, Asteroids, PimpMyPet, Kaleidescope and more. Friends are also able to make changes to the user's page.

The intent was to extend features of the experimental Mash into other Yahoo services, according to the company. Yahoo also hinted about adding social-networking functions to its e-mail service.

A Yahoo community manager said earlier this year that users' dedication to mashing had helped the community...

Having banned from its App Store an application that turned an iPhone 3G into a wireless modem, is Apple ready to enable just such an application itself?

That's the rumor based on an e-mail response allegedly from Apple CEO Steve Jobs to an inquiring user. The questioner forwarded the response to the Gizmodo blog, which posted the question and Jobs' purported response.

The question: Why, since AT&T offers a plan by which users can pay an extra $30 to tether their laptops to their BlackBerry, don't Apple and AT&T offer a similar plan for iPhone 3G users?

The response: "We agree, and are discussing it with ATT." The message is signed "Steve" and includes the familiar tag, "Sent from my iPhone."

E-Mail Legit?

Gizmodo thinks the response is "legitimate-looking," but concedes "that 'Sent from my iPhone' kicker either makes this e-mail completely legitimate or illegitimate." On the other hand, Wired News engaged in a little grammatical sleuthing, noting that a message, purportedly from Jobs, posted on the MacRumors site contained a similar construction.

"We are working on some bugs which affect around two percent of the iPhones shipped, and hope to have a software update soon," the message read. Wired points out that both messages incorrectly use a comma before the "and." (A comma is appropriate to separate independent clauses; in both cases the phrases after the comma are dependent clauses.)

"I don't mean to draw a conclusion based on this nitpicky observation, but I just thought it'd be interesting to point out," Wired writer Brian Chen pointed out.

AT&T Terms of Service

Any tethering application would require a change to AT&T's terms of service. Those terms state: "Furthermore, plans (unless specifically designated for tethering usage) cannot be used for any applications that tether the device (through use of, including without limitation, connection kits, other phone/PDA-to-computer...