Customers With Disabilities
  • RESIDENTIAL
  • BUSINESS

    Verizon Business Sites

  • WIRELESS
Announcements
.
dslr595148

Please deploy full SSL.

Status: In Progress
by MVP dslr595148 MVP on ‎11-02-2010 05:25 AM - last edited on ‎11-15-2010 12:20 PM by Admin Emeritus

The flaw that is addressed in http://www.grc.com/sn/sn-272.htm which is Security Now! with Steve Gibson, Episode 272, recorded October 27, 2010: Firesheep puts a lot of pressure on you to deploy full SSL.

 

For example by Full SSL, I don't just mean to log-in with. I mean,

 

#1 The site must allow users to browse & post while using SSL.

 

#2 For sending and receiving e-mail (it could be by web based e-mail or SMTP/POP OR even an IMAP client on their computer) using SSL.

 

#3 The site must allow users to browse, pay online while using SSL.

 

Status: In Progress
We are currently implementing SSL. We expect to be done over the coming weeks.
Comments
by Admin Emeritus on ‎11-03-2010 01:16 PM
Status changed to: Acknowledged
 
by whorka on ‎11-03-2010 10:34 PM

I fully agree. It's all too easy to sniff unencrypted wireless connections these days. On the web site, all session cookies need to be encrypted on every page transfer during a logged-in session to prevent user sessions on wireless networks from being hijacked by other users of the same network. Likewise, grabbing email usernames and passwords over a wireless connection is a simple point-and-click operation unless these sessions are SSL encrypted. (They are currently not.)

 

Leaving customers exposed to such a vulnerability is not only negligent to the user accounts' own security, it could also do damage to Verizon's network if a significant number of accounts are compromised and used to send SPAM or worse.

 

Running SSL POP should be a simple matter of installing stunnel on the mail servers.

 

by Admin Emeritus on ‎11-15-2010 12:19 PM
Status changed to: Under Review
 
by pseverance on ‎01-03-2011 07:25 PM

I absolutely agree.

 

FIx it.  Meanwhile, you owe it to your PAYING subscribers to FULLY REVEAL how shoddy Verizon/Yahoo security as it pertains to their personal information.

 

Most people trust that this is a secure service.

 

It isn't.

 

Be honest with them, so they can take the necessary steps to safeguard their information.

 

To not tell them is more than negligent.

by DaveK2 ‎01-04-2011 09:54 AM - edited ‎01-04-2011 10:48 AM

Whorka mentioned SSL POP, which would be great.   But Verizon POP currently doesn't even support encrypted login - even passwords are sent in the clear, and setting the client to use encrypted passwords hangs the connection.   Please improve client-based email with:

 

1) encrypted POP login, or

2) full-time secure (TLS) POP,

but preferably

3) support a decent email protocol, IMAP.  I mean RFC 1730 came out in 1994 and RFC 3501 in 2003, and Netscape 7 could use IMAP with Exchange server way back then.   Email isn't bleeding edge rocket science, and using totally insecure POP in 2011 gives Verizon a black eye.

 

 Edit: Posted this before seeing mcaranci's IMAP suggestion.  Of course, I voted that one up too.

by ACABThomas on ‎02-02-2011 12:48 PM

Webmail is often used in unsecure places away from home.  So it's imperative to have full SLL support to protect it from network sniffers, etc,

by Admin Emeritus on ‎03-07-2011 12:04 PM
Status changed to: In Progress
We are currently implementing SSL. We expect to be done over the coming weeks.
by nabber00 on ‎09-13-2011 11:20 AM

So this should be done by now? Is it?

by Silver Contributor V on ‎10-05-2011 06:10 AM

SSL is definitely supported (not sure when they did it).

 

Also APOP is supported for passwords, even without SSL and for a long time, so your password need never be exposed.

 

Ports

outgoing.verizon.net  587, 465(SSL)

Incoming.verizon.net 110, 995(SSL)

 

by MVP dslr595148 MVP on ‎10-05-2011 07:18 AM

SSL is definitely supported (not sure when they did it).

 

Also APOP is supported for passwords, even without SSL and for a long time, so your password need never be exposed.

 

Ports

outgoing.verizon.net  587, 465(SSL)

Incoming.verizon.net 110, 995(SSL)



 



How about for FTP?

 

Thanks.

Idea Statuses
Have an Idea?
If you have a new idea to share, please search before posting. Many times someone else has already posted your idea and you can just vote there instead!
 

Account & Services

  • Pay Bill
  • Add/Change Services
  • Manage My Rewards+
  • Renew Your Contract
  • Manage Services
  • Visual 411

Email, News & TV

  • Check Email
  • Announcements

Support Tools