Go Back   Wireless and Wifi Forums > News > Newsgroups > comp.security.misc
Register FAQ Forum Rules Members List Calendar Search Today's Posts Advertise Mark Forums Read

 
Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 03-22-2007, 01:48 PM
SecretSquirrel
Guest
 
Posts: n/a
Default Time Warner Road Runner web mail not secure

Hi,

I use this site:

http://webmail.tx.rr.com/webedge/do/mail/folder/view

for accessing web mail. It is from Time Warner.

I called their help desk to indicate it is not using https:// and
therefore is not encrypted and not secure. Their response was that it
is a secure site and that it is using encryption.

I have contacted their security department to indicate this and never
got a response back.

I can see that other Time Warner sites use https (e.g. https://webmail.nyc.rr.com/),
but this texas site is not.

I am getting frustrated because they keep insisting it's secure and
encrypted even when it's clearly not so.

Am I wrong about this? How do I get them to fix it?

JP


Reply With Quote
  #2 (permalink)  
Old 03-22-2007, 03:44 PM
Chris Mattern
Guest
 
Posts: n/a
Default Re: Time Warner Road Runner web mail not secure

In article <1174571312.643050.273610@l75g2000hse.googlegroups .com>,
SecretSquirrel wrote:
>Hi,
>
>I use this site:
>
>http://webmail.tx.rr.com/webedge/do/mail/folder/view
>
>for accessing web mail. It is from Time Warner.
>
>I called their help desk to indicate it is not using https:// and
>therefore is not encrypted and not secure. Their response was that it
>is a secure site and that it is using encryption.
>
>I have contacted their security department to indicate this and never
>got a response back.
>
>I can see that other Time Warner sites use https (e.g. https://webmail.nyc.rr.com/),
>but this texas site is not.
>
>I am getting frustrated because they keep insisting it's secure and
>encrypted even when it's clearly not so.
>
>Am I wrong about this?


You don't seem to be, unless there's some additional facts here you've
overlooked.

>How do I get them to fix it?
>


If they won't listen to you, you don't. You can't force them do to
anything. I would advise acquiring a different email solution. I
personally dislike webmail to begin with and keep my mail on my own
box, accessed via secure IMAP (I use Dovecot on Debian Linux, and it
works quite well). Webmail is an abortion developed by people who
want to keep you locked into their service instead of using established,
open protocols that do the job well and leave you in control of your
own data.


--
Christopher Mattern

NOTICE
Thank you for noticing this new notice
Your noticing it has been noted
And will be reported to the authorities

Reply With Quote
  #3 (permalink)  
Old 03-22-2007, 04:46 PM
Unruh
Guest
 
Posts: n/a
Default Re: Time Warner Road Runner web mail not secure

"SecretSquirrel" <SecretSquirrel123@gmail.com> writes:

>Hi,


>I use this site:


>http://webmail.tx.rr.com/webedge/do/mail/folder/view


>for accessing web mail. It is from Time Warner.


>I called their help desk to indicate it is not using https:// and
>therefore is not encrypted and not secure. Their response was that it
>is a secure site and that it is using encryption.


>I have contacted their security department to indicate this and never
>got a response back.


>I can see that other Time Warner sites use https (e.g. https://webmail.nyc.rr.com/),
>but this texas site is not.


>I am getting frustrated because they keep insisting it's secure and
>encrypted even when it's clearly not so.


>Am I wrong about this? How do I get them to fix it?


So quit using them.

>JP



Reply With Quote
  #4 (permalink)  
Old 03-23-2007, 01:56 AM
Barry Margolin
Guest
 
Posts: n/a
Default Re: Time Warner Road Runner web mail not secure

In article <1174571312.643050.273610@l75g2000hse.googlegroups .com>,
"SecretSquirrel" <SecretSquirrel123@gmail.com> wrote:

> Hi,
>
> I use this site:
>
> http://webmail.tx.rr.com/webedge/do/mail/folder/view
>
> for accessing web mail. It is from Time Warner.
>
> I called their help desk to indicate it is not using https:// and
> therefore is not encrypted and not secure. Their response was that it
> is a secure site and that it is using encryption.


They're wrong.

In most cases, the explanation is that even though the login page is
downloaded with HTTP, it submits the password with HTTPS. But I just
checked the source of this page and it sends the form to the same server
and protocol that it downloaded it from.

