Bugtraq mailing list archives
Re: Apple OSX and iDisk and Mail.app
From: Dale Southard <southard1 () llnl gov>
Date: 24 Jul 2002 13:48:10 -0700
merlyn () stonehenge com (Randal L. Schwartz) writes:
Net effect: your iDisk password is transmitted in the clear without your awareness, albeit as a mail password. Problems: - mac.com SMTP doesn't support encrypted passwords
Are you sure? myhost{dsouth}: telnet smtp.mac.com 25 Trying 204.179.120.48... Connected to smtp.mac.com. Escape character is '^]'. 220 ESMTP service ehlo foo.bar 250-asmtp02.mac.com 250-PIPELINING 250-ETRN 250-DSN 250-STARTTLS 250-AUTH PLAIN LOGIN 250 AUTH=LOGIN ^] telnet> quit Connection closed. It looks like smtp.mac.com supports STARTTLS, which could be used to armor the PLAIN/LOGIN authentication. Granted, it isn't clear that mail.app is capable of doing SSL/TLS when connecting to a SMTP server for sends, but mail.app does support SSL/TLS for IMAP receives. -- /* Dale Southard Jr. dsouth () llnl gov 925-422-1463, fax 422-9429 */ /* Computer Scientist, Accelerated Strategic Computing Initiative */ /* L-073, Lawrence Livermore National Lab, Livermore CA 94551 */ /* AFF/I, SL/I, T/I, D-11216, Sr. Rig --- I'd rather be skydiving */
Current thread:
- Apple OSX and iDisk and Mail.app Randal L. Schwartz (Jul 24)
- Re: Apple OSX and iDisk and Mail.app Dale Southard (Jul 24)
- Re: Apple OSX and iDisk and Mail.app Daryl Tester (Jul 25)
- Re: Apple OSX and iDisk and Mail.app osx_guru (Jul 24)
- <Possible follow-ups>
- Re: Apple OSX and iDisk and Mail.app spam_bucket (Jul 24)
- Re: Apple OSX and iDisk and Mail.app Eric Hall (Jul 25)
- Re: Apple OSX and iDisk and Mail.app Dale Southard (Jul 24)