Thoughtful, detailed coverage of the Mac, iPhone, and iPad, plus the best-selling Take Control ebooks.

 

 

Pick an apple! 
 
Find Photos in iPhoto in the Finder

Looking for the file associated with a photo in iPhoto? In iPhoto, to view a photo's file in the Finder, Control-click it and choose Show File from the contextual menu that appears. You can then drag the file's icon into an Open dialog to upload it to a photo-sharing service, for instance, but whatever you do, don't move or rename that file!

Visit iPhoto '09: Visual QuickStart Guide

 
 

Tumblr iOS App Allows Passwords to Be Sniffed

Send Article to a Friend

If you use the iOS app for the popular microblogging and photo-sharing service Tumblr, make sure to download version 3.4.1 (or later) right away to avoid a security vulnerability that could allow an attacker to sniff your Tumblr password in transit. And, of course, change your password on Tumblr and any other sites that might share the same password!

The implication from Tumblr’s brief blog post apologizing for the lapse is that certain versions of the app were transmitting your password in the clear, such that anyone listening in on Wi-Fi traffic on a public hotspot, for instance, could see your password. Lest you feel secure in the fact that no one in the coffee shop where you’re working looks sketchy, remember that the Wi-Fi network is undoubtedly accessible from various nearby locations. Even more concerning is the fact that Wi-Fi sniffing software could be an automated process installed by Windows malware and running unnoticed on a compromised PC in the office next door.

I don’t suggest such a scenario to induce paranoia, but to illustrate why the detailed advice that Joe Kissell gives in “Take Control of Your Passwords” is so important. In this case, you have some control over whether your Tumblr password is exposed — only those using a previous version of the Tumblr app on a Wi-Fi network that was being sniffed need worry. But you have no control over whether a company’s account system is hacked, so all that protects you when that happens are strong passwords that are never reused across multiple sites.

Stay safe out there.

Check out the Take Control ebooks that expand on the topic in this article:

Password overload has driven many of us to take dangerous shortcuts. If you think ZombieCat12 is a secure password, that you can safely reuse a password, or that no one would try to steal your password…think again! Overcome password frustration with expert advice from Joe Kissell, and don't miss our Joe of Tech comic or Joe’s intro video!

 

READERS LIKE YOU! Support TidBITS by becoming a member today!
Check out the perks at <http://tidbits.com/member_benefits.html>
Special thanks to David Jenner, Sanford Fitzig, Stu Coates, and jeff
golob for their generous support!