MobileMe No SSL

Discussion in 'Apple Music, Apple Pay, iCloud, Apple Services' started by Beaner, Jul 13, 2008.

  1. macrumors newbie

    Joined:
    May 15, 2007
    #1
    Guys, has anyone noticed that MobileMe (www.me.com) is not SSL for email or contacts ? Is anyone concerned by this - I am pretty worried about my emails/contacts being accessible by man in the middle type attacks.
     
  2. macrumors member

    Joined:
    Jan 24, 2008
    #2
    Yup. Seems like a pretty major omission for a service that's specifically aimed at roaming users. Much as I'd love to switch all my "cloud" computing over to me.com, this is pretty much a deal-breaker as far as I'm concerned - guess I'll be sticking with gmail.
     
  3. macrumors regular

    Joined:
    Aug 23, 2007
    #3
    Imagine how much more MobileMe would've got screwed up at launch if it was all SSL :D

    I was thinking this too and I wondered if the interface was unencrypted and all the "Web 2.0" goodness was done over SSL. But alas, Safari's activity menu shows it's all done unencrypted while the account area IS encrypted.

    To not give an option is quite bad, since Google do for most of their services (I can understand why they don't send everyone over SSL by default - it would kill their servers most likely).
     
  4. macrumors member

    Joined:
    Mar 8, 2008
    #4
    This is pure madness if you are in an unprotected Wifi-spot, omg, and the number of replies here show something even worse: people don't even care... :eek::eek::eek::mad:
     
  5. macrumors 65816

    Joined:
    Sep 19, 2007
    Location:
    left coast, US
    #5
    Bleh, I've been whining about this, here, for some time. Welcome to the club. :p

    As far as I can tell, none of the web services are secure, except for the account services. However, it seems that non-web access to MobileMe can be secure. Synchronization (on the PC) appears to be secure, so that takes care of contacts and calendars (assuming, of course, that you've bought Outlook from Apple's competitor). Email access can be secure if you configure your client to use the secure mechanism:
    IMAP: port 993, SSL
    SMTP: port 587, TLS​
    Bottom line: if you only need contacts, calendar, and email, avoid the web interfaces, and you can be OK.
     
  6. macrumors 68030

    Joined:
    Oct 24, 2003
    Location:
    The Amalgamated States of Central North America
    #6
    Mail just came up with this message out of the blue around 1 PM eastern:

    I don't know what to click.....
    [​IMG]
     

    Attached Files:

  7. macrumors newbie

    Joined:
    Oct 5, 2007
    Location:
    Bournemouth
    #7
    I just got that, clicked Continue and nothing happened ... haven't been able to connect to email for about 15 minutes now.
     
  8. macrumors 6502

    Joined:
    Mar 17, 2002
    #8
    I just came here to see if anyone else was having problems. Looks like I'm not alone
     
  9. macrumors member

    Joined:
    Jun 1, 2008
    #9
    I'm getting the same issue, and e-mail isn't being pushed to my iPhone either.
     
  10. macrumors 601

    Joined:
    Mar 8, 2005
    Location:
    Austin, TX
    #10
    SSL isn't working for me. I have had many intermittent issues with SSL over the last few months, both at home (on 2 computers) and at work. Apple really needs to get their act together.
     
  11. macrumors 68030

    Joined:
    Oct 24, 2003
    Location:
    The Amalgamated States of Central North America
    #11
  12. macrumors 68020

    d21mike

    Joined:
    Jul 11, 2007
    Location:
    Torrance, CA
    #12
    I did not remember setting these values in Outlook but they are set that way. Maybe it is the default for IMAP Connections. Checked my iPhone and that is the automatic settings as well.

    I guess another reason to avoid the MM Web Interface (which I do anyway).
     
  13. macrumors 601

    petvas

    Joined:
    Jul 20, 2006
    Location:
    Mannheim, Germany
    #13
    Push email on my iPhone works, as does the MobileMe Website.
    Mail.app can't connect to mail server...
     
