Bugtraq mailing list archives
Re: Apple OSX and iDisk and Mail.app
From: osx_guru <osx_guru () mac com>
Date: Wed, 24 Jul 2002 16:36:19 -0500
mac.com supports SSL which can be enabled through the Preferences->accounts->your account-> edit button->account options tab-> check box for "Use SSL"
I think that addresses your concern. Though you are correct in that by default this password is transmitted in the clear, though most consumer email clients do not have SSL or similar turned on by default due to uncertainty about various mail server compliance.
jon On Wednesday, July 24, 2002, at 11:10 AM, Randal L. Schwartz wrote:
The password for an Apple iDisk is sent via HTTPS/WebDAV. However, if you configure OSX with an iDisk password, the same password is copied to the Mail.app configuration (which might not have been previously configured). Clicking on a "mailto" link fires up Mail.app, which then connects to mac.com which *does not* support any method of encrypted password transmission. Net effect: your iDisk password is transmitted in the clear without your awareness, albeit as a mail password. Problems: - mac.com SMTP doesn't support encrypted passwords - mac.com's mail password is *always* identical to iDisk password - OSX's "do what I mean" friendliness saves passwords without knowledge --Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095<merlyn () stonehenge com> <URL:http://www.stonehenge.com/merlyn/> Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!
Current thread:
- Apple OSX and iDisk and Mail.app Randal L. Schwartz (Jul 24)
- Re: Apple OSX and iDisk and Mail.app Dale Southard (Jul 24)
- Re: Apple OSX and iDisk and Mail.app Daryl Tester (Jul 25)
- Re: Apple OSX and iDisk and Mail.app osx_guru (Jul 24)
- <Possible follow-ups>
- Re: Apple OSX and iDisk and Mail.app spam_bucket (Jul 24)
- Re: Apple OSX and iDisk and Mail.app Eric Hall (Jul 25)
- Re: Apple OSX and iDisk and Mail.app Dale Southard (Jul 24)