MrGroove’s Blog

I never actually signed up for the new Apple mobileME service however, when Apple introduced the mobileME service, previous .mac users received the upgrade to the new service at no charge.  I recently discovered this while activating my new iPhone.  Although I passed on the free 60 day trial (Sorry, I don’t like to read the fine print and I don’t like to give royalty free non-exclusive, worldwide, sublicensable, perpetual and irrevocable license to my data… I like to know WHO has my data) Apple tried to push on me, I took the opportunity to checkout the new service - Apple moblieME.  From the quick "preview" I made, it looks like another technology race with Microsoft.  That being said, I wasn’t expecting to find an obvious security blunder from a BRAND NEW service from Apple. 

Here, take a look:

The Good: SSL is forced for Login as well as Account management pages

The Bad: No SSL ANYWHERE else on the site…  Email, Contact etc.. all sent in the Clear

My favorite is unlike GOOGLE, there is no option to TURN ON any SSL protection either.  Now…..  I know what your thinking.  SO WHAT IF MY EMAIL IS NOT ENCRYPTED IN TRANSIT!!!  And to a point, yes I agree.  Encryption in Transit is not as important as Encryption at rest.  That being said however, if Apple is not going to spend the time doing something as simple as using SSL for it’s pages which COULD and probably WILL contain sensitive data, I have VERY little faith that they will properly handle my data in the backend.  If all your talking about is Music, no big deal.  If your talking about Personal Emails and Photo’s of your kids however…..  Yeah, I’ll take my data elsewhere.

Agree?  Disagree?  Do you have info on how Apple protects the backend?  Feel free to leave a comment.  I love a Groovy discussion!

Tags: Apple, mobileme, Security, sslmac