October 8, 2001
Security bite taken out of Apple's iDisk
Author: JT Smith
Kelly McNeill writes: "Unfortunately, all is not well with the new version of Apple's iDisk. According to security experts at Open Door Networks, iDisk under Mac OS X 10.1 is significantly less secure than under previous versions of Mac OS X. In Mac OS X 10.1 your iDisk is usually accessed using the WebDAV protocol rather than the Apple Filing Protocol (AFP) used previously. Like AFP, WebDAV is supposed to not send your password over the Internet, so in that respect it should be as secure as AFP. However, the implementation of WebDAV in Mac OS X 10.1, as used with iDisk, violates the WebDAV specification and sends passwords in a way that makes them easy for hackers to discover."