Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Beaner

macrumors newbie
Original poster
May 15, 2007
20
0
Guys, has anyone noticed that MobileMe (http://www.me.com) is not SSL for email or contacts ? Is anyone concerned by this - I am pretty worried about my emails/contacts being accessible by man in the middle type attacks.
 

ShepUK

macrumors member
Jan 24, 2008
37
0
Guys, has anyone noticed that MobileMe (http://www.me.com) is not SSL for email or contacts ? Is anyone concerned by this - I am pretty worried about my emails/contacts being accessible by man in the middle type attacks.

Yup. Seems like a pretty major omission for a service that's specifically aimed at roaming users. Much as I'd love to switch all my "cloud" computing over to me.com, this is pretty much a deal-breaker as far as I'm concerned - guess I'll be sticking with gmail.
 

Diaresi

macrumors regular
Aug 23, 2007
242
0
Imagine how much more MobileMe would've got screwed up at launch if it was all SSL :D

I was thinking this too and I wondered if the interface was unencrypted and all the "Web 2.0" goodness was done over SSL. But alas, Safari's activity menu shows it's all done unencrypted while the account area IS encrypted.

To not give an option is quite bad, since Google do for most of their services (I can understand why they don't send everyone over SSL by default - it would kill their servers most likely).
 

cv01

macrumors member
Mar 8, 2008
80
0
This is pure madness if you are in an unprotected Wifi-spot, omg, and the number of replies here show something even worse: people don't even care... :eek::eek::eek::mad:
 

TLewis

macrumors 65816
Sep 19, 2007
1,293
120
Guys, has anyone noticed that MobileMe (http://www.me.com) is not SSL for email or contacts ? Is anyone concerned by this - I am pretty worried about my emails/contacts being accessible by man in the middle type attacks.
Bleh, I've been whining about this, here, for some time. Welcome to the club. :p

As far as I can tell, none of the web services are secure, except for the account services. However, it seems that non-web access to MobileMe can be secure. Synchronization (on the PC) appears to be secure, so that takes care of contacts and calendars (assuming, of course, that you've bought Outlook from Apple's competitor). Email access can be secure if you configure your client to use the secure mechanism:
IMAP: port 993, SSL
SMTP: port 587, TLS​
Bottom line: if you only need contacts, calendar, and email, avoid the web interfaces, and you can be OK.
 

swingerofbirch

macrumors 68040
Mail just came up with this message out of the blue around 1 PM eastern:

I don't know what to click.....
attachment.php
 

Attachments

  • Picture 1219.png
    Picture 1219.png
    53.9 KB · Views: 2,064

superfula

macrumors 6502
Mar 17, 2002
319
2
I just came here to see if anyone else was having problems. Looks like I'm not alone
 

Cadium

macrumors member
Jun 1, 2008
87
0
I'm getting the same issue, and e-mail isn't being pushed to my iPhone either.
 

danny_w

macrumors 601
Mar 8, 2005
4,462
297
Cumming, GA
Bleh, I've been whining about this, here, for some time. Welcome to the club. :p

As far as I can tell, none of the web services are secure, except for the account services. However, it seems that non-web access to MobileMe can be secure. Synchronization (on the PC) appears to be secure, so that takes care of contacts and calendars (assuming, of course, that you've bought Outlook from Apple's competitor). Email access can be secure if you configure your client to use the secure mechanism:
IMAP: port 993, SSL
SMTP: port 587, TLS​
Bottom line: if you only need contacts, calendar, and email, avoid the web interfaces, and you can be OK.
SSL isn't working for me. I have had many intermittent issues with SSL over the last few months, both at home (on 2 computers) and at work. Apple really needs to get their act together.
 

d21mike

macrumors 68040
Jul 11, 2007
3,320
356
Torrance, CA
Bleh, I've been whining about this, here, for some time. Welcome to the club. :p

As far as I can tell, none of the web services are secure, except for the account services. However, it seems that non-web access to MobileMe can be secure. Synchronization (on the PC) appears to be secure, so that takes care of contacts and calendars (assuming, of course, that you've bought Outlook from Apple's competitor). Email access can be secure if you configure your client to use the secure mechanism:
IMAP: port 993, SSL
SMTP: port 587, TLS​
Bottom line: if you only need contacts, calendar, and email, avoid the web interfaces, and you can be OK.

I did not remember setting these values in Outlook but they are set that way. Maybe it is the default for IMAP Connections. Checked my iPhone and that is the automatic settings as well.

I guess another reason to avoid the MM Web Interface (which I do anyway).
 

jc1350

macrumors 6502a
Feb 4, 2008
606
39
This is pure madness if you are in an unprotected Wifi-spot, omg, and the number of replies here show something even worse: people don't even care... :eek::eek::eek::mad:

I care. I've been playing with the trial account and can say I have had zero problems with MobileMe (none that I really noticed anyway). I signed up under .mac just 2 days before the big switch.

