TimeWarnerCable's Roadrunner Security Hole

Discussion in 'other security issues & news' started by LaFemmeMichele, Oct 29, 2006.

Thread Status:
Not open for further replies.
  1. LaFemmeMichele

    LaFemmeMichele Registered Member

    Joined:
    Sep 13, 2006
    Posts:
    142
    After spending time this past week actively reclaiming my "branded" PC--one cable giant swapped us to another--I'm left feeling violated. And I'm also left questioning our security.

    Our new login is "http" not "https". I was officially told by TWC this would remain uncorrected until the 1st or 2nd quarter of next year!

    This login utilizes the password that manages not only our webmail (I felt the necessity to delete mine), but our accounts. I need your feedback. Is this as egregious as it seems?
     
    Last edited: Oct 29, 2006
  2. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,694
    Hello,
    Login to your account management at the new cables company site?
    You mean you got an account like michele-at-twc.something and you have a web interface that allows you to manage this account, including email, and it is not secure.
    If you are keen on security, you should change a provider. As simple as that. Although I personally do not recommend using isp-provided emails, as they are usually inferior to what you can get anonymously and for free - like gmail.
    My isp offers me a lously 50MB inbox, when I have 2.7GB on gmail. I don't even care if my isp gives me http or https. Never once accessed their email.
    But account management is more serious.
    Alternatively, you can use a mail client and encrypt your emails.
    And finally, switch until you get something that meets all of your demands, after all it's your money you're paying with (hopefully).
    Mrk
     
  3. LaFemmeMichele

    LaFemmeMichele Registered Member

    Joined:
    Sep 13, 2006
    Posts:
    142
    Mrk,

    That's it exactly. The interfaces for both our webmail & account management are not "https".

    I wanted to be certain that there wasn't an alternative method TWC might employ to encrypt web traffic that was an exception to what I believed to be the rule: If there is no "s" after http it is not secure.

    Then my suspicion is correct. Our powerful new provider is indeed jeopardizing our security & privacy.
     
    Last edited: Oct 30, 2006
Loading...
Thread Status:
Not open for further replies.