| It seems as if Apple’s MobileMe service has quite a few problems going for itself. A couple weeks ago, the TechCrunch Blog reported a design flaw with the service that allows attackers to crawl the site’s public folder structure and obtain usernames. These usernames are the same usernames used for email addresses for the service. While this isn’t a huge flaw concern for users of the service because it does not expose sensitive information about the user, it is one more way for a spammer to easily obtain email addresses. | |
| Email addresses obtained in this way can be used to launch a targeted spam campaign to phish for passwords and other sensitive information. One more reason why it is important to filter emails and be mindful of what you click on.
A larger concern about the service is the fact that the service does not use SSL security when transferring data from one account to another. The service is an email, contant, and file management service that allows users to collaborate with each other. Account and credential information is encrypted, but not the data that the users send. This is a larger concern due to the fact that users may not be completely aware of this issue and sensitive and confidential data may be transferred over the web and put at risk. The combination of knowing the users email address and being able to openly view transferred data through the service could allow an attacker to target their attacks knowing direct information about the user. With that said, Apple is not the only one to blame when it comes to openly displaying usernames in a public webpage format. Many social network sites display a user’s login name on searchable webpages that can then be used to find information on the user. One more lesson on how the internet is an open and public forum. |
|
Sep
3
Leave a Comment