[HTTPS-E Rulesets] [HTTPS-Everywhere] Verizon rule causes page to fail to load (2.0.dev.4)

Peter Eckersley pde at eff.org
Sat Nov 19 12:19:32 PST 2011 

I've committed workaround number 2 in git.  Unfortunately, the underlying bug
here is an indication that the Verizon website is insecure and leaves people
open to having their accounts hijacked.  Erik, can you try filing a bug with
Verizon tech support please?

On Thu, Nov 17, 2011 at 07:13:29PM -0800, Peter Eckersley wrote:
> It's definitely a JavaScript redirect.  We have a few options:
> 
> 1. Fix https://trac.torproject.org/projects/tor/ticket/4286
> 
> 2. Someone can wade in an try write an exclusion for this
>    (maybe for /secure/pages/viewbill/)?
> 
> 3. File a bug with Verizon tech support and wait
> 
> 4. Disable the ruleset
> 
> I'm lean towards 2 unless anyone is inspired by a different approach.
> 
> On Thu, Nov 17, 2011 at 09:17:25PM -0500, Erik Harris wrote:
> > I just got my Verizon FIOS bill notification, and I clicked on the
> > link that took me to the login page on www22.verizon.net, and it got
> > stuck in an infinite reload cycle. As soon as I turned off the
> > Verizon rule in HTTPS-Everywhere, it loaded (to a secure page, so
> > it's some support content on the page that caused the problem).
> > 
> > I'm using HTTPS-Everywhere 2.0dev.4 in Firefox 9 beta on Win7 x64 Pro.
> > 
> > The link to view the bill in the email is:
> > 
> > https://www22.verizon.com/secure/pages/viewbill/?LOBCode=C&PromoTCode=EML19&PromoSrcCode=L&POEId=EM1SP
> > 
> > (Since I wasn't logged in, this redirected me to the login page)
> > 
> 
> -- 
> Peter Eckersley                            pde at eff.org
> Technology Projects Director      Tel  +1 415 436 9333 x131
> Electronic Frontier Foundation    Fax  +1 415 436 9993
> _______________________________________________
> HTTPS-everywhere mailing list
> HTTPS-everywhere at mail1.eff.org
> https://mail1.eff.org/mailman/listinfo/https-everywhere

-- 
Peter Eckersley                            pde at eff.org
Technology Projects Director      Tel  +1 415 436 9333 x131
Electronic Frontier Foundation    Fax  +1 415 436 9993

More information about the HTTPS-Everywhere-Rules mailing list