Go Back   MacRumors Forums > Apple Systems and Services > iCloud and Apple Services

Reply
 
Thread Tools Search this Thread Display Modes
Old Jul 14, 2008, 01:51 AM   #1
Beaner
macrumors newbie
 
Join Date: May 2007
MobileMe No SSL

Guys, has anyone noticed that MobileMe (www.me.com) is not SSL for email or contacts ? Is anyone concerned by this - I am pretty worried about my emails/contacts being accessible by man in the middle type attacks.
Beaner is offline   0 Reply With Quote
Old Jul 14, 2008, 05:11 AM   #2
ShepUK
macrumors member
 
Join Date: Jan 2008
Quote:
Originally Posted by Beaner View Post
Guys, has anyone noticed that MobileMe (www.me.com) is not SSL for email or contacts ? Is anyone concerned by this - I am pretty worried about my emails/contacts being accessible by man in the middle type attacks.
Yup. Seems like a pretty major omission for a service that's specifically aimed at roaming users. Much as I'd love to switch all my "cloud" computing over to me.com, this is pretty much a deal-breaker as far as I'm concerned - guess I'll be sticking with gmail.
ShepUK is offline   0 Reply With Quote
Old Jul 14, 2008, 06:24 AM   #3
Diaresi
Registered User
 
Join Date: Aug 2007
Imagine how much more MobileMe would've got screwed up at launch if it was all SSL

I was thinking this too and I wondered if the interface was unencrypted and all the "Web 2.0" goodness was done over SSL. But alas, Safari's activity menu shows it's all done unencrypted while the account area IS encrypted.

To not give an option is quite bad, since Google do for most of their services (I can understand why they don't send everyone over SSL by default - it would kill their servers most likely).
Diaresi is offline   0 Reply With Quote
Old Aug 8, 2008, 11:37 AM   #4
cv01
macrumors member
 
Join Date: Mar 2008
This is pure madness if you are in an unprotected Wifi-spot, omg, and the number of replies here show something even worse: people don't even care...
cv01 is offline   0 Reply With Quote
Old Aug 8, 2008, 12:56 PM   #5
TLewis
macrumors 65816
 
Join Date: Sep 2007
Location: left coast, US
Quote:
Originally Posted by Beaner View Post
Guys, has anyone noticed that MobileMe (www.me.com) is not SSL for email or contacts ? Is anyone concerned by this - I am pretty worried about my emails/contacts being accessible by man in the middle type attacks.
Bleh, I've been whining about this, here, for some time. Welcome to the club.

As far as I can tell, none of the web services are secure, except for the account services. However, it seems that non-web access to MobileMe can be secure. Synchronization (on the PC) appears to be secure, so that takes care of contacts and calendars (assuming, of course, that you've bought Outlook from Apple's competitor). Email access can be secure if you configure your client to use the secure mechanism:
IMAP: port 993, SSL
SMTP: port 587, TLS
Bottom line: if you only need contacts, calendar, and email, avoid the web interfaces, and you can be OK.

Last edited by TLewis; Aug 8, 2008 at 01:55 PM.
TLewis is offline   0 Reply With Quote
Old Aug 8, 2008, 01:00 PM   #6
swingerofbirch
macrumors 68030
 
Join Date: Oct 2003
Location: The Amalgamated States of Central North America
Mail just came up with this message out of the blue around 1 PM eastern:

I don't know what to click.....
Attached Thumbnails
Click image for larger version

Name:	Picture 1219.png
Views:	1837
Size:	53.9 KB
ID:	129033  
swingerofbirch is offline   0 Reply With Quote
Old Aug 8, 2008, 01:02 PM   #7
tubechallenger
macrumors newbie
 
