Feeds

Apple's MobileMe plays into hands of spammers

Address harvesting all too easy

Internet Security Threat Report 2014

Apple has inadvertently made it easy for spammers to create a database of MobileMe email addresses.

The issue points to a future of more junk mail for Mac heads. They are already being targetted by MobileMe phishing scams.

The email harvesting issue arises because every MobileMe user gets a public idisk file-sharing site. These sites have an address tied into a user's email username. A user can't hide or delete their public folder and there's no way to choose what the name will be.

As a result spammers only need to map the iDisk domain using web crawler tools to extract the entire MobileMe user name list. Taking this username list and simply adding either @me.com or @mac.com will give an email list, Techcrunch reports.

Apple doesn't see a problem with its system, essentially because it hasn't received any complaints - yet.

Apple tech support said: "We’ve never had a complaint from a customer about people spamming them because of their iDisk public folder name. There is no way to remove your account name from the iDisk folders. I’m very sorry,".

The consumer electronics giant's response smacks of complacency, especially as it comes little over a week after the emergence of a phishing scam targeting MobileMe users. Personal data belonging to hundreds of punters with @mac.com email addresses is being traded in underground forums, credit card protection service CardCops reported. Punters were tricked into handing over these details for phishing emails whose plausibility was increased by earlier problems with the MobileMe service.

MobileMe has ploughed through a field of snafus since its launch on 9 July. Users were blocked from accessing email accounts for more than a week at the end of July and there have been syncing and billing problems, with some European users charged before their trial came to an end, forcing Apple to issue refunds.

Apple responded to these problems by adding 60 days onto the end of every MobileMe subscription.

MobileMe provides an online synchronisation service which includes a bundle of storage, calendar, mail and photo services. It adds support for Outlook and push email to the iPhone to Apple's previous .Mac services. ®

Internet Security Threat Report 2014

More from The Register

next story
George Clooney, WikiLeaks' lawyer wife hand out burner phones to wedding guests
Day 4: 'News'-papers STILL rammed with Clooney nuptials
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
PEAK IPV4? Global IPv6 traffic is growing, DDoS dying, says Akamai
First time the cache network has seen drop in use of 32-bit-wide IP addresses
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.