Yahoo/iPhone Push IMAP Doesn’t Use Encryption

It seems the iPhone sends its IMAP mail login credentials to Yahoo without encryption, which means if you’re using a public, unencrypted WLAN then anyone can sniff out your login credentials for your Yahoo account.

I was researching the iPhone’s “push” mechanism with a trace from Kurt Zeilenga’s iPhone, and wondered what error message I’d get from repeating the authentication. Mainly, to prove that the absence of any SASL challenge messages from Yahoo didn’t mean that the mechanism was susceptible to a reply attack. Instead, I gained access to Kurt’s Yahoo account.

Warning: require_once(/nfs/c02/h05/mnt/20370/domains/ [function.require-once]: failed to open stream: No such file or directory in /nfs/c02/h09/mnt/20370/domains/ on line 22

Fatal error: require_once() [function.require]: Failed opening required '/nfs/c02/h05/mnt/20370/domains/' (include_path='.:/usr/local/php-5.3.29/share/pear') in /nfs/c02/h09/mnt/20370/domains/ on line 22