Join Date: Oct 2007
Location: Bournemouth
Send a message via MSN to tubechallenger
I just got that, clicked Continue and nothing happened ... haven't been able to connect to email for about 15 minutes now.
__________________
iMac (mid 2007) 20" C2D 2.4GHz, 15" MacBook Pro (mid 2009) 2.66GHz 4GB, 13" MacBook Pro (mid 2009) refurb 2.26GHz 4GB, iPhone 3GS 16GB on Vodafone UK
tubechallenger is offline   0 Reply With Quote
Old Aug 8, 2008, 01:08 PM   #8
superfula
macrumors 6502
 
Join Date: Mar 2002
I just came here to see if anyone else was having problems. Looks like I'm not alone
superfula is offline   0 Reply With Quote
Old Aug 8, 2008, 01:10 PM   #9
Cadium
macrumors member
 
Join Date: Jun 2008
I'm getting the same issue, and e-mail isn't being pushed to my iPhone either.
__________________
[font="Tahoma"][size=1]MacBook Pro (Late 2008): 2.4 GHz CPU / 2 GB DDR3 RAM / 250 GB HD / NVIDIA GeForce 9400M + 9600M GT (256MB)
Cadium is offline   0 Reply With Quote
Old Aug 8, 2008, 01:11 PM   #10
danny_w
macrumors 601
 
Join Date: Mar 2005
Location: Austin, TX
Quote:
Originally Posted by TLewis View Post
Bleh, I've been whining about this, here, for some time. Welcome to the club.

As far as I can tell, none of the web services are secure, except for the account services. However, it seems that non-web access to MobileMe can be secure. Synchronization (on the PC) appears to be secure, so that takes care of contacts and calendars (assuming, of course, that you've bought Outlook from Apple's competitor). Email access can be secure if you configure your client to use the secure mechanism:
IMAP: port 993, SSL
SMTP: port 587, TLS
Bottom line: if you only need contacts, calendar, and email, avoid the web interfaces, and you can be OK.
SSL isn't working for me. I have had many intermittent issues with SSL over the last few months, both at home (on 2 computers) and at work. Apple really needs to get their act together.
__________________
2012 Mac Mini i7 2.3 GHz Samsung 840 ssd 10.8.5, LG G2 KitKat & iPhone 4 (T-Mobile) 6.1, TV2 (2), iPad2 16GB, iPad Air 16GB
danny_w is online now   0 Reply With Quote
Old Aug 8, 2008, 01:11 PM   #11
swingerofbirch
macrumors 68030
 
Join Date: Oct 2003
Location: The Amalgamated States of Central North America
MobileMe Status hasn't been updated but you can always find the latest on these issues at http://leblogdufailure.blogspot.com
swingerofbirch is offline   0 Reply With Quote
Old Aug 8, 2008, 01:32 PM   #12
d21mike
macrumors 68020
 
d21mike's Avatar
 
Join Date: Jul 2007
Location: Torrance, CA
Quote:
Originally Posted by TLewis View Post
Bleh, I've been whining about this, here, for some time. Welcome to the club.

As far as I can tell, none of the web services are secure, except for the account services. However, it seems that non-web access to MobileMe can be secure. Synchronization (on the PC) appears to be secure, so that takes care of contacts and calendars (assuming, of course, that you've bought Outlook from Apple's competitor). Email access can be secure if you configure your client to use the secure mechanism:
IMAP: port 993, SSL
SMTP: port 587, TLS
Bottom line: if you only need contacts, calendar, and email, avoid the web interfaces, and you can be OK.
I did not remember setting these values in Outlook but they are set that way. Maybe it is the default for IMAP Connections. Checked my iPhone and that is the automatic settings as well.