  14. macrumors 601

    petvas

    Joined:
    Jul 20, 2006
    Location:
    Mannheim, Germany
  15. macrumors 6502a

    Joined:
    Feb 4, 2008
    #15
    I care. I've been playing with the trial account and can say I have had zero problems with MobileMe (none that I really noticed anyway). I signed up under .mac just 2 days before the big switch.

    Anyway, this lack of SSL on the webapps really makes no sense. They enabled it with the account management part. It really bugs me that a FOR-FEE service provided by a technology company doesn't bother to offer SSL.

    I have a real problem - I love the photo gallery in mobileme. It's pefect for what I do (family stuff). But, I won't pay one penny without SSL. It's just stupid.

    Yet one more thing you get for free from Google et al. that you don't get by paying Apple.
     
  16. macrumors 65816

    Joined:
    Sep 19, 2007
    Location:
    left coast, US
    #16
    Uh, as much as I like google, I don't think google's web albums (picasa) supports SSL, either.

    Google supports SSL for some things, but not others.
     
  17. macrumors 6502a

    Joined:
    Feb 4, 2008
    #17
    For the writing of files, they should (at least the logon process). It's the logon that needs the encryption the most. With mobile me, it doesn't matter if you're logging in for mail or to upload photos...it's one unified logon that should be protected.
     
  18. macrumors 68030

    Joined:
    Feb 6, 2008
    #18
    Has anyone mentioned this to them via the support chat?
     
  19. macrumors 65816

    Joined:
    Sep 19, 2007
    Location:
    left coast, US
    #19
    Well, the MM web logins do appear to be secure, although everything afterword seems to be unencrypted, except for the account settings. I assume that google's logins are also secure, but I don't know that for a fact (gmail and reader can be secure -- don't know about anything else).
     
  20. macrumors 6502a

    Joined:
    Feb 4, 2008
    #20
    You're right...I was too stupid to notice. the logon does use ssl. Well...I'll stop my bitching now. :D Although I do wish iDisk used encryption for uploads and downloads for the non-public directories.
     
  21. macrumors member

    Joined:
    Jul 10, 2008
    #21
    I noticed this right away:

    http://forums.macrumors.com/showthread.php?t=518376

    Although, I hadn't setup mobileme with a desktop mail client yet. I just did because someone claimed imap ssl (port 993) worked. In fact, it does :D Thanks for the heads up on that.

    Anyway, yea, of course login and account management is ssl. That's been web 101 for some time. None of the web apps being ssl is just dumb though. I realize google does the same thing with the gmail web interface, but that's not an excuse.

    These are all consumer services, sure, but that doesn't mean I'm not just as concerned about privacy as businesses are. I don't know about you guys, but I want to know that my private data is traveling across the internet encrypted!
     
  22. macrumors 68020

    d21mike

    Joined:
    Jul 11, 2007
    Location:
    Torrance, CA
    #22
    Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU iPhone OS 2_0_1 like Mac OS X; en-us) AppleWebKit/525.18.1 (KHTML, like Gecko) Version/3.1.1 Mobile/5B108 Safari/525.20)

    How about using Encrypted ZIP files for iDisk backup or shared storage?
     
  23. macrumors 65816

    Joined:
    Sep 19, 2007
    Location:
    left coast, US
    #23
    Well, vista can use https for idisk access, and so I assume that OS X can, too, but I don't know how.
     
  24. macrumors 65816

    Joined:
    Sep 19, 2007
    Location:
    left coast, US
    #24
    Well, you can do that, but aren't encrypted zip files pretty insecure, too?

    You're probably better off using truecrypt or gpg.
     
  25. macrumors 68020

    d21mike

    Joined:
    Jul 11, 2007
    Location:
    Torrance, CA
    #25
    Not if you use the STRONG AES Encrypted ZIP Files. New for PKZIP and WinZip for the last 3-5 years (not sure exactly when it came out. The older encryption (which is what I think you are talking about) was not that strong.

    However, when I wrote that I was't thinking that you can use SSL for iDisk. At least I can on Windows Network Drive. I am on Vista. So if you have no need to make the files smaller you can just use SSL.
     

Share This Page