Mac OS X 10.1 and iDisk: security alert
Mac OS X 10.1 and iDisk: security alert
"iDisk under Mac OS X 10.1 is significantly less secure than under previous versions of Mac OS X. In Mac OS X 10.1 your iDisk is usually accessed using the WebDAV protocol rather than the Apple Filing Protocol (AFP) used previously. Like AFP, WebDAV is supposed to not send your password over the Internet, so in that respect it should be as secure as AFP. However the implementation of WebDAV in Mac OS X 10.1, as used with iDisk, violates the WebDAV specification and sends your password in a way that makes it is easy for hackers to discover. Using iDisk under Mac OS X 10.1 could easily result in disclosure of your password and full access to your iDisk by others.
If you select 'iDisk' from the 'Go' menu or click on the iDisk icon in the Finder, your iDisk will be vulnerable. Also if you use the 'iDisk' selection in file open or save dialogs. To connect to iDisk the old (secure) way under Mac OS X 10.1, you should use 'Connect to Server' under the 'Go' menu and enter the address 'afp://idisk.mac.com'. Doing so is highly recommended until Apple comes out with a fix for this problem (of which they're well aware). You can then make an alias to your iDisk, or save it as a Favorite."
See also our previous coverage of iDisk issues and this MacCentral article.