I guess another reason to avoid the MM Web Interface (which I do anyway).
__________________
Mike
d21mike is online now   0 Reply With Quote
Old Aug 8, 2008, 02:11 PM   #13
petvas
macrumors 68040
 
petvas's Avatar
 
Join Date: Jul 2006
Location: Mannheim, Germany
Send a message via AIM to petvas
Push email on my iPhone works, as does the MobileMe Website.
Mail.app can't connect to mail server...
__________________
petvas is offline   0 Reply With Quote
Old Aug 8, 2008, 02:21 PM   #14
petvas
macrumors 68040
 
petvas's Avatar
 
Join Date: Jul 2006
Location: Mannheim, Germany
Send a message via AIM to petvas
UPDATE: It seems to be working now
__________________
petvas is offline   0 Reply With Quote
Old Aug 8, 2008, 02:30 PM   #15
jc1350
macrumors 6502a
 
Join Date: Feb 2008
Quote:
Originally Posted by cv01 View Post
This is pure madness if you are in an unprotected Wifi-spot, omg, and the number of replies here show something even worse: people don't even care...
I care. I've been playing with the trial account and can say I have had zero problems with MobileMe (none that I really noticed anyway). I signed up under .mac just 2 days before the big switch.

Anyway, this lack of SSL on the webapps really makes no sense. They enabled it with the account management part. It really bugs me that a FOR-FEE service provided by a technology company doesn't bother to offer SSL.

I have a real problem - I love the photo gallery in mobileme. It's pefect for what I do (family stuff). But, I won't pay one penny without SSL. It's just stupid.

Yet one more thing you get for free from Google et al. that you don't get by paying Apple.
jc1350 is offline   0 Reply With Quote
Old Aug 8, 2008, 02:46 PM   #16
TLewis
macrumors 65816
 
Join Date: Sep 2007
Location: left coast, US
Quote:
Originally Posted by jc1350 View Post
I have a real problem - I love the photo gallery in mobileme. It's pefect for what I do (family stuff). But, I won't pay one penny without SSL. It's just stupid.
Uh, as much as I like google, I don't think google's web albums (picasa) supports SSL, either.

Google supports SSL for some things, but not others.
TLewis is offline   0 Reply With Quote
Old Aug 8, 2008, 02:55 PM   #17
jc1350
macrumors 6502a
 
Join Date: Feb 2008
Quote:
Originally Posted by TLewis View Post
Uh, as much as I like google, I don't think google's web albums (picasa) supports SSL, either.

Google supports SSL for some things, but not others.
For the writing of files, they should (at least the logon process). It's the logon that needs the encryption the most. With mobile me, it doesn't matter if you're logging in for mail or to upload photos...it's one unified logon that should be protected.
jc1350 is offline   0 Reply With Quote
Old Aug 8, 2008, 03:08 PM   #18
psywzrd
macrumors 68030
 
Join Date: Feb 2008
Has anyone mentioned this to them via the support chat?
psywzrd is offline   0 Reply With Quote
Old Aug 8, 2008, 03:09 PM   #19
TLewis
macrumors 65816
 
Join Date: Sep 2007
Location: left coast, US
Quote:
Originally Posted by jc1350 View Post
For the writing of files, they should (at least the logon process). It's the logon that needs the encryption the most. With mobile me, it doesn't matter if you're logging in for mail or to upload photos...it's one unified logon that should be protected.
Well, the MM web logins do appear to be secure, although everything afterword seems to be unencrypted, except for the account settings. I assume that google's logins are also secure, but I don't know that for a fact (gmail and reader can be secure -- don't know about anything else).
TLewis is offline   0 Reply With Quote
Old Aug 8, 2008, 04:25 PM   #20
jc1350
macrumors 6502a
 
Join Date: Feb 2008
Quote:
Originally Posted by TLewis View Post
Well, the MM web logins do appear to be secure, although everything afterword seems to be unencrypted, except for the account settings. I assume that google's logins are also secure, but I don't know that for a fact (gmail and reader can be secure -- don't know about anything else).
You're right...I was too stupid to notice. the logon does use ssl. Well...I'll stop my bitching now. Although I do wish iDisk used encryption for uploads and downloads for the non-public directories.
jc1350 is offline   0 Reply With Quote
Old Aug 8, 2008, 06:01 PM   #21
tony4d
macrumors member
 
Join Date: Jul 2008
I noticed this right away:

http://forums.macrumors.com/showthread.php?t=518376

Although, I hadn't setup mobileme with a desktop mail client yet. I just did because someone claimed imap ssl (port 993) worked. In fact, it does Thanks for the heads up on that.

