Security threat on mobile me?

Discussion in 'Apple Music, Apple Pay, iCloud, Apple Services' started by chameleon81, Aug 22, 2008.

  1. chameleon81 macrumors 6502

    Joined:
    May 16, 2006
    #1
    This is what I read today... I dont have knowledge about computer security but this is what was claimed :


    "
    Apple does not encrypt data
    that users send from browsers through MobileMe. The lack of SSL
    (Secure Sockets Layer) or any other form of encryption means that if a
    MobileMe user is connected to the Internet via a Wi-Fi hotspot,
    someone else connected to the same hotspot could relatively easily see
    all the data that the MobileMe user sends. "


    Full post :http://groups.google.com/group/n3td3v/browse_thread/thread/0bcb900f2dc5271f
     
  2. Darwin macrumors 65816

    Darwin

    Joined:
    Jun 2, 2003
    Location:
    round the corner
    #2
    Sadly this appears to be the case.

    The Lack of SSL for a paid service holding information of value is certainly troublesome. I'm wondering if there is a good reason for the feature to be left out. I can't recall if even DotMac had full SSL capabilities.

    Is it the hosting with Akamai servers which gives them pause? Since you need to have a Domain and IP matched together to have a SSL certificate and Akamai have quite a few of those.

    Would that be the reason, I'm curious.
     
  3. chameleon81 thread starter macrumors 6502

    Joined:
    May 16, 2006
    #3
    I believe that you can have a pool of IP addresses? ( my logic makes me believe, still no knowledge :) )
     
  4. Marie123456 macrumors newbie

    Joined:
    Jul 8, 2008
    #4
    I just started using Mobile Me. Does this mean that you shouldn't have it set to automatically update in case you are in a hot spot?
     
  5. Daveoc64 macrumors 601

    Joined:
    Jan 16, 2008
    Location:
    Bristol, UK
    #5
    I read on AppleInsider (although I must say that the article was very biased towards Apple so I don't know how credible this is) that the way the site is designed SSL isn't needed for security as there's enough security in the AJAX that the site uses.
     
  6. RevK macrumors member

    Joined:
    Apr 26, 2004
    #6
    It is worth noting that MobileMe LOGIN is encrypted using SSL. (https://auth.apple.com).

    The only information that theoretically could be compromised is calendar, email, account settings, contacts.
     
  7. Darwin macrumors 65816

    Darwin

    Joined:
    Jun 2, 2003
    Location:
    round the corner
    #7
    From what I've read it appears that it's only access to the Web applications at me.com which do not provide encryption. All the sync services from Mac, PC and iPhones are encrypted so you shouldn't have any worries there.

    Just don't check your e-mail from the web browser.
     
  8. jc1350 macrumors 6502a

    Joined:
    Feb 4, 2008
    #8
    free public VPN

    When I use an untrusted network (public wi-fi for example) I use the free VPN from http://www.hotspotshield.com/.

    This a VPN I read about in a security article in Macworld Magazine (about 6 months ago).

    This should help alleviate SOME of the fears (the connection from your laptop to hotspotshield is encrypted, so people on the same wi-fi network can't snoop your connection), but it doesn't fully address the lack of SSL (unencrypted from hotspotshield.com to me.com)

    As for SSL itself: the server certificate is tied to the fully-qualified-host-name, not the IP address. You can also spend a lot of money to get a wildcard cert that is good for any host on the designated domain/sub-domain.
     
  9. Zengrok macrumors newbie

    Joined:
    Jul 10, 2008
    #9
    Account settings are secure: https://secure.me.com/account/

    WiFi hotspots are dangerous for many reasons.
     

Share This Page