.Mac: Serious Security Problem; Localization Defects

Serious Security Problem MacFixIt reader John Moltz has alerted us to a potentially serious security breach in Apple's .Mac Webmail service, which we have confirmed on test systems. Any message in a user's personal e-mail box can be viewed on another computer simply by entering that message's unique URL. In other words giving the URL of a displayed piece of mail another individual will result in the message's exact replication on another machine.

The problem is of particular concern for users who click on a link in an e-mail message and are taken to a Web page, where the message's URL is stored in the log file as a referring URL. Webmasters analyzing the log file can simply enter the referring URL, and be taken to the private message.

Moving to other messages and folders, or attempting to perform account administration will prompt a login. There also appears to be a time-out function that protects against access after a few minutes.

Localization defects We have multiple reader reports of difficulty using .Mac's Webmail service with languages other than English. Stefan Schulze writes:

"I am a Mac user based in Germany. When I view my mac.com Webmail, the folders have German names such as Archiv and Entwürfe. The problem is that mac.com copies the folder names, but it doesn't get their function right. It also has trouble with Umlauts. For example. Webmail thinks that my Archiv drawer is the trash drawer, and Entwürfe is displayed as Entw?rfe."