[HTTPS-E Rulesets] Fwd: Verizon
Peter Eckersley
pde at eff.org
Wed Nov 30 15:35:22 PST 2011
Hi Henry,
This is a bad interaction between HTTPS Everywhere and a bug in Verizon's
site. Their JavaScript code redirects a page back from HTTPS to HTTP, which is
insecure but also exposes this limitation in our code:
https://trac.torproject.org/projects/tor/ticket/4286
We will include a workaround in the next release of HTTPS Everywhere, but in
the mean time, you can reenable HTTPS Everywhere but disable the Verizon
ruleset if you wish (just go to a Verizon page, click on the HTTPS Everywhere
button in the toolbar, and uncheck the Verizon ruleset).
It would also be really nice if someone could ask Verizon tech support to
remove the insecure JavaScript redirections from HTTPS to HTTP.
----- Forwarded message from "Henry S. Winokur" <henwin at verizon.net> -----
Date: Mon, 28 Nov 2011 22:35:53 -0500
From: "Henry S. Winokur" <henwin at verizon.net>
To: <https-everywhere at eff.org>
Subject: Verizon
X-Mailer: Microsoft Outlook 14.0
The software does not work correctly with Verizon's web site. Last week, I
experienced what I thought was a DDoS on Verizon.net when I tried to get on
the website, but the behavior stopped after about 24 hours-or I stopped
trying to get in to the site-I don't remember. When I tried to get into the
site again yesterday, the same thing was happening and again, I thought
Verizon was experiencing trouble. However, after talking to their tech
support just now, and also trying MS IE, and getting in, I came to the
realization that it was one of my add-ons. And the add-on that was causing
the problem-constant attempting to change to use HTTPS to access
Verizon.net, instead of using HTTP-is HTTPS Everywhere. Once I disabled
HTTPS Everywhere for Verizon's web site, then all worked as it should.
Henry S. Winokur
West Bethesda, MD
----- End forwarded message -----
--
Peter Eckersley pde at eff.org
Technology Projects Director Tel +1 415 436 9333 x131
Electronic Frontier Foundation Fax +1 415 436 9993
More information about the HTTPS-Everywhere-Rules
mailing list