[HTTPS-E Rulesets] [HTTPS-Everywhere] Verizon rule causes page to fail to load (2.0.dev.4)
Peter Eckersley
pde at eff.org
Sat Nov 19 12:19:32 PST 2011
I've committed workaround number 2 in git. Unfortunately, the underlying bug
here is an indication that the Verizon website is insecure and leaves people
open to having their accounts hijacked. Erik, can you try filing a bug with
Verizon tech support please?
On Thu, Nov 17, 2011 at 07:13:29PM -0800, Peter Eckersley wrote:
> It's definitely a JavaScript redirect. We have a few options:
>
> 1. Fix https://trac.torproject.org/projects/tor/ticket/4286
>
> 2. Someone can wade in an try write an exclusion for this
> (maybe for /secure/pages/viewbill/)?
>
> 3. File a bug with Verizon tech support and wait
>
> 4. Disable the ruleset
>
> I'm lean towards 2 unless anyone is inspired by a different approach.
>
> On Thu, Nov 17, 2011 at 09:17:25PM -0500, Erik Harris wrote:
> > I just got my Verizon FIOS bill notification, and I clicked on the
> > link that took me to the login page on www22.verizon.net, and it got
> > stuck in an infinite reload cycle. As soon as I turned off the
> > Verizon rule in HTTPS-Everywhere, it loaded (to a secure page, so
> > it's some support content on the page that caused the problem).
> >
> > I'm using HTTPS-Everywhere 2.0dev.4 in Firefox 9 beta on Win7 x64 Pro.
> >
> > The link to view the bill in the email is:
> >
> > https://www22.verizon.com/secure/pages/viewbill/?LOBCode=C&PromoTCode=EML19&PromoSrcCode=L&POEId=EM1SP
> >
> > (Since I wasn't logged in, this redirected me to the login page)
> >
>
> --
> Peter Eckersley pde at eff.org
> Technology Projects Director Tel +1 415 436 9333 x131
> Electronic Frontier Foundation Fax +1 415 436 9993
> _______________________________________________
> HTTPS-everywhere mailing list
> HTTPS-everywhere at mail1.eff.org
> https://mail1.eff.org/mailman/listinfo/https-everywhere
--
Peter Eckersley pde at eff.org
Technology Projects Director Tel +1 415 436 9333 x131
Electronic Frontier Foundation Fax +1 415 436 9993
More information about the HTTPS-Everywhere-Rules
mailing list