Anyway, this lack of SSL on the webapps really makes no sense. They enabled it with the account management part. It really bugs me that a FOR-FEE service provided by a technology company doesn't bother to offer SSL.

I have a real problem - I love the photo gallery in mobileme. It's pefect for what I do (family stuff). But, I won't pay one penny without SSL. It's just stupid.

Yet one more thing you get for free from Google et al. that you don't get by paying Apple.
 

TLewis

macrumors 65816
Sep 19, 2007
1,293
120
I have a real problem - I love the photo gallery in mobileme. It's pefect for what I do (family stuff). But, I won't pay one penny without SSL. It's just stupid.
Uh, as much as I like google, I don't think google's web albums (picasa) supports SSL, either.

Google supports SSL for some things, but not others.
 

jc1350

macrumors 6502a
Feb 4, 2008
606
39
Uh, as much as I like google, I don't think google's web albums (picasa) supports SSL, either.

Google supports SSL for some things, but not others.

For the writing of files, they should (at least the logon process). It's the logon that needs the encryption the most. With mobile me, it doesn't matter if you're logging in for mail or to upload photos...it's one unified logon that should be protected.
 

TLewis

macrumors 65816
Sep 19, 2007
1,293
120
For the writing of files, they should (at least the logon process). It's the logon that needs the encryption the most. With mobile me, it doesn't matter if you're logging in for mail or to upload photos...it's one unified logon that should be protected.
Well, the MM web logins do appear to be secure, although everything afterword seems to be unencrypted, except for the account settings. I assume that google's logins are also secure, but I don't know that for a fact (gmail and reader can be secure -- don't know about anything else).
 

jc1350

macrumors 6502a
Feb 4, 2008
606
39
Well, the MM web logins do appear to be secure, although everything afterword seems to be unencrypted, except for the account settings. I assume that google's logins are also secure, but I don't know that for a fact (gmail and reader can be secure -- don't know about anything else).

You're right...I was too stupid to notice. the logon does use ssl. Well...I'll stop my bitching now. :D Although I do wish iDisk used encryption for uploads and downloads for the non-public directories.
 

tony4d

macrumors member
Jul 10, 2008
67
1
I noticed this right away:

https://forums.macrumors.com/threads/518376/

Although, I hadn't setup mobileme with a desktop mail client yet. I just did because someone claimed imap ssl (port 993) worked. In fact, it does :D Thanks for the heads up on that.

Anyway, yea, of course login and account management is ssl. That's been web 101 for some time. None of the web apps being ssl is just dumb though. I realize google does the same thing with the gmail web interface, but that's not an excuse.

These are all consumer services, sure, but that doesn't mean I'm not just as concerned about privacy as businesses are. I don't know about you guys, but I want to know that my private data is traveling across the internet encrypted!
 

d21mike

macrumors 68040
Jul 11, 2007
3,320
356
Torrance, CA
Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 2_0_1 like Mac OS X; en-us) AppleWebKit/525.18.1 (KHTML, like Gecko) Version/3.1.1 Mobile/5B108 Safari/525.20)

jc1350 said:
Well, the MM web logins do appear to be secure, although everything afterword seems to be unencrypted, except for the account settings. I assume that google's logins are also secure, but I don't know that for a fact (gmail and reader can be secure -- don't know about anything else).

You're right...I was too stupid to notice. the logon does use ssl. Well...I'll stop my bitching now. :D Although I do wish iDisk used encryption for uploads and downloads for the non-public directories.

How about using Encrypted ZIP files for iDisk backup or shared storage?
 

TLewis

macrumors 65816
Sep 19, 2007
1,293
120
You're right...I was too stupid to notice. the logon does use ssl. Well...I'll stop my bitching now. :D Although I do wish iDisk used encryption for uploads and downloads for the non-public directories.
Well, vista can use https for idisk access, and so I assume that OS X can, too, but I don't know how.
 

TLewis

macrumors 65816
Sep 19, 2007
1,293
120
How about using Encrypted ZIP files for iDisk backup or shared storage?
Well, you can do that, but aren't encrypted zip files pretty insecure, too?

You're probably better off using truecrypt or gpg.
 

d21mike

macrumors 68040
Jul 11, 2007
3,320
356
Torrance, CA
Well, you can do that, but aren't encrypted zip files pretty insecure, too?

You're probably better off using truecrypt or gpg.

Not if you use the STRONG AES Encrypted ZIP Files. New for PKZIP and WinZip for the last 3-5 years (not sure exactly when it came out. The older encryption (which is what I think you are talking about) was not that strong.

However, when I wrote that I was't thinking that you can use SSL for iDisk. At least I can on Windows Network Drive. I am on Vista. So if you have no need to make the files smaller you can just use SSL.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.