Anyway, yea, of course login and account management is ssl. That's been web 101 for some time. None of the web apps being ssl is just dumb though. I realize google does the same thing with the gmail web interface, but that's not an excuse.

These are all consumer services, sure, but that doesn't mean I'm not just as concerned about privacy as businesses are. I don't know about you guys, but I want to know that my private data is traveling across the internet encrypted!
tony4d is offline   0 Reply With Quote
Old Aug 8, 2008, 06:24 PM   #22
d21mike
macrumors 68020
 
d21mike's Avatar
 
Join Date: Jul 2007
Location: Torrance, CA
Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 2_0_1 like Mac OS X; en-us) AppleWebKit/525.18.1 (KHTML, like Gecko) Version/3.1.1 Mobile/5B108 Safari/525.20)

Quote:
Originally Posted by jc1350
Quote:
Originally Posted by TLewis View Post
Well, the MM web logins do appear to be secure, although everything afterword seems to be unencrypted, except for the account settings. I assume that google's logins are also secure, but I don't know that for a fact (gmail and reader can be secure -- don't know about anything else).
You're right...I was too stupid to notice. the logon does use ssl. Well...I'll stop my bitching now. Although I do wish iDisk used encryption for uploads and downloads for the non-public directories.
How about using Encrypted ZIP files for iDisk backup or shared storage?
__________________
Mike
d21mike is online now   0 Reply With Quote
Old Aug 8, 2008, 07:40 PM   #23
TLewis
macrumors 65816
 
Join Date: Sep 2007
Location: left coast, US
Quote:
Originally Posted by jc1350 View Post
You're right...I was too stupid to notice. the logon does use ssl. Well...I'll stop my bitching now. Although I do wish iDisk used encryption for uploads and downloads for the non-public directories.
Well, vista can use https for idisk access, and so I assume that OS X can, too, but I don't know how.
TLewis is offline   0 Reply With Quote
Old Aug 8, 2008, 07:45 PM   #24
TLewis
macrumors 65816
 
Join Date: Sep 2007
Location: left coast, US
Quote:
Originally Posted by d21mike View Post
How about using Encrypted ZIP files for iDisk backup or shared storage?
Well, you can do that, but aren't encrypted zip files pretty insecure, too?

You're probably better off using truecrypt or gpg.
TLewis is offline   0 Reply With Quote
Old Aug 8, 2008, 10:51 PM   #25
d21mike
macrumors 68020
 
d21mike's Avatar
 
Join Date: Jul 2007
Location: Torrance, CA
Quote:
Originally Posted by TLewis View Post
Well, you can do that, but aren't encrypted zip files pretty insecure, too?

You're probably better off using truecrypt or gpg.
Not if you use the STRONG AES Encrypted ZIP Files. New for PKZIP and WinZip for the last 3-5 years (not sure exactly when it came out. The older encryption (which is what I think you are talking about) was not that strong.

However, when I wrote that I was't thinking that you can use SSL for iDisk. At least I can on Windows Network Drive. I am on Vista. So if you have no need to make the files smaller you can just use SSL.
__________________
Mike
d21mike is online now   0 Reply With Quote

Reply
MacRumors Forums > Apple Systems and Services > iCloud and Apple Services

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
No SSL/TLS login? pocketpenguin Site and Forum Feedback 10 Sep 15, 2014 06:05 PM
Check SSL myself? ArtOfWarfare iPhone/iPad Programming 2 May 22, 2014 04:52 AM
SSL Certificates Raj15 iPhone and iPod touch Apps 0 Feb 5, 2014 12:26 PM
SSL on mail Samtb iPhone and iPod touch Apps 0 Mar 1, 2013 05:28 PM

Forum Jump

All times are GMT -5. The time now is 06:43 PM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC