By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
Ask the Expert
Do you have an application security question for Michael Cobb? Submit it now via email! (All questions are anonymous.)
In reality, it's a question of control. A user chooses whether to visit a particular webpage, but he or she has no control over who can send them an email. Though spam filters can be configured to block certain types of email content or email from particular addresses, some malicious or spam emails will inevitably get through. Websites that have digital certificates can be verified as genuine, and browser settings and plug-ins such as NoScript can control which scripts on webpages are allowed to run. But with email, it's easy for an attacker to spoof the sender details in the address field, meaning that unwanted and unrequested content can easily appear in an email client. Therefore, by default email has to be sanitized as much as possible, with the user being given the option of displaying additional -- and potentially dangerous -- content if they want to.
While the Mailbox app is not malicious and its behavior doesn't violate any of the App Store rules, its poor design could have easily been used by an attacker, particularly for delivering potent spear-phishing emails. While the data that could be stolen would be limited by the iOS sandbox, an email app has access to a lot of potentially valuable information. On a jailbroken device, the damage would be much worse.
Dig Deeper on Web Application Security
Related Q&A from Michael Cobb
An old Java vulnerability was discovered to have been ineffectually patched. Expert Michael Cobb explains how this happened and what can be done to ...continue reading
Google's Certificate Transparency tool publicly logs certificates issued by CAs. Expert Michael Cobb explains how the log viewer works to improve ...continue reading
Crowning the most secure web browser is difficult, with research often turning up biased results. Expert Michael Cobb explains how to make a choice ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.