One of the things that new devices seem to inevitably do is reinvent security holes that were extinct everywhere else years ago. Someone recently pointed out that the iPhone allows URL-bar and security-UI spoofing from circa 1996, including spoofing of EV-status UI:
http://blogs.sans.org/appsecstreetfighter/2010/11/29/ui-spoofing-safari-iphone/ Apparently Apple "are aware of the implications but do not know when and how they will address the issue". Peter. _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
