{"id":349,"date":"2008-08-21T09:05:21","date_gmt":"2008-08-21T08:05:21","guid":{"rendered":"http:\/\/blog.intego.com\/?p=349"},"modified":"2008-08-21T09:05:21","modified_gmt":"2008-08-21T08:05:21","slug":"security-weaknesses-in-mobileme-web-interface","status":"publish","type":"post","link":"https:\/\/www.intego.com\/mac-security-blog\/security-weaknesses-in-mobileme-web-interface\/","title":{"rendered":"Security Weaknesses in MobileMe Web Interface"},"content":{"rendered":"<p><img src=\"https:\/\/www.intego.com\/mac-security-blog\/images\/mobileme.jpg\"><\/p>\n<p>MobileMe had a rocky launch, and now a security weakness is being brought to light that shows that MobileMe&#8217;s web interface does not provide adequate security. Rich Mogull, <a href=\"http:\/\/db.tidbits.com\/article\/9745\">writing at TidBITS<\/a>, explains the problem: &#8220;although your initial login to MobileMe is encrypted, the rest of your session is transmitted in plain text. If anyone on your network decides they want to sniff your connection and read your email, there&#8217;s nothing to stop them.&#8221;<\/p>\n<p>In addition, Apple&#8217;s handling of user authentication has another weakness: &#8220;the secure authentication page points to auth.apple.com while the rest of MobileMe uses the domain me.com. By breaking the bond between the digital certificate used by SSL to verify a domain, and the domain where most of the interaction takes place, users are vulnerable to redirection attacks as highlighted by the recent DNS vulnerability.&#8221;<\/p>\n<p>Nevertheless, Mogull says that one shouldn&#8217;t worry too much. &#8220;While there&#8217;s a reasonable, if small, risk someone might sniff your connection when you are out in public, the odds of a redirection attack are extremely low.&#8221; But Apple will have to address these issues soon, along with the many other problems of MobileMe.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>MobileMe had a rocky launch, and now a security weakness is being brought to light that shows that MobileMe&#8217;s web interface does not provide adequate security. Rich Mogull, writing at TidBITS, explains the problem: &#8220;although your initial login to MobileMe is encrypted, the rest of your session is transmitted in plain text. If anyone on [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"spay_email":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false},"categories":[7,13],"tags":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v17.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<meta name=\"description\" content=\"MobileMe had a rocky launch, and now a security weakness is being brought to light that shows that MobileMe&#039;s web interface does not provide adequate\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.intego.com\/mac-security-blog\/security-weaknesses-in-mobileme-web-interface\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Security Weaknesses in MobileMe Web Interface - The Mac Security Blog\" \/>\n<meta property=\"og:description\" content=\"MobileMe had a rocky launch, and now a security weakness is being brought to light that shows that MobileMe&#039;s web interface does not provide adequate\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.intego.com\/mac-security-blog\/security-weaknesses-in-mobileme-web-interface\/\" \/>\n<meta property=\"og:site_name\" content=\"The Mac Security Blog\" \/>\n<meta property=\"article:published_time\" content=\"2008-08-21T08:05:21+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.intego.com\/mac-security-blog\/images\/mobileme.jpg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Peter James\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\",\"name\":\"Intego\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/\",\"sameAs\":[],\"logo\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#logo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png\",\"contentUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png\",\"width\":875,\"height\":875,\"caption\":\"Intego\"},\"image\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#logo\"}},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#website\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/\",\"name\":\"The Mac Security Blog\",\"description\":\"Keep Macs safe from the dangers of the Internet\",\"publisher\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.intego.com\/mac-security-blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/security-weaknesses-in-mobileme-web-interface\/#primaryimage\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/images\/mobileme.jpg\",\"contentUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/images\/mobileme.jpg\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/security-weaknesses-in-mobileme-web-interface\/#webpage\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/security-weaknesses-in-mobileme-web-interface\/\",\"name\":\"Security Weaknesses in MobileMe Web Interface - The Mac Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/security-weaknesses-in-mobileme-web-interface\/#primaryimage\"},\"datePublished\":\"2008-08-21T08:05:21+00:00\",\"dateModified\":\"2008-08-21T08:05:21+00:00\",\"description\":\"MobileMe had a rocky launch, and now a security weakness is being brought to light that shows that MobileMe's web interface does not provide adequate\",\"breadcrumb\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/security-weaknesses-in-mobileme-web-interface\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.intego.com\/mac-security-blog\/security-weaknesses-in-mobileme-web-interface\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/security-weaknesses-in-mobileme-web-interface\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.intego.com\/mac-security-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Security Weaknesses in MobileMe Web Interface\"}]},{\"@type\":\"Article\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/security-weaknesses-in-mobileme-web-interface\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/security-weaknesses-in-mobileme-web-interface\/#webpage\"},\"author\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/d0c16bd0a4dd8f82d91204f400c8d116\"},\"headline\":\"Security Weaknesses in MobileMe Web Interface\",\"datePublished\":\"2008-08-21T08:05:21+00:00\",\"dateModified\":\"2008-08-21T08:05:21+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/security-weaknesses-in-mobileme-web-interface\/#webpage\"},\"wordCount\":199,\"publisher\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/security-weaknesses-in-mobileme-web-interface\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/images\/mobileme.jpg\",\"articleSection\":[\"Apple\",\"Security &amp; Privacy\"],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/d0c16bd0a4dd8f82d91204f400c8d116\",\"name\":\"Peter James\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#personlogo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/0626bfb4ada576ba5aa775322329ad47?