republican-creole
Search:  

 
theme to white backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » US Cable Support » Cox HSI » [ALL] Wash Post criticizes Cox over email security
Search Topic:
 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Post a:
Post a:
Links: ·Cox HSI Forum FAQ ·Cox HSI forum Links ·WEB Mail ·Cable and Sat TV forum
[AZ] New Cable Box firmware? »
« [AZ] Need help! No explanation for downtime!  
AuthorAll Replies


NoVA_CoxUser
Stand back from the cage -- The RF bites
Premium
join:2004-07-06
Alexandria, VA
·Cox HSI

4 edits		reply to pbvan
Re: [ALL] Wash Post criticizes Cox over email security

said by pbvan See Profile :

... when logging into cox.net, the »https:// page is where I log into for my email accounts. The actual page showing my email boxes is ».
I think you might find the explanation provided in the following page helpful: »www.michaelhorowitz.com/securesubmit.html

To summarize:

1) Just because the page where you enter personal info is SSL-secured, doesn't mean that your personal info will be (or won't be) SSL-secured in-transmission when you click "login" ...

... It CAN however give you some assurance that the page which you are viewing is "genuine" if you verify the certificate's name and signing chain -- in other words, just because you have an SSL connection to a site doesn't necessarily mean that it's to the site to which you mean to be SSL-connected.

What IS important is whether the code underlying the "login" button is "http" or "https". (explained in the "Bad News" section in the earlier link)

2) Similarly, just because the "post-login" pages you receive from a site aren't SSL-secured, doesn't necessarily mean that your UID/Password was transmitted "in the clear"

Our own DSLR "SSL Log in" is one such example:

While your actual username/password are SSL-secured when transmitted ... specifically by this section of the page ...
FORM ACTION="https://secure.dslreports.com/r3/login"
... neither the initial DSLR "SSL Log in" page, or the subsequent DSLR pages displayed are themselves SSL-secured.

Unfortunately, Cox's webmail authentication is only insecure, so regardless of what page you're reaching it from, your username/password is always transmitted "in the clear."
to forum · permalink · · 2007-02-06 04:24:37 · Reply to this


pbvan

join:2003-02-09
Fairfax, VA		 Thanxs for the link. Your condensed version was great and the link provided further explanation in terms I could understand.
to forum · permalink · · 2007-02-06 10:13:39 · Reply to this
Forums » US Cable Support » Cox HSI[AZ] New Cable Box firmware? »
« [AZ] Need help! No explanation for downtime!  

Wednesday, 02-Dec 07:06:27 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.republican-creole
page compression OFF
Most commented news this week
· [152] Comcast Releasing Promised Usage Meter
· [69] Baltimore To Ban Lazy Cable Installs
· [57] Latest Consumer Reports Survey Not Kind To AT&T
· [56] Broadband Killed The Game Console
· [52] Rogers Unveils The ISP Dream Model
· [44] ACTA: Global Three Strikes
· [41] Rural Carriers Quickly Embracing Fiber
· [35] Charter Exits Chapter 11
· [33] AT&T Top Lobbyist Cicconi Has His Feelings Hurt
· [26] Vivendi Agrees, Comcast/NBC Deal Soon
Most people now reading
· [Newsgroups] Newzleech down? [Filesharing Software]
· Vundo on facebook? [Security]
· Prevx says MS Nov 10 patches causing BSOD problems [Security]
· Windows 7 boot manager editing questions [Microsoft Help]
· Heating - my dad gave me this advice... [Home Repair & Improvement]
· Ooma changing features [VOIP Tech Chat]
· [WIN7] Outlook express under Windows 7? [Microsoft Help]
· Maximizing Rogue DPS for ToC/ToGC (3.x) [World of Warcraft]
· Security Software Updates - 1 Dec 2009 [Security]
· [Newsgroups] Newzleech is either down or gone for good... [Filesharing Software]