Customers With Disabilities
  • RESIDENTIAL
  • BUSINESS

    Verizon Business Sites

  • WIRELESS

Share Your Ideas with Verizon

turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Announcements
.
Idea Options
dslr595148

Please deploy full SSL.

Status: In Progress
by All Star dslr595148 All Star on ‎11-02-2010 05:25 AM - last edited on ‎11-15-2010 12:20 PM by Admin Emeritus

The flaw that is addressed in http://www.grc.com/sn/sn-272.htm which is Security Now! with Steve Gibson, Episode 272, recorded October 27, 2010: Firesheep puts a lot of pressure on you to deploy full SSL.

 

For example by Full SSL, I don't just mean to log-in with. I mean,

 

#1 The site must allow users to browse & post while using SSL.

 

#2 For sending and receiving e-mail (it could be by web based e-mail or SMTP/POP OR even an IMAP client on their computer) using SSL.

 

#3 The site must allow users to browse, pay online while using SSL.

 

Status: In Progress
We are currently implementing SSL. We expect to be done over the coming weeks.
Idea Categories:
Subscribe
Comments
by Admin Emeritus on ‎11-03-2010 01:16 PM
Options
Status changed to: Acknowledged
 
by whorka on ‎11-03-2010 10:34 PM
Options

I fully agree. It's all too easy to sniff unencrypted wireless connections these days. On the web site, all session cookies need to be encrypted on every page transfer during a logged-in session to prevent user sessions on wireless networks from being hijacked by other users of the same network. Likewise, grabbing email usernames and passwords over a wireless connection is a simple point-and-click operation unless these sessions are SSL encrypted. (They are currently not.)

 

Leaving customers exposed to such a vulnerability is not only negligent to the user accounts' own security, it could also do damage to Verizon's network if a significant number of accounts are compromised and used to send SPAM or worse.

 

Running SSL POP should be a simple matter of installing stunnel on the mail servers.

 

by Admin Emeritus on ‎11-15-2010 12:19 PM
Options
Status changed to: Under Review
 
by pseverance on ‎01-03-2011 07:25 PM
Options

I absolutely agree.

 

FIx it.  Meanwhile, you owe it to your PAYING subscribers to FULLY REVEAL how shoddy Verizon/Yahoo security as it pertains to their personal information.

 

Most people trust that this is a secure service.

 

It isn't.

 

Be honest with them, so they can take the necessary steps to safeguard their information.

 

To not tell them is more than negligent.

by DaveK2 ‎01-04-2011 09:54 AM - edited ‎01-04-2011 10:48 AM
Options

Whorka mentioned SSL POP, which would be great.   But Verizon POP currently doesn't even support encrypted login - even passwords are sent in the clear, and setting the client to use encrypted passwords hangs the connection.   Please improve client-based email with:

 

1) encrypted POP login, or

2) full-time secure (TLS) POP,

but preferably

3) support a decent email protocol, IMAP.  I mean RFC 1730 came out in 1994 and RFC 3501 in 2003, and Netscape 7 could use IMAP with Exchange server way back then.   Email isn't bleeding edge rocket science, and using totally insecure POP in 2011 gives Verizon a black eye.

 

 Edit: Posted this before seeing mcaranci's IMAP suggestion.  Of course, I voted that one up too.

by ACABThomas on ‎02-02-2011 12:48 PM
Options

Webmail is often used in unsecure places away from home.  So it's imperative to have full SLL support to protect it from network sniffers, etc,

by Admin Emeritus on ‎03-07-2011 12:04 PM
Options
Status changed to: In Progress
We are currently implementing SSL. We expect to be done over the coming weeks.
by nabber00 on ‎09-13-2011 11:20 AM
Options

So this should be done by now? Is it?

by Silver Contributor V on ‎10-05-2011 06:10 AM
Options

SSL is definitely supported (not sure when they did it).

 

Also APOP is supported for passwords, even without SSL and for a long time, so your password need never be exposed.

 

Ports

outgoing.verizon.net  587, 465(SSL)

Incoming.verizon.net 110, 995(SSL)

 

by All Star dslr595148 All Star on ‎10-05-2011 07:18 AM
Options

SSL is definitely supported (not sure when they did it).

 

Also APOP is supported for passwords, even without SSL and for a long time, so your password need never be exposed.

 

Ports

outgoing.verizon.net  587, 465(SSL)

Incoming.verizon.net 110, 995(SSL)



 


How about for FTP?

 

Thanks.

Idea Statuses
Have an Idea?
If you have a new idea to share, please search before posting. Many times someone else has already posted your idea and you can just vote there instead!

Verizon

  • Services
  • Shop
  • Support
  • Site Feedback
  • Announcements

Shop FiOS

  • FiOS Internet
  • FiOS TV
  • FiOS Digital Voice
  • FiOS Bundles
  • Flex View

Shop Standard Services

Account & Services

Email, News, & TV

  • Check Email
  • TV Listings

Support