Feeds

Apple's MobileMe plays into hands of spammers

Address harvesting all too easy

Beginner's guide to SSL certificates

Apple has inadvertently made it easy for spammers to create a database of MobileMe email addresses.

The issue points to a future of more junk mail for Mac heads. They are already being targetted by MobileMe phishing scams.

The email harvesting issue arises because every MobileMe user gets a public idisk file-sharing site. These sites have an address tied into a user's email username. A user can't hide or delete their public folder and there's no way to choose what the name will be.

As a result spammers only need to map the iDisk domain using web crawler tools to extract the entire MobileMe user name list. Taking this username list and simply adding either @me.com or @mac.com will give an email list, Techcrunch reports.

Apple doesn't see a problem with its system, essentially because it hasn't received any complaints - yet.

Apple tech support said: "We’ve never had a complaint from a customer about people spamming them because of their iDisk public folder name. There is no way to remove your account name from the iDisk folders. I’m very sorry,".

The consumer electronics giant's response smacks of complacency, especially as it comes little over a week after the emergence of a phishing scam targeting MobileMe users. Personal data belonging to hundreds of punters with @mac.com email addresses is being traded in underground forums, credit card protection service CardCops reported. Punters were tricked into handing over these details for phishing emails whose plausibility was increased by earlier problems with the MobileMe service.

MobileMe has ploughed through a field of snafus since its launch on 9 July. Users were blocked from accessing email accounts for more than a week at the end of July and there have been syncing and billing problems, with some European users charged before their trial came to an end, forcing Apple to issue refunds.

Apple responded to these problems by adding 60 days onto the end of every MobileMe subscription.

MobileMe provides an online synchronisation service which includes a bundle of storage, calendar, mail and photo services. It adds support for Outlook and push email to the iPhone to Apple's previous .Mac services. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
Hackers thrash Bash Shellshock bug: World races to cover hole
Update your gear now to avoid early attacks hitting the web
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
Ello? ello? ello?: Facebook challenger in DDoS KNOCKOUT
Gets back up again after half an hour though
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.