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/0626bfb4ada576ba5aa775322329ad47?s=96&d=mm&r=g\",\"caption\":\"Peter James\"},\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/author\/peter\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"description":"MobileMe had a rocky launch, and now a security weakness is being brought to light that shows that MobileMe's web interface does not provide adequate","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.intego.com\/mac-security-blog\/security-weaknesses-in-mobileme-web-interface\/","og_locale":"en_US","og_type":"article","og_title":"Security Weaknesses in MobileMe Web Interface - The Mac Security Blog","og_description":"MobileMe had a rocky launch, and now a security weakness is being brought to light that shows that MobileMe's web interface does not provide adequate","og_url":"https:\/\/www.intego.com\/mac-security-blog\/security-weaknesses-in-mobileme-web-interface\/","og_site_name":"The Mac Security Blog","article_published_time":"2008-08-21T08:05:21+00:00","og_image":[{"url":"https:\/\/www.intego.com\/mac-security-blog\/images\/mobileme.jpg"}],"twitter_card":"summary_large_image","twitter_misc":{"Written by":"Peter James","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Organization","@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization","name":"Intego","url":"https:\/\/www.intego.com\/mac-security-blog\/","sameAs":[],"logo":{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/#logo","inLanguage":"en-US","url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png","contentUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png","width":875,"height":875,"caption":"Intego"},"image":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#logo"}},{"@type":"WebSite","@id":"https:\/\/www.intego.com\/mac-security-blog\/#website","url":"https:\/\/www.intego.com\/mac-security-blog\/","name":"The Mac Security Blog","description":"Keep Macs safe from the dangers of the Internet","publisher":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.intego.com\/mac-security-blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/security-weaknesses-in-mobileme-web-interface\/#primaryimage","inLanguage":"en-US","url":"https:\/\/www.intego.com\/mac-security-blog\/images\/mobileme.jpg","contentUrl":"https:\/\/www.intego.com\/mac-security-blog\/images\/mobileme.jpg"},{"@type":"WebPage","@id":"https:\/\/www.intego.com\/mac-security-blog\/security-weaknesses-in-mobileme-web-interface\/#webpage","url":"https:\/\/www.intego.com\/mac-security-blog\/security-weaknesses-in-mobileme-web-interface\/","name":"Security Weaknesses in MobileMe Web Interface - The Mac Security Blog","isPartOf":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/security-weaknesses-in-mobileme-web-interface\/#primaryimage"},"datePublished":"2008-08-21T08:05:21+00:00","dateModified":"2008-08-21T08:05:21+00:00","description":"MobileMe had a rocky launch, and now a security weakness is being brought to light that shows that MobileMe's web interface does not provide adequate","breadcrumb":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/security-weaknesses-in-mobileme-web-interface\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.intego.com\/mac-security-blog\/security-weaknesses-in-mobileme-web-interface\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.intego.com\/mac-security-blog\/security-weaknesses-in-mobileme-web-interface\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.intego.com\/mac-security-blog\/"},{"@type":"ListItem","position":2,"name":"Security Weaknesses in MobileMe Web Interface"}]},{"@type":"Article","@id":"https:\/\/www.intego.com\/mac-security-blog\/security-weaknesses-in-mobileme-web-interface\/#article","isPartOf":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/security-weaknesses-in-mobileme-web-interface\/#webpage"},"author":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/d0c16bd0a4dd8f82d91204f400c8d116"},"headline":"Security Weaknesses in MobileMe Web Interface","datePublished":"2008-08-21T08:05:21+00:00","dateModified":"2008-08-21T08:05:21+00:00","mainEntityOfPage":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/security-weaknesses-in-mobileme-web-interface\/#webpage"},"wordCount":199,"publisher":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization"},"image":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/security-weaknesses-in-mobileme-web-interface\/#primaryimage"},"thumbnailUrl":"https:\/\/www.intego.com\/mac-security-blog\/images\/mobileme.jpg","articleSection":["Apple","Security &amp; Privacy"],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/d0c16bd0a4dd8f82d91204f400c8d116","name":"Peter James","image":{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/#personlogo","inLanguage":"en-US","url":"https:\/\/secure.gravatar.com\/avatar\/0626bfb4ada576ba5aa775322329ad47?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/0626bfb4ada576ba5aa775322329ad47?s=96&d=mm&r=g","caption":"Peter James"},"url":"https:\/\/www.intego.com\/mac-security-blog\/author\/peter\/"}]}},"jetpack_featured_media_url":"","jetpack_publicize_connections":[],"jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p4VAYd-5D","amp_enabled":true,"_links":{"self":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/349"}],"collection":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/comments?post=349"}],"version-history":[{"count":0,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/349\/revisions"}],"wp:attachment":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/media?parent=349"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/categories?post=349"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/tags?post=349"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}