MobileMe is NOT secure!!!
July 11th, 2008, Hedi Regaya | View Comments
I can’t believe what I’m seeing!
The URL starts with a regular “http” instead of “https”!
There’s not “lock” icon on the right corner of Safari!
How can this possible? Very bad days for Apple it seems…
Can someone please explain me?
Posted in Security & Maintenance, dotmac & MobileMe
View Comments
There is a secure authentication process hidden behind it…go to the login window.. the url is https://auth.apple.com/authenticate
There was a bunch of talk about this just after the WWDC Keynote. Some security heavyweights chimed in with their opinion that the authentication should be secure; and it is. The idea of the whole site/experience being secure is just not manageable in their opinion. They also were of the opinion that it was not necessary. Given the fact that the only way into your stuff through a back door is random hit or miss process and that there are billions of files and pages out there; not much of an issue.
That’s their word.
RicMac, I may not agree with the last part of what you said.
“They also were of the opinion that it was not necessary. Given the fact that the only way into your stuff through a back door is random hit or miss process and that there are billions of files and pages out there; not much of an issue.
That’s their word.”
I would like proof of this information. However, I do notice the the secure login when you now sign in. I have never noticed the lock to the right of Safari while I was using dotmac. What I can say, by even drawing a reference to other mail providers (who also provide contact and calender services but not as good as MobileMe:-D) the first time you login, there is the ‘https’ and while you use the account, it reverts to the normal ‘http.’ Check it out.
the https is only used for the first time you login, after that it is just http. only banks and financial sites uses https for all pages for security reasons. having ssl on all pages is costly and the overhead for the cpu would be too high.