TechCrunch posted an article recently about a security flaw in the MobileMe webhosting platform that puts every user at risk of having their email addresses harvested by spammers and targeted with loads of spam.
Quote from TechCrunch:
Here’s how it works. Every MobileMe user gets a public idisk file sharing site where they can post files for their public or private use. It’s simple to set the page to private, but it still shows the username if you to to the page. An example of a bad username: idisk.mac.com/mehmehmeh-Public. Here’s a good one: idisk.mac.com/steve-Public (That’s Steve Jobs’ account). There is no way as a user to hide or delete your public folder. If you are a MobileMe customer, you have one.
It’s only a matter of time before this exploit is abused (especially after it’s published on TechCrunch) and users at mac.com and me.com are inundated with spam. Lets hope MobileMe is up to the task of filtering these messages, fixing this already overly exploited flaw and letting the legitimate email continue to delivery accordingly.