--
Barry Margolin, barmar@alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***

Reply With Quote
  #5 (permalink)  
Old 03-23-2007, 09:33 PM
Greg Pratt
Guest
 
Posts: n/a
Default Re: Time Warner Road Runner web mail not secure

In article <1174571312.643050.273610@l75g2000hse.googlegroups .com>,
SecretSquirrel <SecretSquirrel123@gmail.com> wrote:
>Hi,
>
>I use this site:
>
>http://webmail.tx.rr.com/webedge/do/mail/folder/view
>
>for accessing web mail. It is from Time Warner.
>
>I called their help desk to indicate it is not using https:// and
>therefore is not encrypted and not secure. Their response was that it
>is a secure site and that it is using encryption.
>
>I have contacted their security department to indicate this and never
>got a response back.
>
>I can see that other Time Warner sites use https (e.g. https://webmail.nyc.rr.com/),
>but this texas site is not.
>
>I am getting frustrated because they keep insisting it's secure and
>encrypted even when it's clearly not so.
>
>Am I wrong about this? How do I get them to fix it?


As others have pointed out, it is likely that the authentication is
using HTTPS. When you log into the webmail interface, watch your
browser to see if it briefly submits something to an "https://...." URL.
Some browsers, such as Firefox, will also show a subtle change in the
appearance of the browser window to indicate that it has switched to
"secure" mode (the appearance of a padlock icon in one corner, or the
changing of the address bar to an alternate color).

The rest of your session, however, will be unencrypted. The support
representative you spoke with on the phone probably did understand
what you were asking, since your question doesn't fit into their
troubleshooting scripts, and they personally probably don't appreciate
the difference.

If you are looking for secure webmail, you're looking in the wrong
place. Road Runner, like most transport ISPs, offers e-mail simply as
an add-on service that they can tout in their marketing materials ("We
offer free e-mail!"). They support it, however, only as much to keep
customers from switching to another service (such as DSL or a competing
cable provider). The poor reputation of most of these companies among
anti-spam advocates should also tip you off that they have very little
interest in security, so long as it doesn't cut into their bottom line
*this* month, or expose them to expensive lawsuits.

I find it is best to pretend that Road Runner doesn't offer e-mail at
all, and simply pay $10/month for a service that (1) provides encryption
on my sessions all the time, and not just during authentication, and (2)
is actually responsive to reasonable customer requests. Talking to
someone who actually cares, and who has a clue, is worth every penny.

--
Gregory Pratt gp@panix.com
East Rutherford, NJ, USA http://www.panix.com/~gp/
"You're only given one little spark of madness. You mustn't lose it."
PGP Key Fingerprint: DC60 FCDE 91E2 3D41 91A3 45DB B474 3D3A 3621 AAFE

Reply With Quote
  #6 (permalink)  
Old 03-24-2007, 02:28 AM
Barry Margolin
Guest
 
Posts: n/a
Default Re: Time Warner Road Runner web mail not secure

In article <eu1h3q$t3t$1@panix2.panix.com>, gp@panix.com (Greg Pratt)
wrote:

> As others have pointed out, it is likely that the authentication is
> using HTTPS. When you log into the webmail interface, watch your
> browser to see if it briefly submits something to an "https://...." URL.
> Some browsers, such as Firefox, will also show a subtle change in the
> appearance of the browser window to indicate that it has switched to
> "secure" mode (the appearance of a padlock icon in one corner, or the
> changing of the address bar to an alternate color).


Didn't you see my reply? This site does NOT submit the authentication
using HTTPS. I checked the HTML page's source.

--
Barry Margolin, barmar@alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***

Reply With Quote
Reply


« EVT '07 Call For Papers | Is Your Credit Card Secure? »
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SSL-Talk List FAQ] Secure Sockets Layer Discussion List FAQ v1.1.1 Shannon Appel comp.security.misc 0 10-19-2005 04:37 AM
best practices to secure home's network strutsng@gmail.com alt.internet.wireless 31 10-14-2005 10:22 AM
Google "Secure Access" FAQ + Download link frankdowling1@yahoo.com alt.internet.wireless 11 09-23-2005 08:22 PM
[SSL-Talk List FAQ] Secure Sockets Layer Discussion List FAQ v1.1.1 Shannon Appel comp.security.misc 0 08-30-2005 04:26 AM
[SSL-Talk List FAQ] Secure Sockets Layer Discussion List FAQ v1.1.1 Shannon Appel comp.security.misc 0 07-31-2005 04:25 AM


All times are GMT. The time now is 07:53 AM.



Powered by vBulletin® Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.6.0 PL2

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45