April 30, 2008
We’re glad to report that the the corrected production version of iSkoot for Symbian S60 v3 is now available for download here. Because this is a critical security release, we will also be releasing a forced upgrade for current users around midnight tonight, California time.
Thanks again to everyone who helped us to identify and resolve the issue quickly!
Edit: Particular thanks go out to Phone Boy, as well as Andy Abramson, Dan York, Jonathan MacDonald, and Jim Courtney — who not only helped us to identify the issue but also kept the online community up-to-date on our efforts to resolve it.
The blog community is an amazing resource — particularly for new companies like us, where the participation and feedback of our users is fundamental to our success. Enabling real-time communication with in-the-know users like Phone Boy, the blogosphere served as a truly invaluable advocate during a critical security breach. We are incredibly grateful for the support, and warmly welcome continued feedback.
Posted in: Releases | 4 Comments
Tags: forced upgrade, security update
April 28, 2008
When The Phoneboy Blog reported over the weekend that iSkoot appeared to be transmitting unencrypted Skype credentials in the clear, we were surprised, because every production version of our iSkoot client uses SSL encryption to safeguard user data.
However, we take very seriously any potential security concern, and as it turns out we owe Phoneboy our gratitude. A recent build allowed a development/pre-production version of the Symbian client to be downloaded in place of our production version, which did indeed produce the issue Phoneboy reported. We have checked our other platforms (Blackberry, J2ME, Windows Mobile, etc.) and fortunately this issue impacted only Symbian devices. We’ve pulled the development/pre-production build and fixed the bug and will be doing a forced upgrade to every Symbian user no later than Wednesday (4/30).
We wish to express our sincere thanks to Phoneboy for identifying the issue. As he notes, “there’s absolutely no excuse for not encrypting the information with SSL” - we completely agree, which is why we use SSL encryption on every production build.
-Mark Jacobstein
CEO, iSkoot
Posted in: Releases | 4 Comments
Tags: forced upgrade, Phoneboy, security update
