Prvi veliki problem zadesio je mikroblogersku društvenu mrežu Tumblr otkad ga je ove godine kupio Yahoo! za nevjerojatnih 1,1 milijardu dolara. Tumblr je zbog ‘sigurnosne pogreške’ od korisnika svoje aplikacije za iPhone i iPad zatražio da promijene lozinku i ‘skinu’ novu verziju aplikacije, piše Business Insider.
Ova vijest stigla je sa službenog bloga Tumblra u kojem je veoma šturo napisano što korisnici moraju napraviti kako bi se zaštitili iako nije ponuđeno nikakvo objašnjenje zašto je uopće došlo do ovog sigurnosnog propusta.
Ovu pogrešku navodno je slučajno otkrio jedan čitatelj The Registera koji je testirao popularne aplikacije koristeći wifi mrežu tvrtke.
The flaw was reportedly discovered by a reader of The Register, who had been asked to screen apps for his corporate employer. The unnamed employee tested popular apps on the company’s wifi network, and found that password logins were being transmitted in a plain-text, non-encrypted way — and therefore were entirely visible to anyone clever enough who wanted to see them.
The Register claims Tumblr was slow to resolve the problem:
Our source only came to El Reg with the issue after failing to get it resolved by simply reporting it to Tumblr’s support team.
Here’s a screengrab of the flaw in action.
Below, the full text of Tumblr’s warning to its users:
Important security update for iPhone/iPad users
We have just released a very important security update for our iPhone and iPad apps addressing an issue that allowed passwords to be compromised in certain circumstances¹. Please download the update now.
If you’ve been using these apps, you should also update your password on Tumblr and anywhere else you may have been using the same password. It’s also good practice to use different passwords across different services by using an app like 1Password or LastPass.
Please know that we take your security very seriously and are tremendously sorry for this lapse and inconvenience.
