The Consumerist (via Matt Gemmell):
Basically after you logged into your account as a Citi customer, the URL contained a code identifying your account. All you had to do was change around the numbers and boom, you were in someone else’s account.
The New York Times:
The method is seemingly simple, but the fact that the thieves knew to focus on this particular vulnerability marks the Citigroup attack as especially ingenious, security experts said.
One security expert familiar with the investigation wondered how the hackers could have known to breach security by focusing on the vulnerability in the browser. “It would have been hard to prepare for this type of vulnerability,” he said.
If this is what it sounds like, it’s absurd to call it a vulnerability in the browser, and neither ingenious nor hard to prepare for.
Breach Exploit Privacy Web
Lukas Mathis:
There still doesn’t seem to be a workable way of managing more than a few documents, and it’s still hard (or sometimes impossible) to move files from one app to another. But at least we won’t have to use iTunes to copy files to and from iOS devices anymore.
iCloud seems to do a good job of handling the most common case, and it’s certainly interesting from a developer perspective, but the scope is surprisingly limited. From the perspective of a user like me, OS-level support for Dropbox would have been preferable. I want to see the same documents in different apps and in a folder in the Mac Finder.
Also, we’ve heard a lot about the North Carolina data center, singular. The recent Amazon outage got a lot of press, and yet Amazon seems to be operating on an entirely different plane from Apple for availability and redundancy.
For some reason, Apple doesn’t want to use the word «synchronize». Gruber thinks it’s because there’s only one official data storage, the one in the cloud: «As Jobs put it on stage, iCloud’s data is “the truth”. This means no conflicts or merging.» But I don’t understand how having cloud data avoids conflicts.
This is the other elephant in the room. Calendars and contacts can sync and merge, but those are built-in apps that already had their own special support in Apple’s cloud. Apple did have a (troubled but improving) cloud syncing API in Sync Services and MobileMe, but to my knowledge there has been no official statement about whether this (or even iDisk) has a future.
iWeb, apparently, does not, and it’s not clear what will happen to MobileMe Galleries. Their predecessor, .Mac Homepage, has already been shut down. With a track record like this, I can’t see recommending an Apple service for hosting photos or Web content.
Also, double-tapping the home screen will allow you to jump directly into the camera app, similar to WP7.
It was probably one of the easiest features to implement, but my guess is that this and the volume shutter button (first seen in Camera+) will be my favorite improvements in iOS 5.
I still think webOS does the best job with its multitasking UI, and I wish Apple would just do multitasking in iOS the same way.
The iOS task switcher is unpredictable enough that I find myself going to the home screen rather than double-tapping the Home button. Since the switcher uses app icons rather than thumbnails, it doesn’t feel like a switcher, anyway—more like a DragThing dock for launching recent apps.
Update (2011-06-14): InfiniteApple says that iCloud is partially built atop Windows Azure and Amazon Cloud Services, which seems like a good idea to me.
Update (2011-06-24): Apple has posted some more information: no iDisk, no iWeb publishing, no photo gallery, and no keychain/Sync Services syncing.
Update (2011-09-05): The Register has more on iCloud, Azure, and Amazon AWS.
Datacide iCloud iOS 5 iWeb Mac Mac App MobileMe
